Soal forensik pembuka final Gemastik XII di Telkom University. Poin 200
Intro
File yang diberikan berupa
$ file forensic.img
forensic.img: data
TLDR
- Perbaiki file
- Mount file
- Get the flag
Full Steps
File forensic.img perlu diperbaiki terlebih dahulu agar dapat dilakukan mounting dengan menggunakan fsck
$ fsck.ext2 forensic.img
e2fsck 1.44.5 (15-Dec-2018)
ext2fs_open2: Bad magic number in super-block
fsck.ext2: Superblock invalid, trying backup blocks...
forensic.img was not cleanly unmounted, check forced.
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
Free blocks count wrong for group #0 (7975, counted=7711).
Fix<y>? yes
Free blocks count wrong for group #1 (1844, counted=940).
Fix<y>? yes
Free blocks count wrong (9819, counted=8651).
Fix<y>? yes
Free inodes count wrong for group #0 (1269, counted=1268).
Fix<y>? yes
Free inodes count wrong for group #1 (1280, counted=1224).
Fix<y>? yes
Directories count wrong for group #1 (0, counted=1).
Fix<y>? yes
Free inodes count wrong (2549, counted=2492).
Fix<y>? yes
forensic.img: ***** FILE SYSTEM WAS MODIFIED *****
forensic.img: 68/2560 files (77.9% non-contiguous), 1589/10240 blocks
File forensic.img telah berhasil diperbaiki
$ file forensic.img
forensic.img: Linux rev 1.0 ext2 filesystem data, UUID=5424215a-8103-4a3d-8687-b4ed6f74fef2 (large files)
Kemudian file forensic.img di-mount
$ mkdir mont
$ mount -o loop forensic.img mont/
$ cd mont/
$ ls
accordion lost+found wkwkwkw
Flag ditemukan di
accordion/image_0017.jpg
Flag
gemastik12{Disk_forensic_is Eazy}
References
Rant
Saya benci cheese kimbap