Tags: forensics 

Rating:

# 2020 Defenit CTF - What Browser do I use
>###### tags: `forensics`
>[name=whysw@PLUS]
## Attachments
- problem
- [Image](https://drive.google.com/drive/folders/1oQYvJnbOou5TUXaV1ApoQnP6S_Vj8pbI)

## Challenge
Find the version of the hacker's default browser!

## Solution
### Find default browser
using FTK imager, found
`/Users/secre/NTUSER.DAT`

using registry viewer, found that
`/Software/Microsoft/Windows/Shell/Associations/UrlAssociations/http/UserChoice/ProgId`
is **`ChromeHTML`**.

---
### Find the version of Chrome
using FTK imager, found
`/Program Files (x86)/Google/Chrome/Application/83.0.4103.61` folder.

send `83.0.4103.61` to server and got the flag.

FLAG : `Defenit{Th1s_15_Chr0m3_Br0w53r!!}`

Original writeup (https://hackmd.io/@whysw/SyAeLRQ6U).