Tags: forensics
Rating:
# 2020 Defenit CTF - What Browser do I use
>###### tags: `forensics`
>[name=whysw@PLUS]
## Attachments
- problem
- [Image](https://drive.google.com/drive/folders/1oQYvJnbOou5TUXaV1ApoQnP6S_Vj8pbI)
## Challenge
Find the version of the hacker's default browser!
## Solution
### Find default browser
using FTK imager, found
`/Users/secre/NTUSER.DAT`
using registry viewer, found that
`/Software/Microsoft/Windows/Shell/Associations/UrlAssociations/http/UserChoice/ProgId`
is **`ChromeHTML`**.
---
### Find the version of Chrome
using FTK imager, found
`/Program Files (x86)/Google/Chrome/Application/83.0.4103.61` folder.
send `83.0.4103.61` to server and got the flag.
FLAG : `Defenit{Th1s_15_Chr0m3_Br0w53r!!}`