CTFtime.org / UMDCTF 2021 / Phillip 2 / Writeup

Tags: volatility forensics email

Rating:

* Volatility process list will show Thunderbird
* Dump Thunderbird files
* Parse Thunderbird files
* Extract attachment and use password in email data to unlock for flag

Original writeup (https://rainbowpigeon.netlify.app/posts/umdctf-2021/#phillip-2).

Phillip 2

Comments

Sign in with