Note any interesting plain-text strings or metadata found that provided clues. 3. Methodology & Steps
If the flag was encoded, explain the decoding process (e.g., Base64, Hex-to-Decimal, or custom scripts). 4. Conclusion & Flag FA2017-002.rar
Describe the first steps taken, such as checking file headers or using the file command to verify if it is actually a RAR archive or a mislabeled file (e.g., a PNG disguised as a RAR). Note any interesting plain-text strings or metadata found
(e.g., Forensics, Reverse Engineering, Steganography) For example, if you used Autopsy to search
Detail the process of finding the hidden data. For example, if you used Autopsy to search slack space or strings/grep to find a hidden flag.
State the final result or flag found (e.g., CTF{example_flag_value} ).
List the software employed (e.g., binwalk , Wireshark , exiftool , strings , hex editor ). 2. Initial Analysis