DefCon CTF 2007 Prequalifications　fore300の問題　その２

てっし−さめのとこに紹介されてる方法でやってみた。
これ、かなりショックだw　この方法スマートすぎる・・・。
http://d.hatena.ne.jp/tessy/20070618/1182160587

foremostを使用した例
http://foremost.sourceforge.net/
    
        This process is commonly referred to as data carving.
 Foremost can work on image files, such as those generated by dd, Safeback, Encase, etc, or directly on a drive. 
    
ファイルの解凍までは同じ。
MAKEはMACだと。make mac & make macinstall
    
        luffy-no-power-mac-g5:~/Documents/TOOL/foremost-1.5 luffy$ make mac
gcc -Wall -O2 -DVERSION=\"1.5\" -D__UNIX -D__MACOSX -c main.c
gcc -Wall -O2 -DVERSION=\"1.5\" -D__UNIX -D__MACOSX -c state.c
gcc -Wall -O2 -DVERSION=\"1.5\" -D__UNIX -D__MACOSX -c helpers.c
gcc -Wall -O2 -DVERSION=\"1.5\" -D__UNIX -D__MACOSX -c config.c
gcc -Wall -O2 -DVERSION=\"1.5\" -D__UNIX -D__MACOSX -c cli.c
gcc -Wall -O2 -DVERSION=\"1.5\" -D__UNIX -D__MACOSX -c engine.c
gcc -Wall -O2 -DVERSION=\"1.5\" -D__UNIX -D__MACOSX -c dir.c
gcc -Wall -O2 -DVERSION=\"1.5\" -D__UNIX -D__MACOSX -c extract.c
gcc -Wall -O2 -DVERSION=\"1.5\" -D__UNIX -D__MACOSX -c api.c
gcc -Wall -O2 -DVERSION=\"1.5\" -D__UNIX -D__MACOSX main.o state.o helpers.o config.o cli.o engine.o dir.o extract.o api.o -o foremost 

luffy-no-power-mac-g5:~/Documents/TOOL/foremost-1.5 luffy$ sudo make macinstall
install -m 755 foremost /usr/local/bin/
install -m 444 foremost.1 /usr/share/man/man1/
install -m 444 foremost.conf /usr/local/etc/
luffy-no-power-mac-g5:~/Documents/TOOL/foremost-1.5 luffy$ ./foremost forensics300-e130c3621118e4b891fbceb67e2c94cc.dd 
Processing: forensics300-e130c3621118e4b891fbceb67e2c94cc.dd

    
    *
    

    
outputフォルダにaudit.txtができる
    
        luffy-no-power-mac-g5:~/Documents/TOOL/foremost-1.5/output luffy$ ls
audit.txt

・audit.txtファイル内
luffy-no-power-mac-g5:~/Documents/TOOL/foremost-1.5/output luffy$ cat audit.txt 
Foremost version 1.5 by Jesse Kornblum, Kris Kendall, and Nick Mikus
Audit File

Foremost started at Mon Jun 18 22:40:03 2007
Invocation: ./foremost forensics300-e130c3621118e4b891fbceb67e2c94cc.dd 
Output directory: /Users/luffy/Documents/TOOL/foremost-1.5/output
Configuration file: /Users/luffy/Documents/TOOL/foremost-1.5/foremost.conf

































































































































-
































































File: forensics300-e130c3621118e4b891fbceb67e2c94cc.dd
Start: Mon Jun 18 22:40:03 2007
Length: Unknown
 
Num      Name (bs=512)         Size      File Offset     Comment 

0:      00008320.pdf          33 KB         4259840      
1:      00046880.pdf          33 KB        24002560      
Finish: Mon Jun 18 22:40:17 2007

2 FILES EXTRACTED

pdf:= 2

































































































































-
































































Foremost finished at Mon Jun 18 22:40:17 2007

    
PDF抽出
    
        luffy-no-power-mac-g5:~/Documents/TOOL/foremost-1.5 luffy$ ls output/pdf 
00008320.pdf    00046880.pdf