In reality, those rare few cases with good forensic evidence are the ones that make it to court.


After extracting the file from the archive, I checked its signature first.

It is a DOS/MBR boot sector file. Since the challenge name is Dig_Deep, I used foremost directly instead of mounting the boot sector.

So, we found a zip file. Let’s extract it.

Yay, we now have a git repository. Let’s check its history.

Here we got the flag xiomara{wow_autopsy_&_git_is_cool}.