For this challenge, we are given a ZIP archive containing a Mozilla Firefox memory dump.
We unzip the archive and search the printable text for our flag:
[ [email protected]: ~/csaw/forensics100 ]$ unzip firefox.mem.zip Archive: firefox.mem.zip inflating: firefox.mem creating: __MACOSX/ inflating: __MACOSX/._firefox.mem [ [email protected]: ~/csaw/forensics100 ]$ strings firefox.mem | grep flag{ ZZZZZZZZflag{cd69b4957f06cd818d7bf3d61980e291} [ [email protected]: ~/csaw/forensics100 ]$
We locate our flag: flag{cd69b4957f06cd818d7bf3d61980e291}.