Posted on by and filed under CSAW 2014.

For this challenge, we are given a ZIP archive containing a Mozilla Firefox memory dump.

The challenge

We unzip the archive and search the printable text for our flag:

[ [email protected]: ~/csaw/forensics100 ]$ unzip firefox.mem.zip
Archive:  firefox.mem.zip
  inflating: firefox.mem
   creating: __MACOSX/
  inflating: __MACOSX/._firefox.mem
[ [email protected]: ~/csaw/forensics100 ]$ strings firefox.mem | grep flag{
ZZZZZZZZflag{cd69b4957f06cd818d7bf3d61980e291}
[ [email protected]: ~/csaw/forensics100 ]$

We locate our flag: flag{cd69b4957f06cd818d7bf3d61980e291}.