---
name: pentest-ctf-forensics
description: Digital forensics, steganography, and packet analysis for CTF challenges and investigation.
---

# Pentest CTF Forensics

## Purpose
Extract hidden information from various artifacts: memory dumps, network captures (PCAP), images, and disk images.

## Core Workflow
1. **File Analysis**: Identify file type, metadata, and embedded strings using `file`, `exiftool`, and `strings`.
2. **Steganography**: Detect and extract hidden data in images/audio using `steghide` and `stegsolve`.
3. **Network Forensics**: Analyze PCAP files for suspicious traffic and flag transmission using `wireshark` or `tshark`.
4. **Memory Forensics**: Analyze memory dumps for processes, connections, and injected code using `volatility`.
5. **Data Extraction**: Carve files and recover deleted data using `foremost` and `binwalk`.

## References
- `references/tools.md`
- `references/workflows.md`