Kill.the.plumber.zip ... | File:

binwalk , strings , Autopsy or FTK Imager , Wireshark (if PCAPs are included), and ExifTool . 2. Initial Analysis

Depending on the specific CTF platform, the "flag" is usually hidden in one of the following ways: File: Kill.The.Plumber.zip ...

Run file Kill.The.Plumber.zip to confirm it is a standard ZIP archive. binwalk , strings , Autopsy or FTK Imager

Unzipping the file often reveals several folders, such as /levels , /assets , or /src . 3. Forensics Investigation Steps Autopsy or FTK Imager

Run binwalk -e Kill.The.Plumber.zip to see if there are images or documents hidden within other files (a file within a file).