Introduction to Forensics
Author(s): a_person
Last Updated: 07-29-2025
Recommended Prerequisites (click to expand)
None
Note
This article is for easy FQs as well as advice for practicing.
What are forensics questions?
Forensics Questions are questions that ask about the current system or general information that has some relationship to the current system. These can ask you anything from CVEs, finding backdoors on the current machine, or reversing a binary. They can also include file attachments which include, but are not limited to: network captures, images, and zip files. They are usually located on the Desktop.
Why do we do forensics questions?
The skills developed through forensics are fundamental to the field of Incident Response (IR), a vital part in cybersecurity. Professionals use these techniques to investigate security breaches, understand an attacker's methods, and gather digital evidence.
What can I use for extra practice?
CTFs, practice images, and Hack the Box are great for Forensics practice. Here are some websites you can use to practice them:
- https://picoctf.org/
- https://github.com/alphyos/CyberStart-2024
- https://imaginaryctf.org/
- https://images.cypat.guide
- https://www.hackthebox.com/
Practice!
These are questions more on the researching side. Know that there are forensics questions dedicated to the machine rather than researching.
Find the CVEs fixed in Notepad++ v8.5.7
Fixed CVEs: CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166
Reference:
Notepad++ v8.5.7 Release Notes
Decode the encrypted message: 5a 47 39 75 61 32 56 35 49 47 6c 7a 49 47 35 76 64 43 42 7a 61 32 6c 69 61 57 52 70
Decoded: donkey is not skibidi
You can decode it by decoding from hex, then decoding the result from Base64.
What is the PowerShell command to get the hash of a file?
Command: Microsoft Docs - Get-FileHashGet-FileHash
Documentation:
Publication timestamp (ISO 8601) for CVE-2025-4561
Timestamp: 2025-05-12T06:44:29.959Z
Source:
CVE Record on GitHub