Digital Forensics:OXYGEN FORENSICS CTF
วันนี้มาแนะนำการแข่งขัน OXYGEN FORENSICS CTF ซึ่งจัดโดยบริษัท OXYGEN FORENSICS เป็นโซลูชันด้านนิติวิทยาศาสตร์ ที่ใช้งานง่ายและมีประสิทธิภาพซึ่งช่วยลดความซับซ้อนและเร่งขั้นตอนการสืบสวนทางดิจิทัล โดยกิจกรรมจะเปิดและปิดเป็นช่วง May 2022 #OXYGEN FORENSICS
OXYGEN FORENSIC® CERTIFICATION
OXYGEN FORENSICS CTF Writeup
Once you have imported the extractions, please review the data, and answer the following questions:
1: Create a case in OFD and name it: Facial Recognition CTF. From the folder provided to you named 2022-03-22 13-53-10 000000001206, pull the Device.ewc into your new Facial Recognition CTF Case. Run OCR on this dataset. Select Faces on the device level. In column 1 filter settings, deselect the option for "Male" under sex and deselect "None" under the accessories tab (Leave all other boxes checked). Mark the image of the female wearing a white shirt and sunglasses as key evidence. Create and add a blue tag for the photo named "Captured Flag." Add a note to the photo that says ("The answer to question #1)
2: Create a new Face Set to Search against using the "Dream Team" Face Set provided for you. Label the Face Set "Face Set 1". Set your minimal similarity threshold to 99% and search Face Set 1 against the contents of the storage device. Mark the image with the 99% similarity rating (from the storage device) as key evidence. Create and add a blue tag to the same image and name the tag "Captured Flag." Add a note to the photo that says ("The answer to question #2)
3: With your minimal similarity threshold set to 20%, find the five images OFD found when searching the device contents against the target face: MV5BMTQ5NTUzNDE5OV5BMl5BanBnXkFtZTgwMjAwOTE1MDE@._V1_.jpg? Mark each of the five images from the device contents as key evidence. Create and add a blue tag for each of the five images named "Captured Flag." Add a note to each of the five images that say ("The answer to question #3)
4. With your minimal similarity threshold set to 97%, find the image OFD found within the storage device when searching the device contents against the target face: ee0dc542f1558c7d003131cdf6f4161e.jpg that had a 97.2 % similarity rating. Create and add a blue tag to the same image and name the tag "Captured Flag." Add a note to the image that says ("The answer to question #4)
5: Clear your search history for Face Set 1. Create a new Face Set to Search against using the "Players" Face Set provided for you. Label the Face Set "Face Set 2". Select 100% Minimal similarity rating. Notice 270 images have a similarity rating of 100%. Mark image 106218751-1572883641328david.jpg as key evidence. Create and add a blue tag to the same image and name the tag "Captured Flag." Add a note to the image that says ("The answer to question #5)
6: Clear your search history for Face set 2. Exit out of the Search Section and select Faces under analytics. In column 1 filter settings, deselect the option for "Male" under sex and choose 70+ under the age category (Leave all other boxes checked aside from age). Select the three images OFD has identified as being a female 70+ years old. Mark each image as key evidence. Create and add a blue tag to the same image and name the tag "Captured Flag." Add a note to the image that says ("The answer to question #6).
7: Select Faces under analytics. In column 1 filter settings, deselect the option for "Female" under sex, choose 70+ under the age category, and select white under race (Leave all other boxes checked except for race and age). Select the three images OFD has identified as being a white male 70+ years old. Mark each image as key evidence. Create and add a blue tag to the same image and name the tag "Captured Flag." Add a note to the image that says ("The answer to question #7).
8: Select the search section in analytics. Conduct a search using Face sets (Face Set 1) and search against the contents of the storage device with a minimal similarity setting of 70%. Find the photo from the storage device that has a 70.4% similarity rating when searched against Face Set 1. Mark the image as key evidence. Create and add a blue tag to the same image and name the tag "Captured Flag." Add a note to the image that says ("The answer to question #8).
9: Clear your search history for Face Set 1. Conduct a Search using Face Set 2 and search against the contents of the storage device with a minimal similarity setting of 100%. Find the photo of the white male wearing a white headband. Mark the image as key evidence. Create and add a blue tag to the same image and name the tag "Captured Flag." Add a note to the image that says ("The answer to question #9)
10: Conduct a Search using Face Set 2 and search against the contents of the storage device with a minimal similarity setting of 100%. Find the photo of the white male with spiked blonde hair, wearing white sunglasses on his forehead. This man is wearing a blue shirt, has a goatee, and is smiling. Mark the image as key evidence. Create and add a blue tag to the same image and name the tag "Captured Flag." Add a note to the image that says ("The answer to question #10)
Click https://oxygenhq.synology.me:51518/sharing/jGdoEZ8v4
link to open resource.
Oxygen Forensic Certification
เมื่อท่านเข้าร่วมการแข่งขัน CTF และส่งคำตอบตามเวลาที่กำหนดท่านจะได้รับใบประกาศจาก บริษัท OXYGEN FORENSICS 
* หากมีข้อมูลข้อผิดพลาดประการใด ขออภัยมา ณ ที่นี้ด้วย รบกวนแจ้ง Admin เพื่อแก้ไขต่อไป
ขอบคุณครับ
