Bitlocker-2

Description: Jacky has learnt about the importance of strong passwords and made sure to encrypt the BitLocker drive with a very long and complex password. We managed to capture the RAM while this drive was opened however. See if you can break through the encryption!
Difficulty: Medium

🔎 Solution

The simplest way to tackle challenges involving memory dump files is to run the strings command and search for the keyword picoCTF - this often leads directly to the flag.

┌──(kali㉿kali)-[~/Desktop]
└─$ strings memdump.mem| grep "picoCTF"                
picoCTF{B1tl0ck3r_dr1v3_d3crypt3d_9029ae5b}

Alternatively, you can take a more advanced approach by analyzing the memory dump with Volatility, potentially using it alongside the BitLocker plugin for deeper insights.

🚩Flag

picoCTF{B1tl0ck3r_dr1v3_d3crypt3d_9029ae5b}

🔎 Solution​

🚩Flag​

🔎 Solution

🚩Flag