#10 – Chip Forensic
To solve this task we have something like this (original image is lost)
and hex string:
0B 12 0F 0F 1C 4A 4C 0D 4D 15 12 0A 08 15.
What we see on image? Some USB device. Those who have seen them on ebay or on other sites knows that it is USB-keylogger. If you see them for first time use image search(e.x. tineye.com) or just guess.
Well, now we know it is keylogger. So hex string might be a log of USB-keyboard protocol. But organizators have simplified this task(. They put in hex string only scan-codes without synchronization signals. So just use table of USB-keyboard scan-codes.
So “JOLLYROGER” was typed.