Cyber Investigator CTF is a jeopardy style CTF organized by Cyber Security Society of Cardiff University. This CTF is tailored towards enthusiast in OSINT (Open-Source Intelligence), Threat Intelligence, digital forensics, and more. In this writeup, I'll be explaining the Crime Scene Investigation section challenges.

oink

In this challenge, we are given an image containing a ciphertext. To decipher it, we first need to identify the cipher type. A quick search using Google's image search feature reveals that it's a Pigpen cipher.

With this knowledge, we now can proceed to decode the message by inputting the image into an online decoder, which will reveal the hidden flag.

spintowin

We are provided with the following ciphertext: "Yheehp max fhgxr", with a key of "45". I hypothesized that this might be a Caesar cipher. After applying the Caesar cipher decryption with the given key, we successfully revealed the hidden text.

gonemissing

Our task in this challenge is to locate the brand of a person's jacket when he was last seen. We have been provided with a case reference number: "15-007500". Searching "missing persons search uk" will lead us to this website. A single result will show up after searching the reference number in that website.

restinpeace

In this challenge, we're tasked to find the presumed date of death for a person named "Ms. Doris Ellen Smith", who was discovered deceased in Glasgow, Scotland. Our search begins with her name, which leads us to a website. After exploring the website and attempting various searches, using both the name and other related keywords, we come across a Surrey County Council library card associated with her. With this discovery, we can narrow our search by focusing on the Surrey, England area. Here, we search specifically for information related to deaths, burials, cemetery records, and obituaries. Among the results, we found a correct one.

urbanplanners

We are tasked to track down a suspect who threw a petrol bomb at a construction site located at "40 Heol-Y-Deri, Rhiwbina, Cardiff, CF14 6HH" in this challenge. To find the culprit, we begin our investigation by searching for information related to the construction site's planning applications. Initially, we come across a website that, while not particularly useful, contains important planning application data.

We then searched "cardiff planning" on Google, which leads us to another website. The website redirects us to a different website. On the redirected site, searching for the specific planning application associated with the targeted address yields one result.

Upon examining the property's history, an intriguing planning application that was refused was found.

After taking a closer look at the refused planning application, we discovered a crucial piece of information in the "comments" tab.

There it is, the flag!

discharged

We are given an image with two evidences in this challenge.

The first clue is a piece of text. With ChatGPT’s help, we discovered the source of the text:

We then move on to the second evidence: a picture of a broken thumb. We then tried searching for "macbeth broken thumb", which leads us to several articles. Reading these articles gives us the name of the witness A.K.A the flag.

burningrubber

Our task in this challenge is to figure out how much a car was overweight during an accident caused by a tire blowout. Here's some key informations that I've collected:

1. Car weight: 2200 kg

2. Driver weight: 85 kg

3. Cargo weight: 160 kg per cargo

4. Number of cargo units: 3 units

5. Tire profile: 205/55 R16 91V

We first must find the maximum load capacity of the car's tires. By searching for "tire profile load calculator" on Google, we come across a website that allows us to input the load index, which in our case is 91.

Using the load index information, we calculate the maximum load capacity for all four tires: 4 * 615kg = 2460kg. Next, we calculate the total weight of the car, including the driver and cargo: 2200kg + 85kg + 160kg * 3 = 2765kg. Finally, we subtract the car's weight from the total tire maximum load in kilograms to get our answer.

jigsaw

The challenge here is to piece together 100 scrambled image fragments to form a complete picture. Since we're trying to identify the person, we can reconstruct just the face.

With the face now reconstructed, we can find the person's name using Google Lens.