DISKO 1

This CTF is a classic forensics problem. But what exactly is forensics? Forensics challenges involve looking at objects (like binaries, disks, images, etc.) to find secret information.

DISKO 1 involves downloading a disk image and finding a secret flag from it. What's a disk image you may ask? A disk image is simply a copy of data on a storage device. It may include files, directories, and sometimes even hidden plain text.

First download the image. The ending .dd.gz suggests that it's a compressed disk file using gzip. We can unzip it using gunzip. The hint says "Maybe Strings could help?" This probably implies that we'll be using the strings command. This command pulls printable ASCII strings from a binary file, which is perfect, because if we were to open the disk image it would mostly be nonsense (binary characters; not very helpful).

We have two commands we could run. Since we know we're looking for picoCTF..., we could simply call:

strings disko-1.dd | grep picoCTF

This command basically says, "print out all the text from disko-1.dd disk image and parse it's output as an input for grep picoCTF (that's what that | does; search "pipe shell" for more) where grep will match the pattern specified (picoCTF)."

We could also use

strings disko-1.dd | less

and search for picoCTF by typing /picoCTF. less is a pager to let you scroll through the output screen by screen.

Either one should get you your flag.