# Magnet CTF Week 0 ## Magnet CTF Challenge Week 0 writeup This challenge requires the following Android image; This image will be processed with Magnet AXIOM on a Windows 10 workstation. Follow your standard naming convention and folder structure. I'll be placing my data in the following locations; C:\DF\CTF\MagnetWeeklyCTF\CaseFiles\ C:\DF\CTF\MagnetWeeklyCTF\EvidenceFiles The process of creating a case, adding evidence, and processing/ingesting it is fairly straight forward so I won't be going into a great deal of detail for this particular CTF. The answers/weekly write-ups won't be published prior as soon as they are completed. They will be posted approximately 1 week after the CTF round has finished. 1. **Create a case in Magnet AXIOM and complete case details** ![](https://3710248095-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAcqFKR60dGwoJxmUG5%2F-MIiubpG5Oidnai4Bp85%2F-MIivOata7D6k6qB68Qv%2Fimage.png?alt=media\&token=2c8952b7-9158-489e-9255-e79073f90e05) 1. **Select 'MOBILE'** ![](https://3710248095-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAcqFKR60dGwoJxmUG5%2F-MIiubpG5Oidnai4Bp85%2F-MIiva4mncRyyl-hLApc%2Fimage.png?alt=media\&token=a6bf1e1b-32f9-47c5-ae29-7b0752d85ab3) 1. **Select ANDROID** ![](https://3710248095-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAcqFKR60dGwoJxmUG5%2F-MIiubpG5Oidnai4Bp85%2F-MIivkAom_HKdXTyE9_D%2Fimage.png?alt=media\&token=b4a5541a-4010-45a6-8554-871919c9df5c) **4. Load Evidence** ![](https://3710248095-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAcqFKR60dGwoJxmUG5%2F-MIiubpG5Oidnai4Bp85%2F-MIivredbkibJJ2-jEts%2Fimage.png?alt=media\&token=32de8af5-c30e-4ac4-be4d-8799456cca16) **5. Select 'image'**\ (The .tar archive is an Android backup and treated differently to a folder of loose files/folders) ![](https://3710248095-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MAcqFKR60dGwoJxmUG5%2F-MIiubpG5Oidnai4Bp85%2F-MIiw6whVc9x8F2gb-JI%2Fimage.png?alt=media\&token=d34ffc35-e44a-4ee9-991f-70e84c1da624) **6. Verify the .tar archive has been identified correctly and the device's folder structure can be viewed.** Let AXIOM do its thing and come back later.