Point : 300
We receive an E01 file. So we google the file extension, it is E01 files that have been created by EnCase.
When EnCase is used to image a hard drive, CD, or USB drive it produces an image file(s), these files are known as “E01” files, as this is the extension of the primary EnCase image file. The file name is provided by the users, e.g Drive1, A001, but the extension is automatically named E01.Aug 10, 2008
https://whereismydata.wordpress.com/2008/08/10/e01-files/
Use EnCase to open the file and got this information.
and then mount it. Using AccessData FTK Imager to search "important" things.
So after mount it, open the mounted disk, and search for everything. Found IMPORTANT.txt at E:\WINDOWS\Desktop
Open that text file and found sentence that make us curious, "AND LOOK AT DOOM".
At the Desktop we can see there is doom file. So open the doom file and search anything that can help us get the flag. Back to the description, there is a hint "concat" so it means the flag must be in seperate file or anything that we need to use concat to get the flag.
Open and open the files, we found 6 files (DOOMSAV0.DSG, DOOMSAV1.DSG.....) that have "malay" words at every first sentence. So we combine all those words from files and got the flag.
Flag : SAYARASAMACAMHIDUPTAHUN1998