Forensic Fox

@forensicfox

CTFProfile: 6b51ca08-d925-49aa-aa48-a7f244e5ae37

CTFd: forensicfox

GitHub Discord: forensicfox#9001

GitHub: https://github.com/forensicfox Discord: forensicfox#9001

Blue-team player moonlighting in red-team CTFs. Memory forensics is the real game.

Competition stats

2 CTF entries

5 Challenge solves

900 Total points

1 Writeups published

Career stats

2Events Played

1Podium Finishes

900Career Points

5Career Solves

3Career First Bloods

#3Best Finish

Red Wire CTF 2025Best Event

100%Consistency Rating

Performance stats

5Total Solves

900Total Points

100%Solve Rate

22.1 hrAverage Solve Time

27.0 hrMedian Solve Time

3First Bloods

5Unique Solves

4Late-Game Solves

Category breakdown

Category	Solves	Points
Forensics	3	750
Misc	2	150

Work role alignment & specialty area coverage

Derived from NICE TKSAs mapped to solved challenges.

PROTECTION and DEFENSE 45%

INVESTIGATION 29%

OVERSIGHT and GOVERNANCE 17%

DESIGN and DEVELOPMENT 7%

IMPLEMENTATION and OPERATION 2%

PROTECTION and DEFENSE 4 roles · 26 challenge hits

45%

Challenge category breakdown

Forensics

Digital Forensics PD-WRL-002

9 TKSAs

Incident Response PD-WRL-003

3 TKSAs

Defensive Cybersecurity PD-WRL-001

2 TKSAs

Infrastructure Support PD-WRL-004

2 TKSAs

INVESTIGATION 2 roles · 17 challenge hits

29%

Challenge category breakdown

Forensics

Digital Evidence Analysis IN-WRL-002

10 TKSAs

Cybercrime Investigation IN-WRL-001

1 TKSA

OVERSIGHT and GOVERNANCE 4 roles · 10 challenge hits

17%

Challenge category breakdown

Forensics

Communications Security (COMSEC) Management OG-WRL-001

2 TKSAs

Systems Security Management OG-WRL-014

2 TKSAs

Cybersecurity Legal Advice OG-WRL-006

1 TKSA

Product Support Management OG-WRL-009

1 TKSA

DESIGN and DEVELOPMENT 1 role · 4 challenge hits

Challenge category breakdown

Forensics

Technology Research and Development DD-WRL-008

2 TKSAs

IMPLEMENTATION and OPERATION 1 role · 1 challenge hit

Challenge category breakdown

Forensics

Technical Support IO-WRL-007

1 TKSA

NICE/NIST framework skills

Code	Title	Type	Solves	Points
T1370	Collect intrusion artifacts	Task	2	400
T1323	Analyze network traffic associated with malicious activities	Task	2	550
T1103	Analyze intrusions	Task	2	550
K0725	Knowledge of incident response tools and techniques	Knowledge	1	200
K0724	Knowledge of incident response principles and practices	Knowledge	2	550
S0599	Skill in performing memory dump analysis	Skill	1	350
K0809	Knowledge of digital forensics data characteristics	Knowledge	2	550
K0696	Knowledge of digital forensic data principles and practices	Knowledge	2	550
T1301	Report forensic artifacts indicative of a particular operating system	Task	1	200
T1207	Collect documentary or physical evidence of cyber intrusion incidents, investigations, and operations	Task	1	200

Published writeups

Memory Lane — Reconstructing Attacker TTPs from a Volatility Dump Red Wire CTF 2025 · Memory Lane

Full walkthrough from image acquisition to lateral movement timeline using Volatility 3. · 3 votes