Rating: 2.0
## Solution Steps
* Download the donnie.E01 file and acknowledge that it is an EnCase forensics disk image file based on its file extension, which can be opened in the popular digital forensics tool [Autopsy](https://www.autopsy.com/).
* After opening the image in Autopsy, there are a few things that you can type in the Keyword Search box to try to find the flag. This includes `jctf`, `flag.txt`, or `cure`, which are all based on the provided description breadcrumbs.
* The flag will be revealed in these files: `Q`, `Unalloc_197938_603865088_6428164096`, and `swapfile`.
* Flag: `jctf{the_cure_is_in_your_heart_<3}`
## Knowledge and/or Tools Needed
* [MITRE ATT&CK® Technique T1005 - Data from Local System](https://attack.mitre.org/techniques/T1005/)
* [MITRE ATT&CK® Technique T1485 - Data Destruction](https://attack.mitre.org/techniques/T1485/)
* [Autopsy](https://www.autopsy.com/)
