The good folks at Magnet Forensics are hosting a weekly CTF challenge for anyone interested. More details on registration and scoring here. It kicked off this week with a question from Jad.
Challenge 1 (OCT 5-11) - Mapping the Digits (20)
What time was the file that maps names to IP's recently accessed? (Please answer in this format in UTC: mm/dd/yyyy HH:MM:SS)
As part of the Magnet User Summit CTF from the summer, I had already come across this file so I almost instantly knew where to look. The file of interest is at the following path:
MUS_Android.tar\data\adb\modules\hosts\system\etc\hosts
This file is home to IP addresses and hostnames useful for redirection on a mobile device.
This file is the file that tells your OS what path a given domain has. You can, for example, map example.com to go to a specific IP address, similar to how DNS works for most domains. - The Polyglot Developer
As you can see in the screenshot below, the modified date shows the file was changed on 2020-03-05 05:50:18.
 |
| Screenshot out of Magnet AXIOM |