Challenge 11, Part 1: What is the IPv4 address that myaccount.google.com resolves to?

I was able to find this pretty quick going back to last week’s artifacts. In week 10, I used bulk_extractor to carve a PCAP out of the memory image.

Opening the same PCAP file I applied a String filter for ‘myaccount’.

Wireshark viewing PCAP carved from Memory

In the highlighted row we can see a DNS resolution for myaccount.google.com coming back as 172.217.10.238. [Flag 1]

Challenge 11, Part 2: What is the canonical name (cname) associated with Part 1?

Scrolling further to the right on the same entry, we see that the CNAME for myacccount.google.com was www3.l.google.com. [Flag 2]