Barry left a packet capture in the case folder. No note, which from Barry is itself a note: it means the file speaks for itself.
$ capinfos 05-capture.pcap
File type: Wireshark/tcpdump - pcap
Number of packets: 87
Capture duration: 51.583 seconds
The suspect authenticated to his own vault service during the window the Bureau was watching. The service never sends a password in the clear, but it does send a hash of it during the handshake.
Reassemble the relevant stream and extract the authentication hash.
Submit the hash exactly as it appears.
◆ Input solution
Copy this code to back up or transfer your progress.
Paste a progress code to restore it. This overwrites current progress.
Permanently clears all progress on this browser.