Competition - Computer Forensic Investigation
Shortinfosec is hosting a computer forensics competition.
In the competition, you will have to analyze a submitted disk image for incriminating evidence, as per the scenario below
Scenario
The investigators suspect that the employee was doing the following illegal activities:
- Sniffing IP traffic on the network
- Creating back doors to his PC
- Stole and copied a CD-ROM with confidential content
- Downloaded copyrighted music
- Used a specific penetration tutorial document to perform most of his actions
Competition materials
Download the evidence image here (compressed as hdb1-img.rar)
- hdb1-img.rar (rar compressed disk image containing hdb1-img.dd)
- Verification sum of hdb1-img.dd:
- SHA1SUM 60642d113d40cb583df0b0654cbc83ffca63f886
Rules of the competition
- Each competitor should submit his summary report (indicating only the number of discovered evidence) as a comment to this post to establish time of solution.
- Each competitor should submit a detailed description of the utilized process of to discover the evidence in an email sent to shortinfosec _ at _ gmail dot com.
- All solutions must be submitted before midnight (CET) 20th of August 2008.
- The ultimate goal is to find one incriminating evidence for each suspicion.
- It is fully acceptable to submit a result with less evidence found, if you feel that there is no other evidence to be found or you cannot discover it.
- The incriminating evidence may be disguised (renamed, compressed).
- Each competitor can withdraw and resubmit a better evidence before the submission deadline
- You can use any type of investigative tools that you need, as long as you maintain the integrity of all evidence (proven by a SHA1 or MD5 hash). The utilised tools must be documented in the detailed submission.
Reward
- Unfortunately, there are no financial rewards to this competition.
- The first competitor to discover all evidence or the competitor who discovered the most evidence before the deadline will be the winner. His result will be presented as an analyzed solution on Shortinfosec.
- Also, if the winner owns a blog or a site it will receive a separate detailed review on Shortinfosec.
- All other submitted results, regardless of discovered evidence will be published in the results as honorable mentions, with links to their respective blogs/sites
We hope to have a good and fruitful competition
Related posts
Tutorial - Computer Forensics Evidence Collection
Tutorial - Computer Forensics Process for Beginners
Talckback and comments are for the competition
Subscribe to:
Post Comments (Atom)
10 comments:
I think i got two files man. One is an MP3 and one is some type of tutorial. Wasn't too difficult to find them, and all I used was the VDK driver http://chitchat.at.infoseek.co.jp/vmware/vdk.html and some local tools. Will send you mail with details
4 down 1 to go. Mailing you the details now. BTW I've so far managed to use just the most basic tools to add to the challenge.
3 Down, 2 to go... I think I found 2 items connected to the same criminal action. Sending you the details now
Found 1 of 5. Tutorial manual.
Found partial 2 out of 5 Sniffing Prog found.
I found evidence for all five scenarios. Email sent last night at 1.11AM PST.
TJS
I found 4 out of 5. Email being sent to you now.
5 of 5
Well done forensic image. A handful of easily found distractions may be misdirecting some participants. Close inspection using other than simple tools reveals more damning evidence than the easily spotted distractions.
Hellow !
Have you a software which can open .dd whitout install it on the harddrive like Vmware but free ?
Thanks a lot
Find 5 evidence, i think.
Sent email with doc attached.
Snip.
Post a Comment