So I participated in the VoIP Forensics challenge earlier this year (http://www.honeynet.org) and I could have swore I'd be at least third. How wrong I was:


My faults if I had to analyze them, is rushing through the contest. The contest was announced the 1st of June and my results were submitted 3 hours after seeing the contest: (From an email I sent to their moderators concerning my submission)


Anyhow, I will contact the staff @ Honeynet to see if I can do a write-up about the steps I took to analyze the content, tools I used, methodologies I used. AFTER my submission I did notice a "damnit can't believe I forgot that!" But, we live and we learn. Moral of this story, take your time. In a forensics examination, someone's life could potentially be in your hands. Unlike a contest you CANNOT rush through analysis', this happened to me also when I did the DC3 challenge.

For those performing or interested in performing VoIP analysis slash forensics, stay tuned. I hope to write a descriptive how-to explaining the tools I chose, why I chose them, how I used them and why some are better than others. For anyone wondering, no standard forensics tools were used (FTK, EnCase) but rather typical freely available tools.

Don, if you browse upon this thread, be advised when done (if I get the nod to write about the challenge) I will shoot you an email for the write-up.