VoIP Forensics failure(s)



User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Sat Jul 24, 2010 1:10 pm

VoIP Forensics failure(s)

So I participated in the VoIP Forensics challenge earlier this year (http://www.honeynet.org) and I could have swore I'd be at least third. How wrong I was:

With your score of 57, you came into position 7. You placed into the top third. With the many great submissions and the competitive field, this is a great accomplishment. Congratulations.

Below you will find your score per answer:
    Answer 1.1 (1point): 1 points
    Answer 1.2 (1point): 1 points
    Answer 1.3a (1point): 1 points
    Answer 1.3b (1point): 1 points
    Answer 1.3c (2points): 2 points
    Answer 1.4a (2points): 2 points
    Answer 1.4b (6points (2 each)): 6 points
    Answer 1.5 (1point): 1 points
    Answer 1.6 (3points): 3 points
    Answer 1.7 (5points): 4 points
    Answer 1.8a (3points): 3 points
    Answer 1.8b (3points): 3 points
    Answer 2.1 (4points): 4 points
    Answer 2.2a (1points): 1 points
    Answer 2.2b (1points): 0 points
    Answer 2.3 (2points): 2 points
    Answer 2.4 (2points): 2 points
    Answer 2.5a (10points): 10 points
    Answer 2.5b (3points): 3 points
    Answer 2.5c (2points): 2 points
    Answer 2.6 (3points): 1 points
    Answer 3.1 (2points): 2 points
    Answer 3.2 (2points): 1 points
    Answer 3.3 (2points): 1 points

My faults if I had to analyze them, is rushing through the contest. The contest was announced the 1st of June and my results were submitted 3 hours after seeing the contest: (From an email I sent to their moderators concerning my submission)

I submitted my files approximately two minutes ago (06/01/2010 4:34PM
EST) and just wanted confirmation they went through. ...

Anyhow, I will contact the staff @ Honeynet to see if I can do a write-up about the steps I took to analyze the content, tools I used, methodologies I used. AFTER my submission I did notice a "damnit can't believe I forgot that!" But, we live and we learn. Moral of this story, take your time. In a forensics examination, someone's life could potentially be in your hands. Unlike a contest you CANNOT rush through analysis', this happened to me also when I did the DC3 challenge.

For those performing or interested in performing VoIP analysis slash forensics, stay tuned. I hope to write a descriptive how-to explaining the tools I chose, why I chose them, how I used them and why some are better than others. For anyone wondering, no standard forensics tools were used (FTK, EnCase) but rather typical freely available tools.

Don, if you browse upon this thread, be advised when done (if I get the nod to write about the challenge) I will shoot you an email for the write-up.



Posts: 1

Joined: Sun Jun 03, 2012 7:38 am

Post Sun Jun 03, 2012 7:44 am

Re: VoIP Forensics failure(s)

Hi Sil,
i was wondering what are the tools that can be used for VOIP forensics other than FTK and Encase? I have a project regarding the topic mentioned, and unfortunately i haven't found any logs regarding the matter.
it would be a lot of help if you can support me with info and tools.


Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software