.

DFRWS Challenge 2011

<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Fri May 20, 2011 2:05 pm

DFRWS Challenge 2011

For those into foresics:

http://www.dfrws.org/2011/challenge/

Scenario 1: Suspicious Death

Donald Norby was found dead in his home with a single bullet to the head. It is unclear whether this is a suicide or homicide. The largest question revolves around the victim's potential connections to an organized criminal group called KRYPTIX. You have been asked to perform a forensic examination of Norby’s Android device found at the scene in order to determine his activities and, possibly, who he communicated with prior to his death. Your ultimate goal is to determine whether he killed himself or was murdered and provide any further leads to the investigator.

The device was acquired using what the agent considered to be industry best practices. The device flash storage as well as removable media was collected. See the case specific logs for more information.


I always do these challenges, most of the times just to stay focused. I rarely submit results though. Anyhow, for those looking for challenges or to just get sample data to work with, there are two scenarios there.

*fires up FTK + EnCase* (yes I use both simultaneously to replicate results.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon May 23, 2011 10:16 am

Re: DFRWS Challenge 2011

The Quick and the Dead - Android Forensics using nothing but FTK ... Dirty primer, I was bored

http://www.infiltrated.net/droidphorensix/
<<

lorddicranius

User avatar

Sr. Member
Sr. Member

Posts: 448

Joined: Thu Mar 03, 2011 3:54 am

Post Mon May 23, 2011 1:38 pm

Re: DFRWS Challenge 2011

I'm not a forensics guy, but that was really fun/interesting to watch :)
GSEC, eCPPT, Sec+
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon May 23, 2011 2:33 pm

Re: DFRWS Challenge 2011

I chose to do it with FTK because I didn't want to recompile my kernel for yffs2. Also, Encase was being a PITA trying to read the images.
<<

R3B005t

Newbie
Newbie

Posts: 43

Joined: Wed Mar 09, 2011 9:03 am

Location: NVA/D.C.

Post Tue May 24, 2011 9:11 am

Re: DFRWS Challenge 2011

Sil what version of FTK are you using? Have you gotten your hands on the latest release?  Just wondering what your impressions are..  BTW I love the forensic challenges, hard to stay on top of all of em  ;D
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue May 24, 2011 10:03 am

Re: DFRWS Challenge 2011

I hate the latest versions of both FTK and EnCase. I swap between 1.81.6 and 1.50 (laptop has older, too lazy to upgrade) About to do the entire thing in Linux in a bit.

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software