Groundwork- these exercises have a solution that are well known to experienced examiners. Each exercise is worth 100 points (e.g. File Signatures, Suspicious Software, Hashing Metadata, etc.).

• 100 - Windows Registry Analysis
• 101 - File Hash Identification
• 102 - File Signature Analysis
• 103 - Creation of Affidavit for search Seizure Warrant
• 104 - Hot Spot Surveillance

Uncertainty- at 200 points per exercise, these solvable exercises have a varying degree of difficulty (e.g. Data Hiding, File Headers, Passwords, Registry, etc.).

• 200 - File Data Examination
• 201 - STEG Level 2
• 202 - Password Cracking
• 203 - VMWare Memory Analysis

Investigate- there is no guarantee that these exercises have a solution. Additionally, each 300 point exercise requires a solution that is not very well known (e.g. Encryption, Parsing, etc.).

• 300 - Network Trap and Trace
• 301 - Encrypted Device Image
• 302 - Shadow Volume Win7 Registry Analysis
• 303 - Unallocated Recovery Challenge

Reveal- these 400 point exercises have no known solution (e.g. Communication Recovery/Parsing, Information Concealment in files, etc.).

• 400 - Shadow Volumes Analysis
• 401 - STEG Level 4
• 402 - Encrypted Drive Recovery

Originate- 500 point exercises required development of digital forensic tools based on the defined requirements (e.g. tools, methodologies, etc. for known Digital Forensic investigation issues).

Hint: These tools can be used to solve other exercises

• 500 - Language Identifier and Translator Tool Development
• 501 - Imaging the Android OS - Tool Development
• 502 - MFT File Reader
• 503 - Text String Search Tool Development
• 504 - Data Recovery from HPA as a Universal Tool or Manufacturer Tool Development
• 505 - Data Recovery from Unmarried TPM Hard Disk Tool Development
• 506 - VSC Parser Tool Development