The Challenge » Exercises
Each Challenge level establishes the total number of points available per exercise. DC3 Challenge levels are assigned based on the complexity of the research and innovation required to determine a solution. This is based on the level of knowledge and time required of a digital forensics specialist in an examination.
Level 100: Novice
Groundwork- these exercises have a solution that are well known to experienced examiners. Each exercise is worth 100 points (e.g. File Signatures, Suspicious Software, Hashing Metadata, etc.).
- 100 - Internet Explorer Internet History Analysis
- 101 - Linux Password and Shadow File
- 102 - Google Chrome Internet History Analysis
- 103 - Mozilla Firefox Internet History Analysis
- 104 - Safari Internet History Analysis
- 105 - File Metadata Analysis
- 106 - File Signature and Reconstruction
- 107 - Password Recovery
- 108 - Hidden Data Analysis
- 109 - Hash Analysis and Comparison
- 110 - Detect Suspicious Software
- 111 - Image Analysis
- 112 - Manipulated Images
Level 200: Advanced
Uncertainty- at 200 points per exercise, these solvable exercises have a varying degree of difficulty (e.g. Data Hiding, File Headers, Passwords, Registry, etc.).
- 200 - Steganography Extraction Challenge
- 201 - Cracking Linux Logins
- 202 - Linux Intrusion - Network Capture
- 203 - Windows Intrusion - Network Capture
- 204 - Evidence of USB Usage between Mac and Windows
- 205 - E-mail Header Analysis
Level 300: Expert
Investigate- there is no guarantee that these exercises have a solution. Additionally, each 300 point exercise requires a solution that is not very well known (e.g. Encryption, Parsing, etc.).
- 300 - Encrypted Archives Challenge
- 301 - Linux Encrypted Volume Challenge
- 302 - Data Recovery - RAID Reconstruction
- 303 - Linux Intrusion - Dead Box Exam
- 304 - iOS Mail Conversion
- 305 - Basic Level Malware Analysis
Level 400: Master
Reveal- these 400 point exercises have no known solution (e.g. Communication Recovery/Parsing, Information Concealment in files, etc.).
- 400 - Camera Shy Steganography Challenge
- 401 - Linux LUKS Volume Decryption
- 402 - Cryptomathic File2File Decryption
- 403 - Deleted Drive Recovery
- 404 - Advanced Malware Analysis
Level 500: Developer
Originate- 500 point exercises required development of digital forensic tools based on the defined requirements (e.g. tools, methodologies, etc. for known Digital Forensic investigation issues).
Hint: These tools can be used to solve other exercises
- 500 - Linux Executable Packer
- 501 - Windows Executable Packer
- 502 - File Activity Timeline
- 503 - Volume Shadow Copy Analyzer
- 504 - Windows File Tag Analysis