DC3 Digital Forensics Challenge 2012

The Challenge » Exercises

Each Challenge level establishes the total number of points available per exercise. DC3 Challenge levels are assigned based on the complexity of the research and innovation required to determine a solution. This is based on the level of knowledge and time required of a digital forensics specialist in an examination.

Level 100: Novice

Groundwork- these exercises have a solution that are well known to experienced examiners. Each exercise is worth 100 points (e.g. File Signatures, Suspicious Software, Hashing Metadata, etc.).

  • 100 - Internet Explorer Internet History Analysis
  • 101 - Linux Password and Shadow File
  • 102 - Google Chrome Internet History Analysis
  • 103 - Mozilla Firefox Internet History Analysis
  • 104 - Safari Internet History Analysis
  • 105 - File Metadata Analysis
  • 106 - File Signature and Reconstruction
  • 107 - Password Recovery
  • 108 - Hidden Data Analysis
  • 109 - Hash Analysis and Comparison
  • 110 - Detect Suspicious Software
  • 111 - Image Analysis
  • 112 - Manipulated Images

Level 200: Advanced

Uncertainty- at 200 points per exercise, these solvable exercises have a varying degree of difficulty (e.g. Data Hiding, File Headers, Passwords, Registry, etc.).

  • 200 - Steganography Extraction Challenge
  • 201 - Cracking Linux Logins
  • 202 - Linux Intrusion - Network Capture
  • 203 - Windows Intrusion - Network Capture
  • 204 - Evidence of USB Usage between Mac and Windows
  • 205 - E-mail Header Analysis

Level 300: Expert

Investigate- there is no guarantee that these exercises have a solution. Additionally, each 300 point exercise requires a solution that is not very well known (e.g. Encryption, Parsing, etc.).

  • 300 - Encrypted Archives Challenge
  • 301 - Linux Encrypted Volume Challenge
  • 302 - Data Recovery - RAID Reconstruction
  • 303 - Linux Intrusion - Dead Box Exam
  • 304 - iOS Mail Conversion
  • 305 - Basic Level Malware Analysis

Level 400: Master

Reveal- these 400 point exercises have no known solution (e.g. Communication Recovery/Parsing, Information Concealment in files, etc.).

  • 400 - Camera Shy Steganography Challenge
  • 401 - Linux LUKS Volume Decryption
  • 402 - Cryptomathic File2File Decryption
  • 403 - Deleted Drive Recovery
  • 404 - Advanced Malware Analysis

Level 500: Developer

Originate- 500 point exercises required development of digital forensic tools based on the defined requirements (e.g. tools, methodologies, etc. for known Digital Forensic investigation issues).

Hint: These tools can be used to solve other exercises

  • 500 - Linux Executable Packer
  • 501 - Windows Executable Packer
  • 502 - File Activity Timeline
  • 503 - Volume Shadow Copy Analyzer
  • 504 - Windows File Tag Analysis