Monday, December 28, 2009

Forensics Contest #3 released

For the holidays they released challenge #3. This time you'll need to reassemble packets to get the whole picture! May be beyond what I can throw together in perl, actually 99% sure it is since I tried to do this a little last time. I'll probably write something in C or Pascal for it. Problem with doing it in pascal is they are going to want the source and I'm not sure i'm willing to give up my source on winpcap stuff. We'll see, maybe use something else to rip the traffic out and then just put a nice gui front end on it with pascal. Who knows.

Anyway, check it out.

Thursday, December 17, 2009

Forensics Contest #2 Finalists and Winners

Based on the PaulDotCom 180 podcast Franck and Jeremy were the winners, they decided to have co-winners this time around. Erik and NetworkMiner ended up being finalists again and got special mention in the podcast.

As of this posting they haven't actually published this at the forensicscontest site, but I guessed at the URL and picked up the Finalists along with the winners from the podcast.

Will be fun to look through the winners submissions over the next few days/weeks. Contest #3 is hopefully due out in the next 7-14 days.

Update:
Posted:
Contest Winners and writeup now posted

I made the SemiFinalist list (top 15), just didn't make the finalist list (top 8). Maybe Contest #3!

Sunday, December 13, 2009

DFRWS results posted

At the time the 2009 challenge was posted I think I only looked at the network traffic side of things and didn't get a lot out of it. Not sure if I'd done the GCFA and SANS 508 course at that time or not, but I know I didn't dig into the memory or disk dumps. Would have been nice to knowing a bit more about that stuff now. Anyway, glanced through a few of the writeups, very nice work!

You can find the writeups, challenge info, etc here

I think NetworkMiner will make much better use of the pcap files that Satori does, but Satori isn't designed for this type of thing anyway!