±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 33968
New Yesterday: 6 Visitors: 182

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Linux Magazine - Hoffmann Forensic Challenge

Computer forensics training and education issues. If you are looking for topic suggestions for your project, thesis or dissertation please post here rather than the general discussion forum.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts

Linux Magazine - Hoffmann Forensic Challenge

Post Posted: Fri Nov 30, 2007 5:32 pm

Robert-Jan Mora from Hoffmann Bedrijfsrecherche bv in the Netherlands has very kindly contacted me to let us know about a forensic challenge that they're running in conjunction with Linux Magazine (also in the Netherlands). The challenge can be found here:


That's the good news, the bad news is that it's in Dutch (which I guess some readers might struggle with!) I'm going to try a quick translation, as follows, but native Dutch speakers should feel very free to point out any mistakes:

Hoffmann Forensic Challenge

The terror suspect "Willem Z" has been captured after a police raid. In his house the police discovered some advanced bomb making equipment, five computers and an extraordinary number of penguin soft toys. The hard drives of the computers all appear to be encrypted and Willem Z is maintaining his right to silence. Because of this the investigation is not going much further forward, although it is suspected that a terrorist attack is planned. Then a memory card is discovered in Willem Z's camera but there are no photos on it. The police suspect that there is information on the card which could be used to prevent an attack. For that reason they've come to you, the forensic expert. Your job is to retrieve the information from the card as quickly as possible and save many lives.

The challenge (De uitdaging)

The Digital Forensics unit of Hoffmann Bedrijfsrecherche bv. has created a fictional forensics challenge. Your task is to investigate and analyse digital forensic evidence. The evidence is a forensic image of an mmc-card from a camera. What makes this challenge unique is that you are part of a secret police unit that is investigating the threat of a terrorist attack. Before you begin the challenge it is useful to read the police report to gain some background information, just as in other investigations. Finding the answers to the following questions and preventing a terrorist attack will depend on your technical skills.

Questions to be answered (De onderzoeksvragen)

1. Who are the other terrorists and when is the attack planned?
2. What is the target of the attack?
3. For every relevant file explain what Willem Z. (the suspect) has done to hide the data from others.
4. Explain how you, the forensic expert, obtained the information.

IMPORTANT! In order to judge the entries the MD5 hash of the recovered files must be included.

Download the image to be investigated from here.

What could you win? (Wat valt er te winnen?)

DataExpert bv. and Hoffmann Bedrijfsrecherche bv. have joined together to offer the following prizes:

1. A day's training from DataExpert bv. in Windows Vista Forensics.
2. 'File System Forensics' by Brian Carrier.
3. 'Digital Evidence and Computer Crime' by Eoghan Casey.

The winning entries will also be published on the Linux Magaxine web site.

Judging the entries (Beoordeling van de inzendingen)

Entries need to be sent to forensics @ hoffmannbv.nl and info @ linuxmag.nl by 23:59 on 31 december 2007.

1. The first selection will be based on the answers to questions 1 and 2. These need to be correct in order to be considered for a prize.
2. The accuracy and depth of the answers to questions 3 and 4 will determine the eventual winners.
3. If there is a draw then the date the entries were sent in will be considered. Earlier entries will have priority but otherwise quality is the most important factor.

There then follows a selection of links to useful open source tools under the heading "Referenties" followed by some instructions regarding the installation of required development libraries under the section "Installatie forensische software"

As the target audience is clearly Dutch and the winning entries are to be included on Linux Magazine's Dutch web site I presume (correct me if I'm wrong Robert-Jan) that entries in Dutch are expected [EDIT: Robert-Jan has indeed contacted me to say that although it is intended for a Dutch audience, reports in English are welcome]. Nevertheless, it might be an interesting and fun challenge...  

Last edited by jamie on Tue May 26, 2009 10:03 am; edited 1 time in total

Site Admin

Re: Linux Magazine - Hoffmann Forensic Challenge

Post Posted: Tue Dec 04, 2007 6:40 am

Just had a look at that image. I would call it more an entry level exercise for somebody new to forensics than a challenge, but nevertheless it's interesting in some way because it's a linux filesystem which is not (yet) found as frequently as windows...

BTW, I would be happy if the bad guys would do it that way Wink  


Page 1 of 1