Linux Magazine - Ho...
 
Notifications
Clear all

Linux Magazine - Hoffmann Forensic Challenge

2 Posts
2 Users
0 Likes
248 Views
Jamie
(@jamie)
Posts: 1288
Moderator
 

Robert-Jan Mora from Hoffmann Bedrijfsrecherche bv in the Netherlands has very kindly contacted me to let us know about a forensic challenge that they're running in conjunction with Linux Magazine (also in the Netherlands). The challenge can be found here

http//www.linuxmag.nl/nl/4137085f61440

That's the good news, the bad news is that it's in Dutch (which I guess some readers might struggle with!) I'm going to try a quick translation, as follows, but native Dutch speakers should feel very free to point out any mistakes

Hoffmann Forensic Challenge

The terror suspect "Willem Z" has been captured after a police raid. In his house the police discovered some advanced bomb making equipment, five computers and an extraordinary number of penguin soft toys. The hard drives of the computers all appear to be encrypted and Willem Z is maintaining his right to silence. Because of this the investigation is not going much further forward, although it is suspected that a terrorist attack is planned. Then a memory card is discovered in Willem Z's camera but there are no photos on it. The police suspect that there is information on the card which could be used to prevent an attack. For that reason they've come to you, the forensic expert. Your job is to retrieve the information from the card as quickly as possible and save many lives.

The challenge (De uitdaging)

The Digital Forensics unit of Hoffmann Bedrijfsrecherche bv. has created a fictional forensics challenge. Your task is to investigate and analyse digital forensic evidence. The evidence is a forensic image of an mmc-card from a camera. What makes this challenge unique is that you are part of a secret police unit that is investigating the threat of a terrorist attack. Before you begin the challenge it is useful to read the police report to gain some background information, just as in other investigations. Finding the answers to the following questions and preventing a terrorist attack will depend on your technical skills.

Questions to be answered (De onderzoeksvragen)

1. Who are the other terrorists and when is the attack planned?
2. What is the target of the attack?
3. For every relevant file explain what Willem Z. (the suspect) has done to hide the data from others.
4. Explain how you, the forensic expert, obtained the information.

IMPORTANT! In order to judge the entries the MD5 hash of the recovered files must be included.

Download the image to be investigated from here.

What could you win? (Wat valt er te winnen?)

DataExpert bv. and Hoffmann Bedrijfsrecherche bv. have joined together to offer the following prizes

1. A day's training from DataExpert bv. in Windows Vista Forensics.
2. 'File System Forensics' by Brian Carrier.
3. 'Digital Evidence and Computer Crime' by Eoghan Casey.

The winning entries will also be published on the Linux Magaxine web site.

Judging the entries (Beoordeling van de inzendingen)

Entries need to be sent to forensics@hoffmannbv.nl and info@linuxmag.nl by 2359 on 31 december 2007.

1. The first selection will be based on the answers to questions 1 and 2. These need to be correct in order to be considered for a prize.
2. The accuracy and depth of the answers to questions 3 and 4 will determine the eventual winners.
3. If there is a draw then the date the entries were sent in will be considered. Earlier entries will have priority but otherwise quality is the most important factor.

There then follows a selection of links to useful open source tools under the heading "Referenties" followed by some instructions regarding the installation of required development libraries under the section "Installatie forensische software"

As the target audience is clearly Dutch and the winning entries are to be included on Linux Magazine's Dutch web site I presume (correct me if I'm wrong Robert-Jan) that entries in Dutch are expected [EDIT Robert-Jan has indeed contacted me to say that although it is intended for a Dutch audience, reports in English are welcome]. Nevertheless, it might be an interesting and fun challenge…

 
Posted : 30/11/2007 10:32 pm
(@chris2792)
Posts: 33
Eminent Member
 

Just had a look at that image. I would call it more an entry level exercise for somebody new to forensics than a challenge, but nevertheless it's interesting in some way because it's a linux filesystem which is not (yet) found as frequently as windows…

BTW, I would be happy if the bad guys would do it that way wink

 
Posted : 04/12/2007 11:40 am
Share: