by Ken Pryor
The site I’ve most taken advantage of when downloading images is The CFReDS Project. CFReDS, which stands for “Computer Forensic Reference Data Sets” is hosted by the NIST and exists to “…provide to an investigator documented sets of simulated digital evidence for examination”. The downloads include disk images, mobile device images and memory images. Some of the images have scenarios that accompany them and present a challenge with questions about the image you must answer. The answers are also available for you to check your work.
Much like the CFReDS page, the Digital Forensics Tool Testing Images page has a list of images you can use for testing. The images provided here are test images designed specifically for the testing of your software and provide you with the opportunity to do file carving, keyword searching and even memory analysis. Other images are there as well, accompanied by great supporting info on what you’ll find in the images.
A newer site I’ve found that has plenty of forensic image goodness is the Digital Corpora site. There is an excellent selection of images here, but it’s not limited to disk images. In addition to disk and file system images, you’ll also find cell phone images and packet dumps to work with.
The annual DC3 Challenge is a fun and challenging way to improve your forensic skills. The Department of Defense Cyber Crime Center (DC3) provides this contest every year with excellent prizes provided this year for winning participants. The great thing about the DC3 Challenge is that everyone can participate, from the forensics noob to the seasoned veteran forensicator with five different levels of challenges are available. Unfortunately, it doesn’t appear that past years challenges are still available for download for those wanting to do them just for the learning experience. If I’m wrong and they are available, I’d appreciate someone letting me know, but I didn’t find them.
The Digital Forensics Research Workshop (DFRWS) posts new challenges each year related to the focus of its annual conference. Downloads are available for this years challenge, which focuses on cellular phone forensics. Unlike the DC3 Challenge, the DFRWS has archives of previous years challenges and still makes the challenge materials available for download in the Archive section of their website.
Finally, a great thing started just last year is the Network Forensics Puzzle Contest featuring the exploits of “Ann Dercover”. Most recently, Ann was featured in “Ann’s Aurora”, a contest held in concert with the SANS Forensic Summit last month. The puzzles and the underlying story for each are well thought out, entertaining and definitely challenging. I haven’t learned enough in the area of network forensics yet to feel like I can do these well, they provide those with the desire to learn an awesome opportunity to work them (and maybe win an excellent prize as well).
I hope you will take the time to look these sites over and see all they’ve got to offer, as I really only touched just a little on each. Also, if you know of other places where practice images and related materials are available, I’d love to hear from you.
Ken Pryor is a police officer and GCFA with the Robinson, Illinois Police Department. He became a police officer in 1987 and has been working in the area of digital forensics since 2008. He can be contacted at rpdforensics@gmail.com.
This article was originally published as a blog post on the SANS Computer Forensics website and is reprinted with kind permission.
Hi Ken,
I have less exposure to digital forensics than yourself in my role as IT Manager for a small company so your list of various test and practice resources are most useful. Thank you.