Forums
Main Category
General (Technical,...
Example casefiles
 
Notifications
Clear all

Example casefiles

 
Page 2 / 3
General (Technical, Procedural, Software, Hardware etc.)
Last Post by bjgleas 20 years ago
21 Posts
11 Users
0 Reactions
1,687 Views
RSS
 Cybo
(@cybo)
Active Member
Joined: 20 years ago
Posts: 6
Topic starter 18/01/2006 8:22 pm  

Hi there,

Some interesting feedback.
Why I want an virtual crime case is because we want to work on automatically finding the links between pieces of information (likes those mentioned by Nick) that relates to a specific case. This could be the case the investigator is actually looking at but may also include other "crimes" found on the same forensic data set. We therefore need examples of real crimes in order to have the links.

Cybo


   
ReplyQuote
neddy
 neddy
(@neddy)
Estimable Member
Joined: 21 years ago
Posts: 182
18/01/2006 8:48 pm  

I have on more than one occasion imaged drives from computers left on the street near where I live. I have built profiles of the users and found it quite enjoyable. Needless to say I was always concerned that I may find material that I may have to disclose but thankfully that was never the case and I destroyed all the case and image files afterwards.


   
ReplyQuote
 bjgleas
(@bjgleas)
Estimable Member
Joined: 21 years ago
Posts: 114
18/01/2006 9:28 pm  

One place where you can get come cases is from the HoneyNet Project

The archive contains a number of network and disk based cases. They provide you with some background information and the evidence… there are over 30 cases here for you to practice on.

http//www.honeynet.org/misc/chall.html

There are multiple solutions for each case (but don't peek!)

There are different levels of difficulty, and most of the major operating systems seem to be covered.

bj


   
ReplyQuote
 Cybo
(@cybo)
Active Member
Joined: 20 years ago
Posts: 6
Topic starter 19/01/2006 2:27 pm  

Thank bjgleas,

The scan 24 and scan26 stuff is close to what I am looking for. It is just very small and I would like to have a much bigger dataset to work with.

Cybo


   
ReplyQuote
 bjgleas
(@bjgleas)
Estimable Member
Joined: 21 years ago
Posts: 114
19/01/2006 5:18 pm  

I would like to have a much bigger dataset to work with.

Some mentioned this place before, but the hacking case at http//www.cfreds.nist.gov/Hacking_Case.html contains about 4.5 gig of data. You can download the encase files, or the dd images.

note The DD image is actually 8 parts, the 8th part is at http//www.cfreds.nist.gov/images%5Chacking-dd%5CSCHARDT.008

bj


   
ReplyQuote
nickfx
 nickfx
(@nickfx)
Estimable Member
Joined: 20 years ago
Posts: 131
20/01/2006 5:14 pm  

Hi, we may be able to release one of our test cases to you, I'm just checking and will come back to you.

Nick


   
ReplyQuote
 bjgleas
(@bjgleas)
Estimable Member
Joined: 21 years ago
Posts: 114
20/01/2006 6:04 pm  

nickfx

I'd be interested in it as well…

Thanks,

bj


   
ReplyQuote
 Cybo
(@cybo)
Active Member
Joined: 20 years ago
Posts: 6
Topic starter 20/01/2006 7:41 pm  

nickfx

That will be great as I not been successful anywhere else

Cheers
Cybo


   
ReplyQuote
nickfx
 nickfx
(@nickfx)
Estimable Member
Joined: 20 years ago
Posts: 131
24/01/2006 2:58 am  

No luck at the moment I'm afraid chaps! Data protection laws are very strict in the UK and of course these test cases include email from others and information about the user of the machine, even though he works with us. We are going to look and see how easy it would be to sanitise a case without destroying the whole point!

I'll come back to you if I have any progress.

Nick


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
24/01/2006 6:00 am  

FYI to all…I've downloaded the various components/image files that bjgleas pointed out, assembled them and opened them in ProDiscover 4.55.

Very cool.

Harlan


   
ReplyQuote
Page 2 / 3
Forum Jump:
  Previous Topic
Next Topic  
Share: