Hi,
please, if anyone has some websites or any resources that have some forensic excercies in order to improve my skills.
i already find 2 websites
http//
http//
Thanks.
Go up one level on CFREDS
http//
there are more.
Good Luck!
Arthur
Thanks Arthur
yeah i did all the cfreds.nist.gov already
here is another one
http//dftt.sourceforge.net/
While many of these sites provide images, how many are exercises?
My thought is that someone will get the images, open them in a tool…and then what?
"Exercises" can be obtained from the HoneyNet SotM challenges, as well as sites like Ed Skoudis' Hacker Challenges…
Keydet
I believe the NIST site offers the images and a bunch of questions to be answered (like Who was the last user to logon and what NICs were on the system etc). The answer key is supplied (but passworded, I believe).
It's probably a good start for those getting their feet wet.
I haven't looked at the challenges you mention - I probably should….
Regards….
Arthur
"I believe the NIST site offers the images…"
You're right, it does. I was simply pointing out that there are other sites that offer more than just images.
Here are some more. But I see that some of these are overlap from the one of the previous posts, at least one of the images.
http//
http//
http//
http//
Another thing you can do it to purchase used hard drives from ebay and image and investigate them. Now there are no answers provided, but then in real life there aren't any answers provided either. )
However, if you find any more sites please post to here as I enjoy working on the challenges.
Mark
Looking beyond just the sites provided…in order to improve your skills in forensic analysis, you might consider going beyond the exercise or challenge. Don't just look for what is asked for in the challenge or exercise…go beyond that. What else is available?
Another thing that struck me when looking at the responses at some of the sites…these 'challenges' aren't so much about 'can you find the data?', as they are about 'do you have a process or procedure?' and 'can you document it and communicate your findings to others?'…
H
A couple of years ago, I attended a vendor training in Pasadena, and asked about the availibility of such images. The response I got at the time was that some vendors (particularly those with non-open source operating systems like Windows) did not approve of distribution of drive images containing their software. Anything not created from an authorized demo would require a licensing fee for each copy…
This might explain why the VMWare Applicance Download page has several versions of Server 2003, but no XP virtual machines I can find. Does anyone know more about this? It would be fun to put together some test images, as well as potentially useful for prospective new employees as part of the interview process ("OK, here's a test case for you. These are the allegations. We'd like to see your approach to this…").
I've also spotted that MS has recently released virtual machine/drive demos of both XP SP2 (for IE 7 compatability testing) and Office 2007 (which appears to include a Vista Ultimate demo). Would these be fair game to create test images from?
Anyone know anything more about the
It would seem that any VM image would be unlikely to have artifacts of a forensic interest. Good for learning layout and structure of an OS.