Practising forensics

I know of a website where there is a database of malware to practice malware analysis, however is there a similar style website for disk images?

I would be interested to know WHICH is the style of the site you know to be able to check if the ones I know for forensic images have the same style. roll
Seriously now wink , see
http//www.forensicfocus.com/images-and-challenges

As a side note
http//articles.forensicfocus.com/2013/10/18/forge-computer-forensic-test-image-generator/

jaclaz

P.S. OT 😯 , seeing that you are interested in the RaspberryPI, JFYI
http//www.msfn.org/board/topic/171626-13-macintosh-33-raspberrypi/

I know of a website where there is a database of malware to practice malware analysis, however is there a similar style website for disk images?

I would be interested to know WHICH is the style of the site you know to be able to check if the ones I know for forensic images have the same style. roll
Seriously now wink , see
http//www.forensicfocus.com/images-and-challenges

As a side note
http//articles.forensicfocus.com/2013/10/18/forge-computer-forensic-test-image-generator/

jaclaz

P.S. OT 😯 , seeing that you are interested in the RaspberryPI, JFYI
http//www.msfn.org/board/topic/171626-13-macintosh-33-raspberrypi/

I spent around 30 minutes trying to find the website I was trying to reference, and I've just found it. It's Crackmeds -) I do apologise, however it does seem you hit the nail on the head by giving me everything I needed!

In regards to the RPi Mac… Speechless 😯

… is there a similar style website for disk images?

Similar how? Or perhaps, what kind of analysis is it you want to practice on?

If you're looking for recent or unusual file systems (say, ReFS – Windows Server 2012, FAT on DVD-RAM – 2048 bytes/sector; or ext3 from a big-endian system), etc, your best chance is to create them yourself. It's usually possible to find a Linux distribution, and fire up a hardware emulator like QEMU to produce an image.

Or find a laser printer with a hard disk, and analyze that.

If you lean towards hostile testing …

If you're looking for unusual features of normal file systems – say, an NTFS file system containing a 4 Tb sparse file or files created using the POSIX subsystem – and see how forensic platforms manage or don't manage such outliers, you're probably also reduced to create your own.

I do know of a 'tar file from hell', that upsets many tar archive viewers (also those present in forensic platforms), See https://www.usenix.org/legacy/event/lisa03/tech/full_papers/zwicky/zwicky_html/ which contains a discussion of the tests as well as a link to the home page that links to the source code that creates the file.