Friday, September 5, 2014

Super Sunday Funday Forensic Challenge

Hello Reader,
         It's time for another multi week, multi stage challenge! Get ready!

http://dfir.to/HECF-Challenge-14


Read about it from the SANS Blog here:
http://dfir.to/HECF-Challenge-14

The Challenge:

         The first forensic image is available for download. Your goal is to solve the question with the first forensic image located at:
 https://mega.co.nz/#!qoxgGYCY!1jM32pncF0wE-TROhaXFI07hZbu5AfZ1BJE-p8tm1mo

and email the answer to the following questions
  • What was used to wipe this drive?
  • What special options were given?
  • What file was wiped from this drive?
to:  dcowen@g-cpartners.com.

I decided to go ahead and crank up the difficulty on this challenge from the get go and my goal is to have all 5 levels by forensic image reviews. Good luck to all of you!


On receiving a correct answer you will be notified that you have entered stage 2 and that another question and image will be sent to you. There are 5 stages and the player who makes it the farthest with the most correct answer will win!
The Rules, Have Changed!:
1. This will be a multi stage contest lasting two weeks
2. Final answers must be in by Sept 15th
3. 9/05/14 The first question will be posted
4. New questions will be given to those who answer the first question correctly
5. You can start the contest at any point leading up to Sept 15th,there is no penalty for starting late
6. All submissions must be sent to dcowen@g-cpartners.com, do not post answers in the comments
7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Prize:

A free vLive DFIR Online LIVE Course from SANS a prize worth $5,000, you can choose from the following:

FOR408: Windows Forensic Analysis
Oct 6, 2014 - Nov 12, 2014
w/ Mike Pilkington & Ovie Carroll

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
Oct 13, 2014 - Nov 19, 2014
w/ Lenny Zeltser & Jake Williams

FOR508: Advanced Incident Response
Oct 14, 2014 - Nov 20, 2014
w/ Jake Williams & Alissa Torres