Forensic Challenge 2010-3
The Honeynet Project is proud to present our third Forensic Challenge 2010 created by Josh Smith and Matt Cote from The Rochester Institute of Technology Chapter, Angelo Dell’Aera from the Italian Chapter and Nicolas Collery from the Singapore Chapter. This challenge is a bit different than the previous two, as it involves investigating a memory image of an infected virtual machine. Read all the questions for this challenge over at the main blog and submit your answers by 17:00 EST, Sunday, April 18th 2010. Good luck!
UPDATE (12.Apr): There are now additional third-party incentives to participate in this forensics challenge. Both Volatile Systems and MANDIANT are offering their own prices to the top three winners that apply their memory analysis tools; The Volatility Framework, Memoryze and Audit Viewer respectively. But remember, there are now only a few days left until deadline, so get moving!
UPDATE (19.Apr): The submission deadline for this challenge has been extended till April 26th.
UPDATE (14.May): The solution and the winners of this challenge is available here.
The solution and winners of the second challenge are shown here.
May 14th, 2010 at 10:03
The winners of this challenge have now been determined. Of a total of 22 candidates, these are the top 3 winners: 1. Mario Pascucci (Italy), 2. Tyler Hudak (USA) and 3. Carl Pulley (UK).
Congratulations to the winners and all the folks that participated in the challenge – this was not an easy one. Each winner will receive a signed book from one of our Honeynet Project authors. We have posted the submissions of the winners and sample solution on the FC2010/3 web page. All participants should have also received an email with information about their individual score as well as placement.