SANS Digital Forensics and Incident Response Blog

Super Sunday Funday Forensic Challenge

The Challenge: Starting September 4, 2014 on the Hacking Exposed Computer Forensics Blog the first forensic image will be available for download. Your goal is to solve the question with the first forensic image and email it to dcowen@g-cpartners.com.

The Challenge:

The first forensic image is available for download. Your goal is to solve the question with the first forensic image located at: https://mega.co.nz/#!qoxgGYCY!1jM32pncF0wE-TROhaXFI07hZbu5AfZ1BJE-p8tm1mo

and email the answer to the following questions to: dcowen@g-cpartners.com.

  • What was used to wipe this drive?
  • What special options were given?
  • What file was wiped from this drive?

On receiving a correct answer you will be notified that you have entered stage 2 and that another question and image will be sent to you. There are 5 stages and the player who makes it the farthest with the most correct answer will win!

The Rules:
1. This will be a multi stage contest lasting two weeks
2. Final answers must be in by Sept 15th
3. 9/05/14 The first question will be posted
4. New questions will be given to those who answer the first question correctly
5. You can start the contest at any point leading up to Sept 15th, there is no penalty for starting late
6. All submissions must be sent to dcowen@g-cpartners.com, do not post answers in the comments
7. In order for an anonymous winner to receive a prize they must give their name to me, but i will not release it in a blog post

The Prize:
A free vLive DFIR Online LIVE Course from SANS a prize worth $5,000, you can choose from the following:

FOR408: Windows Forensic Analysis
Oct 6, 2014 - Nov 12, 2014
w/ Mike Pilkington & Ovie Carroll

FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
Oct 13, 2014 - Nov 19, 2014
w/ Lenny Zeltser & Jake Williams

FOR508: Advanced Incident Response
Oct 14, 2014 - Nov 20, 2014
w/ Jake Williams & Alissa Torres