The
results from this year's Department of Defense's Cyber Crime Center (
DC3) Forensic Challenge is out!
This was one of the hardest forensic challenges I have ever participated in. It consisted of four classes of problems:
- Media. Imagine a DVD-RW cut in half. Now get the data off of it. Other media problems included a re-written CD-RW (get off the original data, not the rewritten stuff), a scratched up CD-ROM (I think they used a power-sander), and a quarter of a disk (take a CD-ROM and cut it like a pizza, then give each team one slice).
- Hardware. They gave each team a dead USB Thumb drive. Get the data off of it. (One member of my team, Kerwyn, did it by removing the memory and soldering it onto a different thumb drive.)
- Cryptography. A bunch of challenges with encrypted data. Your job is to identify the encryption system and decrypt the data.
- Images. Given some pictures, which are real and which are computer generated? A second challenge had modified images -- identify what was done to each image.
Last year, my team
placed 5th. Paul (5%) and I (95%) beat out every government and military team, and most of the commercial and academic teams.
This year? The challenges were much harder. Basically, if you don't crack crypto and don't have any means to recover damaged media, then there were few other challenges that you could attempt. According to the DC3, there were 126 teams, but only 11 teams submitted solutions. Talk about hard... imagine a marathon where less than 10% of the racers even cross the finish line. (Last year, there were 140 teams with 21 submitting solutions. That is still only 15%.)
Teams had a few months to work on the challenges, and a hard deadline for submitting solutions. I didn't think I would win, but I was hoping for one of the top 3 positions. And considering that no solutions had been received one day before the deadline, I felt pretty good.
As it turns out, the big winner was team "
Total Recall" from
Sam Houston State University! Congratulations Total Recall! Second place went to Cyber Warriors -- another academic team. [
Update: While Total Recall had the highest score, Cyber Warriors had the highest score among teams eligible for the grand prize. Congratulations to both teams!] My group, team
Hacker Factor, came in third and had the highest score among civilian teams! Rounding out the top five teams were teams
AWGN (
Air Force Communication Agency) and Super Secret Squirrels (unknown affiliation).
The surprising thing this year was the lack of government (non-military) and commercial teams. There was
no highest scoring team in either of these categories. Considering that there were 21 government and commercial teams,
someone should have had the highest score in both of these categories. Even though the challenges were hard, the inability for any of these teams to submit any solution (even a partial solution) makes me question the skill set in these markets. (In all fairness, last year's champion was
Access Data, a commercial outfit.)
I really need to thank my team. Kerwyn did an amazing job with the USB challenge. (What kind of geek has micro-soldering and surface mounting tools at home? Kerwyn!) Adam and Paul provided excellent feedback on the image analysis challenges. (And of course, me,
Neal Krawetz.) Together, we attempted the USB challenge, both image analysis challenges, and the audio steganography challenge. The damaged media and crypto cracking challenges were beyond our combined skill sets.
This is the second year that the DC3 has held the Forensic Challenge. And
Hacker Factor is the only team to place in the top five both years. (Brag brag brag)
I have already heard from
David Smith,
Georgetown University. He said his team solved the CD-ROM "quick erase" challenge (CD challenge #3). (I want to know how he did it! Kerwyn and I knew one way to solve it but we didn't have the right hardware.)
