Forensic Computing ...
 
Notifications
Clear all

Forensic Computing Challenge

12 Posts
7 Users
0 Likes
691 Views
 Andy
(@andy)
Posts: 357
Reputable Member
Topic starter
 

Download the image file: http://digitalforensics.champlain.edu/challenge/ read the instructions. See if you can crack the case. These challenges are fun and good practice for the EnCE or the Cranfield FC Foundation course 🙂

1. I found the encrypted .xls file in the self extracting .exe file (and found the pw).
2. Found the deleted .rtf file, and letter.
3. Found the active and deleted .gif in the unallocated.
4. I could not add the raw image into EnCase I had to convert it to an E01 file using FTK imager.

See how far you can get….

Andy

P.S. Anyone know of any others?

 
Posted : 15/01/2005 7:20 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

I love these (often not so) little challenges.

Have you tried any of the Honeynet ones?

http://www.honeynet.org/misc/chall.html

Cheers,

Jamie

 
Posted : 17/01/2005 1:40 pm
(@Anonymous)
Posts: 0
Guest
 

Hi andy & jamie,
I am sorry if I am talking too much… 😆
but don't you think that for Data Recovery and Data Forensics professional like us, it should be not more than an easy game…,

it is just a sector-by-sector image of a 1.44MB floppy disk to a file.
By pasting it sector-to-sector on any fresh floppy will display the contents of the floppy…, after that extracting the information is just fun…

Even, when I was Writing my book on Professional Data Recovery Programming titled, DATA RECOVERY WITH AND WITHOUT PROGRAMMING, I gave the SOURCE CODES of Both the Programs (i.e. Copying the sectors's data to file and pasting it back to floppy sectors) in Book as well as in Free CD with the book.

Even you can see these contents on my website link, http://www.DataDoctor.biz/author.htm

you'll find these topics in the 10th chapter of the book i.e. Data Recovery From Corrupted Floppy

However, it may be new for those, who know nothing about Data Recovery and its Programming etc.

Shouldn't we discuss some greater complications? 🙂
well…, Dont mind it was just for information,
For any Query or comments, please feel free to mail me,
Regards,

Tarun Tyagi
(Author: Data Recovery with and without Programming)
http://www.DataDoctor.biz

 
Posted : 21/01/2005 6:28 pm
 Andy
(@andy)
Posts: 357
Reputable Member
Topic starter
 

Hi Tarun, I’m sorry if you feel the post is a little childish, but it was really only meant to be a light hearted bit of fun. The web page I linked to is from the Champlain College Digital Forensics course: http://www.champlain.edu/majors/digitalforensics/

I don't want to have to defend every post I make; however I think the lecturer has posted the page for students to download the image and try some basic Forensic Computing. I think it is a good introduction to analysis of an image. Yes it’s basic but that’s the idea. I have taken the EnCE, which is very similar but obviously on a larger and more complex scale. Anyone thinking of taking the EnCE may wish to practice on this type of thing.

If you look at some posts on this site you will see a fair proportion of the members are not professional data recovery experts, some say they are students, network admins, law enforcement, private detectives, lawyers, lay persons, those with data loss problems, and those just plain interested in learning about computer forensics.

If you feel the topics are not academic or important enough perhaps you could start a post listing some issues you feel are more worthy, instead of telling everyone about your book at every opportunity. That's commonly known as 'spamming' 😉

Andy

P.S. If its that easy for you - tell us what the password is for the xls file? 🙂

 
Posted : 21/01/2005 6:49 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

Just to reiterate for the benefit of all members, Forensic Focus is aimed at both newcomers and experts alike. It's not always easy to get the right mix which pleases everyone but we all had to start somewhere, let's not forget that. In a field where our actions can have serious consequences for those involved I don't think there are ever any questions which shouldn't be asked (no matter how simple they may seem to others) or exercises which are too trivial (as long as they benefit someone.)

Climbing down off my high horse for a moment let me turn my attention to Tarun's book. I'm always keen to add new content to the site, a sample chapter might be nice…what do you say?

Cheers,

Jamie

 
Posted : 21/01/2005 7:57 pm
(@iscbaltazar)
Posts: 3
New Member
 

Hi Andy,well i was able to find everything, even do the picture came out a little bit unsaturated, but the names of the people in the picture came out perfect, i'm not sure if i can say the names but here are their initials and the numbers

73. L.C. , E. , L. and A.L. 1859

I used WinHex demo version to get all the information even without opening the files, until i got to the picture.

Have Fun

well i'll give the password and the hex offset
basselope (00055080)
🙂

 
Posted : 01/02/2005 4:51 am
 Andy
(@andy)
Posts: 357
Reputable Member
Topic starter
 

lol - nice one. 😀

 
Posted : 02/02/2005 12:55 am
(@Anonymous)
Posts: 0
Guest
 

Hi jamie

Thanks for your suggestion of Adding sample chepters on my Data Doctor India website from my data recovery programming book titled, DATA RECOVERY WITH & WITHOUT PROGRAMMING

I have added the sample chapters of my data recovery book on my website link http://www.datadoctor.biz/Data_Recovery_Programming_Book_Chapter3-Page1.html
more chapters are yet to come.
I hope it may be informative.

many thanks for your suggestions!
Regards

Tarun Tyagi
Data Doctor India Inc.
J-110, Patel Nagar - 1,
Ghaziabad (U.P.), India - 201001
Phone: (+91)9868337762, (+91)9350190934
email: tt@datadoctor.biz
http://www.datadoctor.biz

 
Posted : 04/04/2005 6:25 pm
neddy
(@neddy)
Posts: 182
Estimable Member
 

Can anyone recommend as good book on data recovery with or without programming?

 
Posted : 05/04/2005 9:35 am
 JayT
(@jayt)
Posts: 10
Active Member
 

Flanders, ive told you before about posting useless questions on here NOW GET BACK TO YUOR LEFTY SHOP AND STOP INTERFERING (Probably spelt wrong).
But ill answer you question first as your my neigbour. Have you heard of a book called 'Data Recovery With & Without Programming', hey maybe you could stock a lefty version 😆

 
Posted : 05/04/2005 9:39 am
Page 1 / 2
Share: