DFRWS 2005 Forensic Challenge
http://www.dfrws.org/2005/challenge/
DFRWS 2005 Memory Analysis Challenge メモリデータの解析コンテスト。〜2005/8/1まで。
The primary questions to be answered are:
- What hidden processes were running on the system, and how were they hidden?
- What other evidence of the intrusion can be extracted from the memory dumps?
- Why did "plist.exe" and "fport.exe" not work on the compromised system?
- Was the intruder specifically seeking Professor Goatboy's research materials?
- Did the intruder obtain the Professor's research?
- What computer was the intrusion launched from?
- Is there any indication of who the intruder might be?
ざくっと見たらいきなりあやしい名前が見つかったりするけど引っ掛けか?
HoneynetのSCANより簡単な気がするのは真剣に見てないからかなぁ。ということでれっつちゃれんじ!