Scenarios are collections of multiple disk images, memory dumps, network traffic, and/or data from portable devices. Currently we have just a few scenarios, but we hope to create (or acquire) more.
- M57-Jean – A single disk scenario involving the exfiltration of corporate documents from an executive’s laptop.
- Nitroba University Harassment Scenario – A fun-to-solve network forensics scenario.
- M57-Patents – A complex scenario involving multiple drives and actors set at a small company over the course of several weeks.
Solutions are available for some of these problems. Unfortunately, solutions are only available to faculty at accredited institutions and to trainers within the US Government. Please do not ask us to make an exception in your case! Information on how to receive the solutions is on the solutions page.
Garfinkel, S., “Lessons Learned Writing Computer Forensics Tools and Managing a Large Digital Evidence Corpus”, DFRWS 2012, Aug. 6-8, 2012, Washington, DC.
Garfinkel, Farrell, Roussev and Dinolt, Bringing Science to Digital Forensics with Standardized Forensic Corpora, DFRWS 2009, Montreal, Canada. (slides) BEST PAPER AWARD. (Acceptance rate: 36%, 15/41)
Woods, Kam, Christoper Lee, Simson Garfinkel, Extending Digital Repository Architectures to Support Disk Image Preservation and Access, JCDL 2011, June 13-17, 2011, Ottawa, Canada. (Acceptance rate: 28%, 28/99 )
Woods, K., Christopher Lee, Simson Garfinkel, David Dittrich, Adam Russel, Kris Kearton, Creating Realistic Corpora for Forensic and Security Education, 2011 ADFSL Conference on Digital Forensics, Security and Law (Acceptance rate: 50%, 32/16)