Scenarios

Scenarios are collections of multiple disk images, memory dumps, network traffic, and/or data from portable devices. Currently, we have just a few scenarios, but we hope to create (or acquire) more.

  • 2019 Tuck – A scenario involving a person who tries to join a terrorist organization (needs to be written up)
  • 2019 Owl – In a jurisdiction where Owls are illegal to trade and buy, two users are discussing the illegal trade of owls.
  • 2019 Narcos – Due to intelligence provided by the Australian government, two passengers were intercepted by Customs upon arriving at Wellington, New Zealand from Brisbane. The Intel provided stated that Jane Esteban and John Fredricksen may be involved in illegal activity.
  • 2018 Lone Wolf Scenario – A scenario involving the seizure of the laptop of a fictional person planning a mass shooting. (*)
  • 2012 National gallery DC – a fictional attack on the National Gallery DC, foiled in 2012.
  • 2009 M57-Patents – A complex scenario involving multiple drives and actors set at a small company over the course of several weeks. (*)
  • 2008 Nitroba University Harassment Scenario – A fun-to-solve network forensics scenario. (*)
  • 2008 M57-Jean – A single disk scenario involving the exfiltration of corporate documents from an executive’s laptop.

You can also directly browse the scenarios on the web server at:

Solutions

Solutions are available for the the (*) indicated scenarios. Please note that solutions are only available to faculty at accredited institutions and to trainers within the US Government. Please do not ask us to make an exception in your case! Information on how to receive the solutions is on the solutions page.

Bibliography

Garfinkel, S., “Lessons Learned Writing Computer Forensics Tools and Managing a Large Digital Evidence Corpus”, DFRWS 2012, Aug. 6-8, 2012, Washington, DC.

Garfinkel, Farrell, Roussev and Dinolt, Bringing Science to Digital Forensics with Standardized Forensic Corpora, DFRWS 2009, Montreal, Canada. (slides) BEST PAPER AWARD. (Acceptance rate: 36%, 15/41)

Woods, Kam, Christoper Lee, Simson Garfinkel, Extending Digital Repository Architectures to Support Disk Image Preservation and Access, JCDL 2011, June 13-17, 2011, Ottawa, Canada. (Acceptance rate: 28%, 28/99 )

Woods, K., Christopher Lee, Simson Garfinkel, David Dittrich, Adam Russel, Kris Kearton, Creating Realistic Corpora for Forensic and Security Education, 2011 ADFSL Conference on Digital Forensics, Security and Law (Acceptance rate: 50%, 32/16)