CIRCL Forensics Exercises

CIRCL Forensics Exercises are little challenges developed for and during the CIRCL Forensics Trainings, and for workshops or presentations. Usually you will find a PDF with the slides and the solution inline, next to a disk image with the challenge itself.

  • Wiped Disk Image:
    Recovering data from a wiped disk sounds impossible. But wiping a ‘big’ disk would take time. If the adversary is not patient and interrupts the wiping process after some limited time, there is a good chance to recover some plain data, or even complete file system structures and/or partitions. Goal of this exercise is, to recover data from a partially wiped disk image.
    This is a manual approach, to learn how to analyze data on byte level.
  • To be continued

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.