Scenarios
Scenarios are collections of multiple disk images, memory dumps, network traffic, and/or data from portable devices. Currently we have just a few scenarios, but we hope to create (or acquire) more.
- 2008 M57-Jean – A single disk scenario involving the exfiltration of corporate documents from an executive’s laptop.
- 2008 Nitroba University Harassment Scenario – A fun-to-solve network forensics scenario. (*)
- 2009 M57-Patents – A complex scenario involving multiple drives and actors set at a small company over the course of several weeks. (*)
- 2012 National gallery DC – a fictional attack on the National Gallery DC, foiled in 2012.
- 2018 Lone Wolf Scenario – A scenario involving the seizure of the laptop of a fictional person planning a mass shooting. (*)
You can also directly browse the scenarios on the web server at:
Solutions
Solutions are available for the the (*) indicated scenarios. Please note that solutions are only available to faculty at accredited institutions and to trainers within the US Government. Please do not ask us to make an exception in your case! Information on how to receive the solutions is on the solutions page.
Bibliography
Garfinkel, S., “Lessons Learned Writing Computer Forensics Tools and Managing a Large Digital Evidence Corpus”, DFRWS 2012, Aug. 6-8, 2012, Washington, DC.
Garfinkel, Farrell, Roussev and Dinolt, Bringing Science to Digital Forensics with Standardized Forensic Corpora, DFRWS 2009, Montreal, Canada. (slides) BEST PAPER AWARD. (Acceptance rate: 36%, 15/41)
Woods, Kam, Christoper Lee, Simson Garfinkel, Extending Digital Repository Architectures to Support Disk Image Preservation and Access, JCDL 2011, June 13-17, 2011, Ottawa, Canada. (Acceptance rate: 28%, 28/99 )
Woods, K., Christopher Lee, Simson Garfinkel, David Dittrich, Adam Russel, Kris Kearton, Creating Realistic Corpora for Forensic and Security Education, 2011 ADFSL Conference on Digital Forensics, Security and Law (Acceptance rate: 50%, 32/16)