2009-M57-Patents
The 2009-M57-Patents scenario tracks the first four weeks of corporate history of the M57 Patents company. The company started operation on Friday, November 13th, 2009, and ceased operation on Saturday, December 12, 2009. As might be imagined in the business of outsourced patent searching, lots of other activities were going on at M57-Patents.
Two ways of working the scenario are as a disk forensics exercise (students are provided with disk images of all the systems as they were on the last day) and as a network forensics exercise (students are provided with all of the packets in and out of the corporate network). The scenario data can also be used to support computer forensics research, as the hard drive of each computer and each computer’s memory were imaged every day.
All of the materials below can be found at http://downloads.digitalcorpora.org/corpora/scenarios/2009-m57-patents/
Instructor Materials and Answer Keys (encrypted):
Exercise slides:
Detective reports, warrant and affidavit:
- detectivereport1.doc
- detectivereport1.pdf
- detectivereport2.doc
- detectivereport2.pdf
- detectivereport3.doc
- detectivereport3.pdf
- detectivereport4.doc
- detectivereport4.pdf
- m57-affidavit-warrant-final.doc
- m57-affidavit-warrant-final.pdf
Individual items from the corpus organized by calendar date as they were produced during the scenario can also be found here:
Notes:
- Friday, 13 November has no images, because the scenario did not officially start until the following Monday (16 November). Your data may contain drive images from Thursday, 12 November. These are for reference (e.g. prior to any employee activity).
- Friday, 20 December has images for two separate drives for Jo and Terry. See the scenario information for that date. The “Police Evidence” torrents contain only the second drive image.
Finally, we have made available some files resulting from processing the corpus with our other research tools:
We have prepared a variety of supporting materials for this scenario, including sample exercises, instructor slides, simulated detective reports and associated warrant, and encrypted scenario guides, hash tables, and answer keys for instructors. The solution is distributed as an encrypted PDF file.
Please see our note on obtaining solutions.
Hi, could you tell me the physical link speed of the network pcap files you shared? especially in day11-14.dmp.zip? Thank you!
I believe it was 1gbit/sec. Why?
I’m trying to follow the links to download the torrents and they’re redirecting to an auth page. I have no credentials for this site–how do I get access?
@S. Widup
The torrent links to Terasaur (formerly torrents.ibiblio) have been updated, and should now work without a problem. Note that the first link goes to the main listing of *all* the torrents (which are spread across two pages at Terasaur). Let us know if you have any further issues.
The links have been fixed.
Dear Prof. Garfinkel,
I am a PhD student at the Information Security Institute currently writing my dissertation. My research explores the use of metadata based correlations for digital forensics. Recently I managed to download your “M57 patents” scenario for validating some of my research. I would be much obliged if I could be provided with the answer keys for this scenario to verify my findings.
Many thanks and regards
Sriram
It’s only available to faculty at accredited institutions. Please have your adviser contact me.
Hi can you please provide me the password for the below
m57-instructor-packet.pdf
hash-sets.zip
scenario-emails.zip
It’s only available to faculty at accredited institutions. Are you a faculty member?
Also looking for the passwords for:
m57-instructor-packet.pdf
hash-sets.zip
scenario-emails.zip
Thanks
I am trying to use this link for class with the lab manual for guide to computer forensics and investigations by Andrew Blitz and it is not working
I am using Cengage and Mindtap in a class I teach on Computer Forensics. Can I please get the passwords for the Instructor Materials. The Cengage book I am using “Guide to Computer Forensics and Investigations provides this link as a place to get more information.
Hello. I’m very new to the field of digital forensics. I found this website because it was referred to in a research article that I am currently critiquing. The researchers used this scenario as one of their data sets in an attempt to differentiate multiple users on a single computer by their internet activity.
My question is are these data sets artificially made or do they come from a real life situation?
@Matthew
Matthew, It’s a case about someone using a computer to conduct the exploitation of cats. I doubt this is an actual real case.