Jun 2, 2011

Digital Forensics Debut: Honeynet Challenge 7

In case you didn't already know, I recently developed interest in Digital Forensics witch is a branch of Computer Science that deals with recovering and/or analyzing data from media devices like hard drives and RAM, usually in an attempt to determine the how and the why of computer related attacks on individuals and businesses (Thanks Wikipedia...).I am fairly new to the topic and before December, I am supposed to master the subject contents (My degree thesis is on Linux Forensics- I will probably talk more about it some other time).

To have a better feeling of the field and get some hands-on experience, I joined the Computer Forensics Group at JMU. As beginners, we participated in the Honeynet Challenge No 7 (see http://www.honeynet.org/challenges/2011_7_compromised_server), which provided us with an image of the hard drive and the RAM of a compromised Linux machine and we had to figure out what happened.

The group spent a few days on it using open source tools like Autopsy for file system browsing, the beta version of Volatility 1.4 and Volatilitux. Though we were not among the winners, we were half a point shy of a 4-way tie for 3rd place (i.e. 6th out of 16 participants). That's pretty good for beginners :D.

Hopefully, we will do better the next time. Oh and yeah, the group next project involves Facebook and is very interesting :).

P.S: You can get a copy of our submission upon request.

No comments:

Post a Comment

Search This Blog