Jump to content

Network Forensics Puzzle Contest


digip
 Share

Recommended Posts

Its not held by ISC, but there is a pcap file, instructions and an email address to send your entries to.

I believe I have all the answers and already sent my entry in.

See here to enter: http://isc.sans.org/diary.html?storyid=6997

You are the forensic investigator. Your mission is to figure out who Ann was IM-ing, what she sent, and recover evidence including:

1. What is the name of Ann's IM buddy?

2. What was the first comment in the captured IM conversation?

3. What is the name of the file Ann transferred?

4. What is the magic number of the file you want to extract (first four bytes)?

5. What was the MD5sum of the file?

6. What is the secret recipe?

Here is your evidence file:

http://jhamcorp.com/contest_01/evidence.pcap

MD5 (evidence.pcap) = d187d77e18c84f6d72f5845edca833f5

Email submissions to contest@jhamcorp.com. Deadline for submissions is 9/10.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...