If you've been in the information security field for more than six months, then you know it's vital to stay on top of the latest threats, tools, and news to be effective at your job. That's why many of us love the field so much--it's always changing. And it challenges us.

John H. Sawyer, Contributing Writer, Dark Reading

March 11, 2010

2 Min Read

If you've been in the information security field for more than six months, then you know it's vital to stay on top of the latest threats, tools, and news to be effective at your job. That's why many of us love the field so much--it's always changing. And it challenges us.Part of the challenge is keeping our skills honed, even when certain skills aren't ones we use on a daily basis. A good example is incident response and forensics. For some, that's a daily task, but for others, we could go a month or two, maybe longer, before we have to dust off our copy of the Sleuthkit or EnCase to perform forensics on a hacked system. For situations like this, it's important we're ready when duty calls.

There have been a few different forensic challenges posted during the years. The best were from the Honeynet Project, which was very consistent with good challenges and excellent write-ups. The updates stopped for a couple of years, but have been recently resurrected with new challenges posted during January and February.

The previous Honeynet challenges contained more disk- and file-based forensic analysis, including things like real hacked systems and fictitious stories with accompanying files needing analysis. The newer challenges are more network-based, looking at traffic to determine what has happened to the particular systems under attack. The current challenge is relevant to the attacks we currently face because it includes a network capture of a client-side attack against a Web browser.

One of my new favorite sources of forensic-related challenges are from the Network Forensics Puzzles Contest site. The challenges are written by Jonathan Ham and Sherri Davidoff. There have been four puzzles posted since August 2009, and the current one is still accepting submissions for another week. Not only are the challenges fun and interesting, they also promote the sharing of information and creation of tools to be shared with the community.

Both sites are excellent learning opportunities because they keep the challenges up along with top write-ups submitted, and as an added bonus, the Network Puzzles site hosts the tools created during the solving of the challenges. I highly recommend you run through the challenges if you're involved in any type of incident response and forensics. The challenges are pretty consistent with incidents we're currently seeing, and they help get you in the investigative mindset.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

About the Author(s)

John H. Sawyer

Contributing Writer, Dark Reading

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights