There have been a few different forensic challenges posted during the years. The best were from the Honeynet Project, which was very consistent with good challenges and excellent write-ups. The updates stopped for a couple of years, but have been recently resurrected with new challenges posted during January and February.
The previous Honeynet challenges contained more disk- and file-based forensic analysis, including things like real hacked systems and fictitious stories with accompanying files needing analysis. The newer challenges are more network-based, looking at traffic to determine what has happened to the particular systems under attack. The current challenge is relevant to the attacks we currently face because it includes a network capture of a client-side attack against a Web browser.
One of my new favorite sources of forensic-related challenges are from the Network Forensics Puzzles Contest site. The challenges are written by Jonathan Ham and Sherri Davidoff. There have been four puzzles posted since August 2009, and the current one is still accepting submissions for another week. Not only are the challenges fun and interesting, they also promote the sharing of information and creation of tools to be shared with the community.
Both sites are excellent learning opportunities because they keep the challenges up along with top write-ups submitted, and as an added bonus, the Network Puzzles site hosts the tools created during the solving of the challenges. I highly recommend you run through the challenges if you're involved in any type of incident response and forensics. The challenges are pretty consistent with incidents we're currently seeing, and they help get you in the investigative mindset.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.