Sherri Davidoff, Eric Fulton, and Jonathan Ham, authors of the sell-out SANS Forensics 558: Network Forensics class, structured the contest partially around the APT, and how it might be used to steal intellectual property with a targeted attack, via spear phishing.
"Using published information based on the Aurora attacks, Sherri, Eric, and Jonathan set out to recreate a sequence of events that demonstrate the challenge investigators will face," said Rob Lee, program chair at this year's Summit held in D.C., where the winners will be announced on July 8, 2010. "This contest is a step in the right direction to help educate and challenge forensic professionals around the country."
Understanding how many of these crimes take place is crucial to creating effective forensicators armed with the knowledge and skills to analyze complex cases, added Lee.
The mission of the contest is to analyze the packet capture containing an exploit, build a timeline, and submit the evidence. The submission deadline is June 27, 2010. The most elegant solution wins, but in the event of a tie, the entry submitted first will receive a prize. Each of the top three teams will be awarded one of the following three prizes; Two Lenovo Ideapad configured netbooks, free passes to the 2011 Incident Response and Forensics Summit, or one iPad 3G sponsored by NetWitness.
The challenge will be highlighted at the 2010 What Works in Digital Forensics and Incident Response Summit. For more information on the 2010 Summit's agenda, please visit http://www.sans.org/forensics-incident-response-summit-2010. For more information on the contest rules and questions, please visit http://computer-forensics.sans.org/challenges/.