Added Kevin Nauer's forensics puzzles

2009-10-15 11:54:29 -06:00 · 2009-10-15 11:54:29 -06:00 · 358145792c
parent 08671f2b6e
commit 358145792c
13 changed files with 65 additions and 0 deletions
--- a/puzzles/forensics/forensic100/index.html
+++ b/puzzles/forensics/forensic100/index.html
@ -0,0 +1,13 @@
 <HTML>
 <HEAD>
 <TITLE>Forensic 100</TITLE>
 </HEAD>
 <BODY>The FBI has asked for your team's assistance in conducting a forensic analysis of a seized hacker's drive.
 The FBI tells you that the suspect is a known terrorist and may be using encryption on his disk.
 They have put their best agent on the job, but he has been unsuccessful in mounting and analyzing the drive on
 their forensic tool. Where do you tell Special Agent Dumas to begin looking to determine what type of filesystem
 is being used and whether disk encryption may be employed?
 <p>
 Enter the key in all lower case letters
 </BODY>
 </HTML>
--- a/puzzles/forensics/forensic100/key
+++ b/puzzles/forensics/forensic100/key
@ -0,0 +1 @@
 master boot record
--- a/puzzles/forensics/forensic150/index.html
+++ b/puzzles/forensics/forensic150/index.html
@ -0,0 +1,11 @@
 <HTML>
 <HEAD>
 <TITLE>Forensic 150</TITLE>
 </HEAD>
 <BODY>Special Agent Dumas has looked for the structure you told him but can't find it.  He thinks the
 subject has taken evasive measures to hide the data on his drive.  What signature should he look for to
 identify the structure?
 <p>
 Enter the key as a set of hex characters. (E.g. 0xde 0xad 0xbe 0xef)
 </BODY>
 </HTML>
--- a/puzzles/forensics/forensic150/key
+++ b/puzzles/forensics/forensic150/key
@ -0,0 +1 @@
 0x55 0xaa
--- a/puzzles/forensics/forensic200/eff21d462a07b09b0cb34f9255baa768
+++ b/puzzles/forensics/forensic200/eff21d462a07b09b0cb34f9255baa768
--- a/puzzles/forensics/forensic200/index.html
+++ b/puzzles/forensics/forensic200/index.html
@ -0,0 +1,13 @@
 <HTML>
 <HEAD>
 <TITLE>Forensic 200</TITLE>
 </HEAD>
 <BODY>Special Agent Dumas is still stumped.  He has looked where you told him but is unable to decipher
 what filesystem is on the disk.  He has extracted the portion of the disk you pointed him to and has
 <BR>
 <P>
 <a href="eff21d462a07b09b0cb34f9255baa768">eff21d462a07b09b0cb34f9255baa768</a>
 <p>
 Provide the answer in all capital letters
 </BODY>
 </HTML>
--- a/puzzles/forensics/forensic200/key.txt
+++ b/puzzles/forensics/forensic200/key.txt
@ -0,0 +1 @@
 NTFS
--- a/puzzles/forensics/forensic300/eff21d462a07b09b0cb34f9255baa768
+++ b/puzzles/forensics/forensic300/eff21d462a07b09b0cb34f9255baa768
--- a/puzzles/forensics/forensic300/index.html
+++ b/puzzles/forensics/forensic300/index.html
@ -0,0 +1,11 @@
 <HTML>
 <HEAD>
 <TITLE>Forensic 300</TITLE>
 </HEAD>
 <BODY>
 Special Agent Dumas really appreciates your team's assistance.  If you can just tell him the cylinder:head:sector
 of the partition you identified for him, he thinks he can get started in analyzing this disk.
 <P>
 <a href="eff21d462a07b09b0cb34f9255baa768">eff21d462a07b09b0cb34f9255baa768</a>
 </BODY>
 </HTML>
--- a/puzzles/forensics/forensic300/key
+++ b/puzzles/forensics/forensic300/key
@ -0,0 +1 @@
 0:32:33
--- a/puzzles/forensics/forensic350/eff21d462a07b09b0cb34f9255baa768
+++ b/puzzles/forensics/forensic350/eff21d462a07b09b0cb34f9255baa768
--- a/puzzles/forensics/forensic350/index.html
+++ b/puzzles/forensics/forensic350/index.html
@ -0,0 +1,12 @@
 <HTML>
 <HEAD>
 <TITLE>Forensic 350</TITLE>
 </HEAD>
 <BODY>
 Special Agent Dumas is really grateful you were able to provide him the Cylinder:Head:Sector of the partition
 but he just realized that his forensic tool requires a LBA instead of C:H:S.  Please give SA Dumas the
 information he needs.
 <P>
 <a href="eff21d462a07b09b0cb34f9255baa768">eff21d462a07b09b0cb34f9255baa768</a>
 </BODY>
 </HTML>
--- a/puzzles/forensics/forensic350/key
+++ b/puzzles/forensics/forensic350/key
@ -0,0 +1 @@
 2048