Added Kevin Nauer's forensics puzzles

This commit is contained in:
Daniel A. Quist 2009-10-15 11:54:29 -06:00
parent 08671f2b6e
commit 358145792c
13 changed files with 65 additions and 0 deletions

View File

@ -0,0 +1,13 @@
<HTML>
<HEAD>
<TITLE>Forensic 100</TITLE>
</HEAD>
<BODY>The FBI has asked for your team's assistance in conducting a forensic analysis of a seized hacker's drive.
The FBI tells you that the suspect is a known terrorist and may be using encryption on his disk.
They have put their best agent on the job, but he has been unsuccessful in mounting and analyzing the drive on
their forensic tool. Where do you tell Special Agent Dumas to begin looking to determine what type of filesystem
is being used and whether disk encryption may be employed?
<p>
Enter the key in all lower case letters
</BODY>
</HTML>

View File

@ -0,0 +1 @@
master boot record

View File

@ -0,0 +1,11 @@
<HTML>
<HEAD>
<TITLE>Forensic 150</TITLE>
</HEAD>
<BODY>Special Agent Dumas has looked for the structure you told him but can't find it. He thinks the
subject has taken evasive measures to hide the data on his drive. What signature should he look for to
identify the structure?
<p>
Enter the key as a set of hex characters. (E.g. 0xde 0xad 0xbe 0xef)
</BODY>
</HTML>

View File

@ -0,0 +1 @@
0x55 0xaa

View File

@ -0,0 +1,13 @@
<HTML>
<HEAD>
<TITLE>Forensic 200</TITLE>
</HEAD>
<BODY>Special Agent Dumas is still stumped. He has looked where you told him but is unable to decipher
what filesystem is on the disk. He has extracted the portion of the disk you pointed him to and has
<BR>
<P>
<a href="eff21d462a07b09b0cb34f9255baa768">eff21d462a07b09b0cb34f9255baa768</a>
<p>
Provide the answer in all capital letters
</BODY>
</HTML>

View File

@ -0,0 +1 @@
NTFS

View File

@ -0,0 +1,11 @@
<HTML>
<HEAD>
<TITLE>Forensic 300</TITLE>
</HEAD>
<BODY>
Special Agent Dumas really appreciates your team's assistance. If you can just tell him the cylinder:head:sector
of the partition you identified for him, he thinks he can get started in analyzing this disk.
<P>
<a href="eff21d462a07b09b0cb34f9255baa768">eff21d462a07b09b0cb34f9255baa768</a>
</BODY>
</HTML>

View File

@ -0,0 +1 @@
0:32:33

View File

@ -0,0 +1,12 @@
<HTML>
<HEAD>
<TITLE>Forensic 350</TITLE>
</HEAD>
<BODY>
Special Agent Dumas is really grateful you were able to provide him the Cylinder:Head:Sector of the partition
but he just realized that his forensic tool requires a LBA instead of C:H:S. Please give SA Dumas the
information he needs.
<P>
<a href="eff21d462a07b09b0cb34f9255baa768">eff21d462a07b09b0cb34f9255baa768</a>
</BODY>
</HTML>

View File

@ -0,0 +1 @@
2048