Digital Forensics Challenge Treasure Hunt - Round 4

The fourth round of the Digital Forensics Challenge is now available! This challenge, written by the DC3 Challenge Team, requires participants to analyze a series of files (contained in a ZIP file) to answer questions. To participate, click the Question Engine link to the left, register, and make sure you enroll in the Digital Forensics Challenge Treasure Hunt - Round 4 quiz. If you don't close your browser between registering and clicking the link in the confirmation e-mail, it should remember which course you are enrolling in.

The Department of Defense Cyber Crime Center (DC3) has received a request for a digital forensics exam from a Defense Criminal Investigative Organization. After the SUBJECT of the investigation seized laptop was imaged, its hard drive is reviewed by a DCFL (Defense Computer Forensics Lab) computer forensic examiner. The examiner identifies a set of 13 files that have been marked as suspicious in a single directory.

With your knowledge and skills, the examiner has provided you with a copy of the 13 suspicious files and asked you to identify the file signatures for each file. In addition, the agent that submitted the case has several questions they want answered for their report and to increase their general knowledge.

Click here to download the ZIP file containing the files to analyze.
SHA1: 18b4055f7119bd17dac61d2c755db68ca0aebbee

Sponsored by the DC3 Digital Forensics Challenge.
Sign up now for the 2010 DC3 Digital Forensic Challenge at for more digital forensics challenges!
Privacy Policy