Open to: High school teams located in the U.S.
Webinar: Monday, September 19th - 3PM EST (SECOND DATE)
Challenge begins: Wednesday, September 21st
Registration deadline: Monday, October 3rd at 5:00 p.m.
Challenge submission deadline: Monday, October 24th at 5:00 p.m.
Finalists announced: Friday, October 28th
Finals in NYC: Thursday, November 10th thru Friday, November 11th
Challenge captain: Joel Fernandez
Questions: Read the Frequently Asked Questions
For new undergraduate and graduate students: scholarships can only be used at the School of Engineering and for tuition purposes only, and when combined with other Poly grants and/or scholarships cannot exceed cost of tuition.
For current Poly undergraduates: The CSAW scholarship for continuing Poly undergraduates when combined with other Poly grants and/or scholarships cannot exceed $20,000 tuition costs per year.
A: The final challenge submission should be a PDF document that includes: 1) the evidence you found, 2) the tools you used to find the evidence, 3) time line of events and 4) your conclusions.
A: There is no correct format for the challenge submission, only that the main report should be a 5- page (max) PDF document with evidence included as separate appendix or files. You may look at last year's winners as examples
A. The network captures are stored PCAP format, and can be opened with programs such as Wireshark (www.wireshark.org), or other network analysis tools.
A. The file is a VMWare (www.vmware.com) image of the machine, a virtual machine. You can access the virtual machine by opening the "jmusic.vmx" file using one of the free software products from VMWware (either Player or Server), or the licensed Workstation product (any versions greater than 5). You can also use the free 30-day trial version of VMWare Workstation (6.5).
A. No. You may also take advantage of the snapshot feature with the virtual machine.
A. Yes, the virtual machine is functionally a ceased computer. You may turn it on and even login for your investigation, but you should take care in doing so.
A: Yes, you will find other information online, but will not need to login to any non-ISIS computers to access that information. If you have any questions about if a machine is within gameplay, or what access is allowed, you may request a "Warrant" from "Judge C. Saw" by e-mailing email@example.com.
A: You may use anything you want locally, but you may *NOT* use any automated tools (brutus, nessus, nikto, etc) on *ANY* online resource. The challenges are designed such that you can gain access by careful investigation and use of information gathered from your investigation.
A. Students who have an interest in math, science, computer science and technology are ideal candidates for this competition. Each team must have a mentor who is a teacher at their high school.
A. Team members should be comfortable with a variety of forensics topics, including traditional log and file analysis, rootkit detection and analysis, botnet detection and analysis, live system forensics, steganography and file carving. The challenge is designed to escalate in difficulty as students move through it.
A. At the beginning of the challenge, teams will be given a disk image as well as other evidence collected by the fictitious ISIS Police investigating a fake murder case. As teams make progress in unraveling the forensic evidence, they will discover clues about what happened. The clues will reveal evidence both within the disk image and online. Finalists will use their evidence to compete in the final stage of the forensics challenge on the School of Engineering's campus before the awards ceremony. Teams will not be responsible for chain-of-custody and other legal aspects of the investigations.
A. Each team's teacher/mentor will be contacted by the YES Center and provided with all necessary information.
A. All additional questions and concerns pertaining to the competition should be sent here.
A. Various tools and resources exist online. Here are a few: