A: The final challenge submission should be a PDF document that includes: 1) the evidence you found, 2) the tools you used to find the evidence, 3) time line of events and 4) your conclusions.
A: There is no correct format for the challenge submission, only that the main report should be a 5- page (max) PDF document with evidence included as separate appendix or files. You may look at last year's winners as examples
A. The network captures are stored PCAP format, and can be opened with programs such as Wireshark (www.wireshark.org), or other network analysis tools.
A. The file is a VMWare (www.vmware.com) image of the machine, a virtual machine. You can access the virtual machine by opening the "jmusic.vmx" file using one of the free software products from VMWware (either Player or Server), or the licensed Workstation product (any versions greater than 5). You can also use the free 30-day trial version of VMWare Workstation (6.5).
A. No. You may also take advantage of the snapshot feature with the virtual machine.
A. Yes, the virtual machine is functionally a ceased computer. You may turn it on and even login for your investigation, but you should take care in doing so.
A: Yes, you will find other information online, but will not need to login to any non-ISIS computers to access that information. If you have any questions about if a machine is within gameplay, or what access is allowed, you may request a "Warrant" from "Judge C. Saw" by e-mailing email@example.com.
A: You may use anything you want locally, but you may *NOT* use any automated tools (brutus, nessus, nikto, etc) on *ANY* online resource. The challenges are designed such that you can gain access by careful investigation and use of information gathered from your investigation.
A. Students who have an interest in math, science, computer science and technology are ideal candidates for this competition. Each team must have a mentor who is a teacher at their high school.
A. Team members should be comfortable with a variety of forensics topics, including traditional log and file analysis, rootkit detection and analysis, botnet detection and analysis, live system forensics, steganography and file carving. The challenge is designed to escalate in difficulty as students move through it.
A. At the beginning of the challenge, teams will be given a disk image as well as other evidence collected by the fictitious ISIS Police investigating a fake murder case. As teams make progress in unraveling the forensic evidence, they will discover clues about what happened. The clues will reveal evidence both within the disk image and online. Finalists will use their evidence to compete in the final stage of the forensics challenge on the School of Engineering's campus before the awards ceremony. Teams will not be responsible for chain-of-custody and other legal aspects of the investigations.
A. Each team's teacher/mentor will be contacted by the YES Center and provided with all necessary information.
A. All additional questions and concerns pertaining to the competition should be sent here.