DFWS 2005 Forensic Challenge

The goal of this Digital Forensic Research Workshop challenge is to extract information from a memory dump.

Although the challenge is over, you can still do the challenge with the files posted on the website.

Primary questions

 * What hidden processes were running on the system, and how were they hidden?
 * What other evidence of the intrusion can be extracted from the memory dumps?
 * Why did "plist.exe" and "fport.exe" not work on the compromised system?
 * Was the intruder specifically seeking Professor Goatboy's research materials?
 * Did the intruder obtain the Professor's research?
 * What computer was the intrusion launched from?
 * Is there any indication of who the intruder might be?