Team NSSAL met Tuesday to digest the DC3 challenge packet for 2009. The 2008 challenge was a more structured series of well defined tasks split up into categories and difficulty levels; the 2009 challenge is set up to mimic a real investigation. We were provided with some documentation regarding seized evidence, and an affidavit submitted to obtain the warrant. The scenario centers around an individual purporting to be highly skilled at hiding his data so we are preparing to encounter all the techniques from last year’s challenge in the current one, but in a realistic application scenario. Thankfully we have a tool belt of tools we used (and some we built) from last year to meet the challenge head on.
I will not be blogging about any specifics of our findings while the challenge is going on, but do expect a full write up at the end. I did want to mention I will be using the early alpha builds of Black Friar in the course of the challenge. I have indexed the drive image we were provided with using Black Friar, and from some initial triage it looks to be working quite well. Expect specific details on how it performed in the challenge when the time comes.