DC3 2009 Challenge
University of New Orleans
The 2009 DC3 Challenge (“The Challenge”) consisted of a hard drive image (“The Image”) and witness affidavit, search warrant, and analysis request (“The Documents”). The background information contained in The Documents painted a picture of a planned crime preempted by a tip off from a suspect’s girlfriend. The search warrant identifies The Image as coming from Blane Stallman’s computer. It requests an analysis of this image to locate evidence of the following crimes:
26 USC Sec. 5812 (possession of automatic weapons),
10 USC Chapter 161 – Property Records And Report Of Theft Or Loss Of Certain Property (Weapons)
42 U.S.C. 3713 Computer Crime Enforcement Act
40 USC Sec. 5104 Sec. 5104. Unlawful activities
10 USC Sec. 881 Sec. 881. Art. 81. Conspiracy
And all and any other offenses as may be discovered, including but not limited to any relevant Internet activity and/or communications the subject may have conducted prior to 20 February 2009.
Evidence Discrepancies & Notes
The documentation notes there were also five USB thumb drives seized as part of the search warrant, but this data was not provided to us.
When referring to the image file’s partitions, partition 1 is referred to as C, partition 2 as D, and partition 3 as E. C & D are FAT partitions, and E is NTFS as noted in the following table:
Offset Sector: 0
Units are in 512-byte sectors
Slot Start End Length Description C: 00:00 0000000063 0000433754 0000433692 DOS FAT16 (0x06) D: 01:00 0000433818 0003534299 0003100482 Win95 FAT32 (0x0B) E: 02:00 0003534363 0020000924 0016466562 NTFS (0x07)