Last Updated:
12/31/01
Brian's Honeynet Forensic Challenge entry (Jan/Feb 2001)
In January 2001, The Honeynet Project announced the Forensic Challenge. This contest offered an opportunity for security incident handlers to work on disk images from a compromised Linux system. The compromise occurred 'in the wild', so the data represented real world conditions.
Provided with only a network Intrusion Detection alert (from SNORT), and the disk images, the contestants were challenged to "figure out the Who, What, Where, When, How, and maybe even the Why of this compromise".
The contest submission deadline was Feb. 19th, 2001 and the winners, analysis and all submissions will be available on the Honeynet pages after March 19th.
Since the contest deadline has past, here's a sneak peek at my submission:
- Index of files/directories submitted
- Management and media (non-technical) summary
- Advisory for administrators and incident handlers
- Time line and detailed (technical) analysis
- Incident cost-estimate
- MD5 checksums of all files submitted
- files.tar.bz2 supporting files (see honeynet.org)
- Errata and Clarifications