The DC3 Digital Forensics Challenge

Did you know that you can win 11 possible prizes for helping digital forensics examiners solve real-world challenges and develop new investigative tools, techniques, and methodologies? Today marks the last 35 days available to submit your solutions for the 2010 Department of Defense Cyber Crime Center (DC3) Digital Forensics Challenge.

The DC3 Digital Forensics Challenge encourages innovation from a broad range of individuals, teams, and institutions to provide technical solutions for computer forensic examiners in the lab as well as in the field. Approximately 25 different challenges ranging from basic forensics to advanced tool development are being provided to all participants.

The challenges are single based challenges and are designed to be unique and separate from one another. Each challenge level establishes the total number of points available per challenge assigned based on its difficulty toward a solution (known to unknown). This is based on the complexity of what a digital forensics examiner normally runs into and has to adjust for/extract/scrutinize in an analysis of those file types for examination problems.

I recently had the opportunity to ask Jim Christy, DC3’s director of Future Exploration and creator of the Digital Forensics Challenge, a few key questions that will help you get to work on solving this year’s challenges.

Department of Defense Cyber Crime Center

Jim, why was this public cyber challenge created?

Due to the ever changing technology, we had real-world issues with some aspects of some of our forensic exams at our Defense Computer Forensics Lab (DCFL) and we didn’t have the research and development resources to address them. So we created a contest. And we received solutions that we didn’t previously have which helped solve real cases.

Have all parts of the challenge been solved, or are the teams being used to solve them?

Some we know how to do and some we don’t. This year, we have categorized them into 100, 200, 300,400, and 500 series challenges. The 100’s are very easy and the 400’s only very talented forensic examiners have the knowledge to solve. The 500 series, we don’t have solutions for and hope that someone will develop a new tool or process that will solve the problems for the community.

How is this information used to make forensic research better, and are these methods given back to the community?

We take the new solutions that we receive and they are tested and validated by our Defense Cyber Crime Institute. The results and the tools/processes are then posted on our Challenge website for the community. The contest also highlights areas where we need assistance. Someone may have a solution in hand already or take it on as an academic challenge to solve. Commercial companies may also focus on providing solutions. The more folks we have looking at the problems, the better the solutions and tools we’ll get

Why do contestants have to use full names, addresses, and phone numbers when signing up? What is done with that information? Do contestants get placed on a watch list?

No watch lists!!!! Depending on the category, the winners of the challenges could win trips to conferences, courseware, etc, worth significant money. We need to verify whether a person is a US citizen or international participant because that determines which category and therefore which prize package they are eligible to win. Plus, we interact with these folks during the contest.

What’s the difference between this year’s challenge issued by the Defense Department and the United Kingdom (UK) Cyber Challenge?

This year, we have teamed with the Cyber Security Challenge UK and many others in the digital forensics world. The top UK team in our Challenge then moves on to compete in additional security competitions created by the UK. Everyone competes on one set of forensic challenges and our sponsors provide prizes and other opportunities based on the particular category you are competing in. It doesn’t make sense to have multiple competing forensics challenges because developing, distributing, grading, and providing administrative management of a challenge is no small effort. Rather than everyone having to do that, DC3 creates one challenge with input from the community. Then, the sponsors give prizes based on the category in which the contestant is competing, such as:

US Overall winner (DC3)
US Government winner (EC-Council)
US Military winner (EC-Council)
US High school winner (SANS)
US Community College Winner (JHU/CW)
US Undergraduate winner (SANS)
US Post Graduate winner (SANS)

Non-US overall winner (IMPACT)
International Civilian winner (EC-Council)
International Commercial winner (EC-Council)
UK Winner (UK)

So you could actually win in multiple categories. And, since everyone is competing with the same challenge set, you can see how you compare to the rest of the digital forensic community.

How many more people are participating this year than last?

This year (so far), we have 967 teams participating. A team can be comprised of 1-4 team members.

– 586 US teams
– 381 International teams

The 967 participating teams have a total of 1,440 team members.

How many teams on average actually complete the challenge or some part of it?

We anticipate 50-100 teams will complete some or all of the challenge. We have 22 submissions so far already, and the deadline isn’t until 2 Nov 2010.

DC3 Digital Forensics Challenge

Sign up for Armed with Science email alerts!



This entry was posted in Cyber Security, Technology, Videos and tagged , , , . Bookmark the permalink.

4 Responses to The DC3 Digital Forensics Challenge

  1. Dear DC3:

    I am interested in forming a team myself. Where would I go to review the list of issues?

    Thank you for your time and attention. My contact information is:

    Jason K Jensen

    Jensen Investigations

    180 South 300 West, Suite 204

    Salt Lake City, Utah 84101


  2. Great video! Thank you for the information.

  3.  Excellent information.. which I believe will be very useful for me.