The goal of this Digital Forensic Research Workshop challenge is to extract information from a memory dump.

Although the challenge is over, you can still do the challenge with the files posted on the website.

Primary questionsEdit

  • What hidden processes were running on the system, and how were they hidden?
  • What other evidence of the intrusion can be extracted from the memory dumps?
  • Why did "plist.exe" and "fport.exe" not work on the compromised system?
  • Was the intruder specifically seeking Professor Goatboy's research materials?
  • Did the intruder obtain the Professor's research?
  • What computer was the intrusion launched from?
  • Is there any indication of who the intruder might be?