Congratulations to all of our rock star investigators who solved the Network Forensics Puzzle Contest! We received over 100 submissions, many of which were truly excellent. Figuring out a winner was challenging, but in the end, one submission stood out over all.
We asked you for the most elegant solution. It was possible to solve the puzzle with common tools such as Wireshark, and many people did. However, modern investigations often involve many gigabytes– if not terabytes– of packet data. In the real world, pointing and clicking doesn’t scale. Moreover, when you’re working with large amounts of data, processing time is extremely valuable. Small, fast tools are key.
What we considered “elegant” was the construction of some automated process for solving the puzzle which was easy to use, easy to understand, very portable, and would easily be able to scale to much larger and more difficult problems.
Five people were named Semifinalists because they created an automated process (ie scripting) to facilitate future investigations. Seven Finalists took this to a level beyond and created novel solutions involving considerable amounts of scripting. Please take a look at each of their solutions as WE learned something from every one.
The winner got fame, glory, and a free SANS On-Demand class (worth up to $3500), and the finalists each receive a Fiendish Japanese Pocket Puzzle from Thinkgeek.
We’ve created a dedicated web site, forensicscontest.com, with the solutions and winner. Check it out for the full solutions and names:
Be sure to subscribe to the RSS feed. We’ll be posting more contests soon!
|PGP-signed text: 2009-09-25 (current)|