A woman (Betty) has been murdered. The murder was called in by Betty’s husband (Simon), who claims to have been at home at the time. Additional case details can be found here. Your job is to analyze these artifacts for forensically interesting information.
Time Zone: UTC+9
This Challenge aspires to motivate new approaches to forensic analysis and has four levels of participation:
- Evaluating and Expressing Conclusions: Assigning the probability of the results given two competing propositions (e.g. The husband killed the wife, some unknown person did).
- Device Level Analysis: Developing methods and tools to forensically process digital traces generated by IoT devices, including on mobile devices.
- Network and Cloud Level Analysis: Developing methods and tools to forensically process digital traces generated by IoT devices on networks and cloud systems.
- Correlation and Analysis: Developing methods and supporting tools that combine information from various data sources and automatically compute, visualize, or otherwise expose patterns of potential interest.
Responders acquired the following data:
| Device | SHA1 |
|---|---|
| Smart TV Rasberry Pi | 9ac0de76eca7958bfed1bd5909bbf766409af180 |
| Samsung Note 2 (Betty) | cd494cf3097d8482100ce26dc8e35f0d87b67198 |
| Samsung Note 2 (Simon) | fc28e415ee740531df86a2b227c4f514e9ed40ba |
| Google OnHub Diagnostic report | 20eb4825eaf6c303beadd090868110fb2de37066 |
| Amazon Echo Cloud Data | d1d126f47b565926dcc80fe6a4e7094f0281cb47 |
| MDS (Acme, Inc.) Smarthome Network Dump | 6ab6c522b070cde292a18645a19929998e009293 |
- Contestants may enter individually, or as a team, with no restrictions.
- Source code must be openly available under a free software license, such as those listed at http://www.gnu.org/licenses/license-list.html. The author(s) retain rights to the source code.
- Tools may incorporate third-party free software, as long as it is compatible with your license and is included with your submission. However, submissions will be judged on the contribution your own work brings to the challenge.
- Submissions must include clear instructions for building tool(s) from source code along with all relevant dependencies.
- DFRWS will publish the results of the Challenge, both in detailed and summary form, along with the methodology used and the source of the specific version of each tool.
The DFRWS would like to thank the Digital Forensic Investigation Research Laboratory at Hallym University for the implementation of this Forensic Challenge. In particular, Joshua James implemented the challenge scenario in coordination with the DFRWS.