SANS – APT Forensics Challenge

The 2010 Digital Forensics and Incident Response Summit’s focus this year is examining and advancing the digital forensic professional to deal with advanced threats such as the APT and organized crime.  Understanding how many of these crimes take place is crucial to creating lethal forensicators armed with the knowledge and skills to analyze complex cases.  I asked Jonathan Ham and Sherri Davidoff (who co-authored the sell-out Forensics 558: Network Forensics course and created many successful contests at – to create a contest based partially on how the APT might try and trigger a compromise to steal intellectual property via a targeted attack via spear phishing.

Jonathan and Sherri have created a contest that will challenge your skillset and help you see the types of attacks that could be infecting your networks today. Using published information based on the Aurora attacks they set out to recreate a sequence of events that demonstrate the challenge investigators will face when examining compromises of clicking on links via a targeted spear phishing attack.  This contest is a step in the right direction to help educate and challenge forensic professionals around the country. 

It also provides a good example of some of the discussions we will cover at the 2010 Forensic Summit: Malware analysis, Network Forensics, and the Advanced Persistent Threat.  Jonathan and Sherri will announce the winners at the Forensic Summit on July 8.  We hope you win the challenge and will attend the 2010 Forensic Summit, July 8, 9 in Washington D.C. ”

The contest itself is available over a the SANS Computer Forensics Blog.