Practice

This section is devoted to online collections focusing on specialised DFIR challenges and scenarios designed to aid practitioners by putting their knowledge into practice.

Reading and learning about the many aspects of DFIR is very beneficial, however, it is even better to be able to effectively apply that knowledge in a real-life forensic setting. Hence, many organisations and individuals over the years have created intricate challenges to allow both newcomers and professionals to test their knowledge with mock scenarios of varying levels of complexity.

Some of these challenges will come in the form of a downloadable image file containing data, with a list of questions to answer about said data. Other challenges maybe network-oriented, such as Packet Capture (PCAP) files. It is highly recommended that readers take the time to work through some of these challenges, learn from them and post a write-up explaining the techniques used if possible. Do not be afraid to look for answers to aspects of the challenge you are not familiar with.

.

FORENSIC CHALLENGES

It would be far too tedious to list every forensic-oriented challenge available online, hence I have boiled this section down to three very helpful collections, each providing many resources and thus forming an excellent starting point.

.

Aman Hardikar created a very useful graphic showcasing a multitude of different challenges available in the areas of network forensics, host-based forensics and malware analysis:

http://www.amanhardikar.com/mindmaps/ForensicChallenges.html

.

Brett Shavers at DFIR Training has an excellent database of forensic test images and challenges which can be easily filtered and searched through:

https://www.dfir.training/resources/references/test-images-and-challenges/

.

ForensicFocus has a page dedicated to listing multiple forensic test images and exercises available online:

http://www.forensicfocus.com/images-and-challenges