Department of Defense Cyber Crime Center
Encyclopedia
The Department of Defense Cyber Crime Center (DC3) is an United States
Department of Defense
agency that provides digital forensics
support to the DoD and to other law enforcement agencies. DC3's main focus is in criminal, counterintelligence, counterterrorism, and fraud investigations from the Defense Criminal Investigative Organizations (DCIOs), DoD counterintelligence groups, and various Inspector General
groups. The Air Force Office of Special Investigations
is the executive agent of DC3.
in 1998. DC3 was constructed in October 2001 to house both DCFL and DCITA, and to support the creation of the Defense Cyber Crime Institute (DCCI).
Mission Statement:
To deliver superior digital forensics and multimedia lab services, training, research, development, testing and evaluation capabilities supporting cyber counterintelligence and counterterrorism, criminal investigations, intrusion forensics, and information operations for the Department of Defense.
Vision Statement:
Dominate mission space with technical innovation and standards for DoD digital forensics while delivering superior digital forensics capabilities to DoD criminal investigative, counterintelligence, counterterrorism, intelligence, safety, information assurance, and critical infrastructure protection communities. Develop a reputation for collaboration and excellence that will gain partners from U.S. federal agencies, international allies, academia and private professional organizations.
The laboratory provides forensics services to the Defense Criminal Investigative Organizations (DCIOs), and other partners, to analyze and report on digital media seized in investigations. The lab handles a variety of cases including:
Major Crimes and Safety
The Major Crimes and Safety Section performs forensic exams that involve cyber crimes and fraud committed against people and property.
Counterintelligence/Counterterrorism
The Counterintelligence/Counterterrorism Section specializes in cases that involve security violations, laptop loss on control investigations, espionage, steganography, classified information and support for the war on terrorism.
Intrusions and Information Assurance
The Intrusions and Information Assurance section performs forensic exams on computers involved in "hacker: investigations and provides case agents with relevant leads to identify intruder, tradecraft and damage.
Imaging and Extraction
The Imaging & Extraction section performs forensic imaging (copying) on all original types of electronic media. This includes hard drives, floppy diskettes, CD, PDA, mobile phones, GPS, and all tape formats. They also have the capabilities to repair hard drives, and in some cases repair mutilated diskettes.
Audio/Video Enhancement
The Audio/Video Enhancement section performs A/V forensics support for DoD Law Enforcement and the DoD Safety Community that investigates mishaps and accidents.
During its 2007 fiscal year, the lab processed 758 cases, resulting in over 171 terabytes of examined media.
DCITA is nationally accredited by the Council on Occupational Education
, and features multiple courses accredited by the American Council on Education
, allowing them to be eligible for college credits. Due to its accreditation, the Academy changed its name on 1 October 2006 from its previous name of the Defense Computer Investigations Training Program (DCITP).
DCITA provides 25 courses that cover every aspect of cyber investigations. Topics include: incident response, Windows-based forensics, and network intrusions in Windows, Linux, and Solaris Unix environments. Niche topics are also provided for undercover Internet investigations, Macintosh forensic recovery, log analysis, large data set acquisition, and network exploitation.
Types of Training
Certification Program
DCITA offers the following three levels of certification:
Certified Digital Media Collector
Personnel who are the first to respond, secure, preserve, and/or collect digital evidence at crime scenes. Requirements include successful completion or test-out for both the Introduction to Networks and Computer Hardware and the Computer Incident Responders Course. To maintain certification, every two years personnel must conduct at least three acquisitions of digital media or information and attend a minimum of 40 hours of approved continuing education training.
Certified Digital Forensic Examiner
Personnel for whom examination or analysis of digital media are major components of their routine duties. Requirements include successful completion or test-out for the Introduction to Networks and Computer Hardware, the Computer Incident Responders Course, and Windows Forensic Examinations. To maintain certification, every two years personnel must conduct at least three examinations of digital media or information and attend a minimum of 40 hours of DCITA-approved continuing education training.
Certified Computer Crime Investigator
Credentialed law enforcement/counterintelligence personnel who investigate all elements of computer crime to include the examination and analysis of digital evidence. Personnel must also be graduates of a DCITA recognized law enforcement or counterintelligence training facility (e.g. Federal Law Enforcement Training Center (FLETC)
, Army Ft. Huachuca, etc.) Requirements also include successful completion or test-out for the following:
To maintain certification, every two years personnel must conduct at least three acquisitions and examinations of digital media or information per year and attend a minimum of 40 hours of approved continuing education training.
Research & Development
DCCI serves as a knowledge resource in the area of cyber forensics and related technologies for the research and development of computer forensic tools and related technologies supporting DoD intelligence and federal law enforcement communities.
To advance state-of-the-art cyber forensics, DCCI partners with academic institutions, industry, and government organizations:
Develops digital forensic tools to increase the effectiveness and efficiency of DoD intelligence and federal law enforcement:
Research innovative digital forensic tools and ideas to provide DoD intelligence and federal law enforcement personnel with novel solutions:
Capabilities:
Testing & Evaluation/Validations
DCCI develops, analyzes, and tests cyber forensics related tools, techniques, and processes used in criminal and counterintelligence investigations, information assurance, and information operations. T&E assures validated tools, techniques, and processes are accurate, reliable, and repeatable.
DCCI Cyber Files
As DCCI completes hardware and software testing, summaries of the projects are listed within the DC3 Cyber Files, which is publicly accessible at www.dc3.mil. Governmental organizations can request a report by contacting FX at 410.981.1037.
.
Futures Explorations coordinates the following:
, Cybersecurity Coordinator and Special Assistant to the President; Mr Alan Paller, SANS; Mr Ovie Carroll, Director, CCIPS Cybercrime Lab, US Department of Justice; Mr. Jeffrey Troy, Deputy Assistant Director, FBI for Cyber; and Mr. John T. Lynch, Principal Deputy Chief of the Computer Crime and Intellectual Property Section (CCIPS).
Who Can Attend
The 2012 DoD Cyber Crime Conference will return to Atlanta, Georgia January 24-27 with pre-conference training January 20-23 at the Hyatt Regency in Downtown Atlanta, GA.
data carving, and recovering data from destroyed floppy disks and CDs. With 140 teams total, and 21 submissions entered, AccessData won the 2006 event.
won the event.
analysis, and foreign text identification and translation. With 199 teams competing, and 20 entries submitted, the competition was won by Chris Eagle and Tim Vidas of the Naval Postgraduate School
. The 2008 Challenge also marked the first time that all results were released publicly.
2009 Sponsors
SANS Institute for the U.S. High School and U.S. Undergraduate prizes
The SysAdmin, Audit, Network, Security (SANS) Institute is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS is also a sponsor in the Center for Strategic & International Studies US Cyber Challenge.
IMPACT for the Non-U.S. prize
The International Multilateral Partnership Against Cyber-Threats (IMPACT) and the Department of Defense Cyber Crime Center have partnered to provide a Digital Forensic Challenge opportunity for non-U.S. entries. This opportunity will provide an international aspect to a previously U.S.-based event and allow additional insight into global methods to fight cyber crime.
2009 Winners' Circle
With the four available prizes for 2009, the official winners of the Challenger were:
2010 Sponsors
New in 2010, several new sponsors provided additional prizes to allow for multiple winners:
SANS Institute for the U.S. High School and U.S. Undergraduate prizes
The SysAdmin, Audit, Network, Security (SANS) Institute
is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS is also a sponsor in the Center for Strategic & International Studies US Cyber Challenge.
IMPACT for the Non-U.S. prize
The International Multilateral Partnership Against Cyber-Threats
(IMPACT) and the Department of Defense Cyber Crime Center have partnered to provide a Digital Forensic Challenge opportunity for non-U.S. entries. This opportunity will provide an international aspect to a previously U.S.-based event and allow additional insight into global methods to fight cyber crime.
The winner(s) of the International category from an IMPACT-member country will be eligible to fly to Malaysia for a tour of the IMPACT facility in Cyberjaya, official presentation of a commemorative plaque and potential grants of EC-Council and SANS courses.
EC-Council for US Government, US Military, Commercial, and Civilian individual prizes
The International Council of Electronic Commerce Consultants
(EC-Council) is a world leader in Information Security Certification and Training. With over 450 training locations for it’s information security courses in over 60 countries, it is a world leader in technical training and certification for the Information Security community. It is a trusted source for vendor neutral Information Security training solutions. EC-Council and DC3 have partnered to expand prize awards opportunities for our DC3 Digital Forensic Challenge. EC-Council will sponsor the categories of:
The winning teams of the Civilian, Commercial, Government, and Military categories will receive the following prizes for up to 4 members from the EC-Council:
JHU for Community College Participants
The John Hopkins University (JHU) Carey School for Business as part of CyberWatch will be awarding a prize for the team with the highest score that is also enrolled in a community college.
The Johns Hopkins/CyberWatch (JHU/CW) winning team will be recognized as the academic leader at the U.S. Community College level. The winning team members will also be presented with an award to mark their outstanding achievement.
UK Cyber Security Challenge
Cyber Security Challenge UK and DC3 have partnered together to provide an opportunity for teams consisting of all UK citizens residing in the UK.
The UK Challenge winning team will be offered two prizes from Cyber Security Challenge UK:
2010 Winners' Circle
utility to include a progress bar, pattern-based disk wiping, and inline data hashing. The dcfldd utility is maintained by Nick Harbour, who had previously worked at DCFL while developing the tool.
DC3 continued development of the dcfldd utility with a new effort, dc3dd. This new version is based upon standard modifications
to the existing dd application, instead of continually rewriting the utility for each dd release. This development style allows dc3dd to simply plug in its functionality into the latest dd version.
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
Department of Defense
United States Department of Defense
The United States Department of Defense is the U.S...
agency that provides digital forensics
Digital forensics
Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime...
support to the DoD and to other law enforcement agencies. DC3's main focus is in criminal, counterintelligence, counterterrorism, and fraud investigations from the Defense Criminal Investigative Organizations (DCIOs), DoD counterintelligence groups, and various Inspector General
Inspector General
An Inspector General is an investigative official in a civil or military organization. The plural of the term is Inspectors General.-Bangladesh:...
groups. The Air Force Office of Special Investigations
Air Force Office of Special Investigations
The Air Force Office of Special Investigations , is a Field Operating Agency of the United States Air Force that provides professional investigative services to commanders throughout the Air Force...
is the executive agent of DC3.
History
DC3 is an agency that houses six government directorates including: Defense Computer Forensics Laboratory (DCFL), Defense Cyber Investigations Training Academy (DCITA), Defense Cyber Crime Institute (DCCI), DOD - Defense Industrial Base (DIB) Collaborative Information Sharing Environment (DCISE), National Cyber Investigative Joint Task Force - Analytic Group (NCIJTF-AG) and Futures Exploration (FX). However, from the onset, there was just the forensics lab and the training academy, both initiated by the Deputy Undersecretary of Defense, John HamreJohn Hamre
John J. Hamre is a specialist in international studies, a former Washington bureaucrat and the current president and CEO of the Center for Strategic and International Studies, a position he has held with that think tank since April 2000.-Education:Hamre is the son of Melvin Sanders and Ruth Lucile...
in 1998. DC3 was constructed in October 2001 to house both DCFL and DCITA, and to support the creation of the Defense Cyber Crime Institute (DCCI).
Mission Statement:
To deliver superior digital forensics and multimedia lab services, training, research, development, testing and evaluation capabilities supporting cyber counterintelligence and counterterrorism, criminal investigations, intrusion forensics, and information operations for the Department of Defense.
Vision Statement:
Dominate mission space with technical innovation and standards for DoD digital forensics while delivering superior digital forensics capabilities to DoD criminal investigative, counterintelligence, counterterrorism, intelligence, safety, information assurance, and critical infrastructure protection communities. Develop a reputation for collaboration and excellence that will gain partners from U.S. federal agencies, international allies, academia and private professional organizations.
Defense Computer Forensics Laboratory (DCFL)
The Defense Computer Forensics Laboratory (DCFL) is a world class accredited digital forensics laboratory. On 8 September 2005, the American Society of Crime Laboratory Directors/Laboratory Accreditation Board (ASCLD/LAB) accredited the DCFL as part of its nascent digital forensics regime. DCFL's mission is to provide the DoD with digital forensic services, as well as expert testimony. The DCFL has organized digital forensic examinations within an industrial process that is unmatched elsewhere in terms of its scope.The laboratory provides forensics services to the Defense Criminal Investigative Organizations (DCIOs), and other partners, to analyze and report on digital media seized in investigations. The lab handles a variety of cases including:
Major Crimes and Safety
The Major Crimes and Safety Section performs forensic exams that involve cyber crimes and fraud committed against people and property.
Counterintelligence/Counterterrorism
The Counterintelligence/Counterterrorism Section specializes in cases that involve security violations, laptop loss on control investigations, espionage, steganography, classified information and support for the war on terrorism.
Intrusions and Information Assurance
The Intrusions and Information Assurance section performs forensic exams on computers involved in "hacker: investigations and provides case agents with relevant leads to identify intruder, tradecraft and damage.
Imaging and Extraction
The Imaging & Extraction section performs forensic imaging (copying) on all original types of electronic media. This includes hard drives, floppy diskettes, CD, PDA, mobile phones, GPS, and all tape formats. They also have the capabilities to repair hard drives, and in some cases repair mutilated diskettes.
Audio/Video Enhancement
The Audio/Video Enhancement section performs A/V forensics support for DoD Law Enforcement and the DoD Safety Community that investigates mishaps and accidents.
During its 2007 fiscal year, the lab processed 758 cases, resulting in over 171 terabytes of examined media.
Defense Cyber Investigations Training Academy (DCITA)
The Defense Cyber Investigations Training Academy (DCITA) is a nationally accredited educational academy that researches, develops, and delivers training in cyber investigations for the DoD, military counterintelligence groups, federal law enforcement, and other law enforcement organizations. DCITA's mission is to provide cyber investigation training to individuals and DoD elements that must ensure Defense information systems are secure from unauthorized use, counterintelligence, and criminal and fraudulent activities. DCITA students receive hands-on training in classrooms, as well as online distance learning. DCITA follows the COE and ACE accreditation standards leading towards DC3 certification.DCITA is nationally accredited by the Council on Occupational Education
Council on Occupational Education
The Council on Occupational Education or is national institutional accrediting agency recognized by the US Department of Education. Originally founded in 1971 as a regional accrediting agency of the Southern Association of Colleges and Schools, COE became a national accrediting agency in 1995...
, and features multiple courses accredited by the American Council on Education
American Council on Education
The American Council on Education is a United States organization, established in 1918, comprising over 1,800 accredited, degree-granting colleges and universities and higher education-related associations, organizations, and corporations....
, allowing them to be eligible for college credits. Due to its accreditation, the Academy changed its name on 1 October 2006 from its previous name of the Defense Computer Investigations Training Program (DCITP).
DCITA provides 25 courses that cover every aspect of cyber investigations. Topics include: incident response, Windows-based forensics, and network intrusions in Windows, Linux, and Solaris Unix environments. Niche topics are also provided for undercover Internet investigations, Macintosh forensic recovery, log analysis, large data set acquisition, and network exploitation.
Types of Training
- Computer Search and seizure techniques
- Network intrusions investigations
- Forensic computer media analysis to support criminal, fraud, and counterintelligence investigations
- Basic and advanced forensic examinations
- Online undercover techniques
Certification Program
DCITA offers the following three levels of certification:
Certified Digital Media Collector
Personnel who are the first to respond, secure, preserve, and/or collect digital evidence at crime scenes. Requirements include successful completion or test-out for both the Introduction to Networks and Computer Hardware and the Computer Incident Responders Course. To maintain certification, every two years personnel must conduct at least three acquisitions of digital media or information and attend a minimum of 40 hours of approved continuing education training.
Certified Digital Forensic Examiner
Personnel for whom examination or analysis of digital media are major components of their routine duties. Requirements include successful completion or test-out for the Introduction to Networks and Computer Hardware, the Computer Incident Responders Course, and Windows Forensic Examinations. To maintain certification, every two years personnel must conduct at least three examinations of digital media or information and attend a minimum of 40 hours of DCITA-approved continuing education training.
Certified Computer Crime Investigator
Credentialed law enforcement/counterintelligence personnel who investigate all elements of computer crime to include the examination and analysis of digital evidence. Personnel must also be graduates of a DCITA recognized law enforcement or counterintelligence training facility (e.g. Federal Law Enforcement Training Center (FLETC)
Federal Law Enforcement Training Center
The Federal Law Enforcement Training Center serves as an interagency law enforcement training organization for 90 United States government federal law enforcement agencies.-Location:...
, Army Ft. Huachuca, etc.) Requirements also include successful completion or test-out for the following:
- * Introduction to Networks and Computer Hardware
- * Computer Incident Responders Course
- * Windows Forensic Examination
- * One elective course: Forensic and Intrusions in a Windows Environment; or Forensic and Intrusions in a Linux Environment; or Forensic and Intrusions in a Solaris Environment
To maintain certification, every two years personnel must conduct at least three acquisitions and examinations of digital media or information per year and attend a minimum of 40 hours of approved continuing education training.
Defense Cyber Crime Institute (DCCI)
The Defense Cyber Crime Institute (DCCI) was formed in May 2002 to establish legal and scientific standards for digital forensics. DCCI serves as a resource for sound research to produce unique tools and procedures for the DoD law enforcement and counterintelligence communities. DCCI's core mission is to:- Research & develop digital forensic tools & techniques
- Test, evaluate & validate digital forensic tools & techniques
Research & Development
DCCI serves as a knowledge resource in the area of cyber forensics and related technologies for the research and development of computer forensic tools and related technologies supporting DoD intelligence and federal law enforcement communities.
To advance state-of-the-art cyber forensics, DCCI partners with academic institutions, industry, and government organizations:
- Education Partnership Agreements
- Memorandum of Understanding
- Non-Disclosure Agreements
- Cooperative Research and Development Agreement
Develops digital forensic tools to increase the effectiveness and efficiency of DoD intelligence and federal law enforcement:
- Intrusion Attribution
- Image Analysis
- Peer-to-Peer Log Analysis
- Malware Analysis
- Steganography Identification and Extraction
Research innovative digital forensic tools and ideas to provide DoD intelligence and federal law enforcement personnel with novel solutions:
- Password Cracking
- Image Authentication
Capabilities:
- Quickly and accurately determine the extent and source of a network attack
- Catalog contraband images for faster examination
- Uncover hidden data not discovered with traditional forensic tools
- Unbiased evaluation of digital forensic tool characteristics and performance
Testing & Evaluation/Validations
DCCI develops, analyzes, and tests cyber forensics related tools, techniques, and processes used in criminal and counterintelligence investigations, information assurance, and information operations. T&E assures validated tools, techniques, and processes are accurate, reliable, and repeatable.
DCCI Cyber Files
As DCCI completes hardware and software testing, summaries of the projects are listed within the DC3 Cyber Files, which is publicly accessible at www.dc3.mil. Governmental organizations can request a report by contacting FX at 410.981.1037.
DoD - Defense Industrial Base Collaborative Information Sharing Environment (DCISE)
The DoD - Defense Industrial Base Collaborative Information Sharing Environment, DCISE, is a focal point and clearing house for referrals of intrusion events on Defense Industrial Base (DIB) unclassified corporate networks. The DCISE is a collaborative operational information sharing environment among multiple partners that produces threat information products for industry partners with reciprocal responsibilities providing notice of anomalies and sharing of relevant media.National Cyber Investigative Joint Task Force - Analytical Group (NCIJTF-AG)
The National Cyber Investigative Joint Task Force - Analytical Group (NCIJTF-AG) mitigates, neutralizes, and disrupts cyber intrusions presenting a national security threat. The Analytical Group (AG) synthesizes a common operating picture of hostile intrusion related activity to aid investigations, review all source data, and deliver timely reporting. NCIJTF-AG also works to develop a common operating picture to shrink the cyber counterintelligence OODA LoopOODA Loop
The OODA loop is a concept originally applied to the combat operations process, often at the strategic level in military operations. It is now also often applied to understand commercial operations and learning processes...
.
Futures Exploration (FX)
Futures Exploration is the outreach function of DC3 that works to increase organizational potential by marketing the capabilities and activities of DC3 and its people to external audiences and communities. FX works to build strategic partnerships for the development and sharing of better digital forensic tools and techniques among Department of Defense organizations, federal agencies, state and local law enforcement, international partners, the private sector, and academic institutions. The Futures Exploration (FX) mission is to take DC3 and its subordinate organizations into the future seamlessly and continuously, branding the DC3 name in the larger community to keep DC3 on the leading edge, recognized as the Center of Excellence for digital forensics, cyber investigations, and cyber security. This is accomplished through the application of knowledge management and development of strategic relationships with other government agencies, private sector, academia and international partners by pioneering digital forensics intelligence, and by expanding outreach and information sharing among law enforcement communities.Futures Explorations coordinates the following:
- Speaker Requests for DC3 subject matter experts
- Vendor Demonstrations
- Website creation and maintenance
- Planning and execution of the annual DoD Cyber Crime Conference
- Planning and execution of the annual DC3 Digital Forensics Challenge
Defense Cyber Crime Conference
DC3 develops and hosts an annual Cyber Crime Conference. This conference covers all aspects of computer crime and incident response: intrusion investigations, cyber crime law, digital forensics, information assurance, as well as the research, development, testing, and evaluation of digital forensic tools. The conference has changed location multiple times since its inception in 2001, but it is usually held in January. In 2011, the conference moved to Atlanta, Georgia to host the 10th annual Cyber Crime Conference. The conference had over 1220 attendees, approx. 220 speakers, anywhere fro 16-20 concurrent tracks, 530 people trained and an offsite classified session with 225 individuals in attendance. Plenary Session speakers were Hon Howard SchmidtHoward Schmidt
Howard A. Schmidt is the Cyber-Security Coordinator of the Obama Administration, operating in the Executive Office of the President of the United States.One of Schmidt's leading policy objectives is the development of "National Strategy for...
, Cybersecurity Coordinator and Special Assistant to the President; Mr Alan Paller, SANS; Mr Ovie Carroll, Director, CCIPS Cybercrime Lab, US Department of Justice; Mr. Jeffrey Troy, Deputy Assistant Director, FBI for Cyber; and Mr. John T. Lynch, Principal Deputy Chief of the Computer Crime and Intellectual Property Section (CCIPS).
Who Can Attend
- DoD Personnel
- DoD-Sponsored Contractors
- Defense Industrial Base (DIB) Partners (CIPAC)
- Federal, State and Local Law Enforcement
- U.S. sponsored Government Representatives Working in the Following Fields:
- Counterintelligence Special Agents
- Criminal Investigators
- Computer Forensics Examiners
- Prosecutors - federal, state, local, military
- DoD Information Assurance/Systems Administrators
- Computer Forensics Research and Development Personnel
- Federal, State and Local Law Enforcement
- Educators in federally funded information assurance program, like CyberCorps or National Centers of Excellence for Information Assurance
- U.S.-sponsored government representatives from Australia, Canada, the United Kingdom and New Zealand may also attend.
The 2012 DoD Cyber Crime Conference will return to Atlanta, Georgia January 24-27 with pre-conference training January 20-23 at the Hyatt Regency in Downtown Atlanta, GA.
DC3 Challenge
The DC3 Digital Forensics Challenge is an annual contest, launched in 2006, that allows for public competition to solve many challenging forensic issues. Each team is given a window of approximately eight months to determine solutions to as many of the issues as possible. The total solutions and efforts are graded to determine the winning entry. The winning team is awarded with a paid trip to the Defense Cyber Crime Conference.2006 DC3 Digital Forensics Challenge
The 2006 Challenge provided unique tests that included: Audio steganography, real vs. computer generated image analysis, Linux LVMLogical Volume Manager (Linux)
LVM is a logical volume manager for the Linux kernel; it manages disk drives and similar mass-storage devices, in particular large ones. The term "volume" refers to a disk drive or partition thereof...
data carving, and recovering data from destroyed floppy disks and CDs. With 140 teams total, and 21 submissions entered, AccessData won the 2006 event.
2007 DC3 Digital Forensics Challenge
The 2007 Challenge introduced new topics, such as: Bitlocker cracking and recovering data from destroyed USB thumb drives. With 126 teams competing, and 11 entries submitted, a team of students from the Air Force Institute of TechnologyAir Force Institute of Technology
The Air Force Institute of Technology is a graduate school and provider of professional and continuing education that is part of the United States Air Force. It is located on Wright-Patterson AFB, Ohio. A component of Air University and Air Education and Training Command, AFIT has been...
won the event.
2008 DC3 Digital Forensics Challenge
Beginning with the 2008 Challenge, the contest was broken into four skill levels: Novice, Skilled, Expert, and Genius. New challenges included: detection of malicious software, partition recovery, file header reconstruction, SkypeSkype
Skype is a software application that allows users to make voice and video calls and chat over the Internet. Calls to other users within the Skype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-based user account system...
analysis, and foreign text identification and translation. With 199 teams competing, and 20 entries submitted, the competition was won by Chris Eagle and Tim Vidas of the Naval Postgraduate School
Naval Postgraduate School
The Naval Postgraduate School is an accredited research university operated by the United States Navy. Located in Monterey, California, it grants master's degrees, Engineer's degrees and doctoral degrees...
. The 2008 Challenge also marked the first time that all results were released publicly.
2009 DC3 Digital Forensics Challenge
A total of 1,153 teams from 49 states and 61 countries applied to enter the 2009 DC3 Challenge. This is an increase from 223 teams from 40 states and 26 countries entered in 2008. Of that number of teams in 2009, 44 teams submitted solution packets back to FX for grading.2009 Sponsors
SANS Institute for the U.S. High School and U.S. Undergraduate prizes
The SysAdmin, Audit, Network, Security (SANS) Institute is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS is also a sponsor in the Center for Strategic & International Studies US Cyber Challenge.
IMPACT for the Non-U.S. prize
The International Multilateral Partnership Against Cyber-Threats (IMPACT) and the Department of Defense Cyber Crime Center have partnered to provide a Digital Forensic Challenge opportunity for non-U.S. entries. This opportunity will provide an international aspect to a previously U.S.-based event and allow additional insight into global methods to fight cyber crime.
2009 Winners' Circle
With the four available prizes for 2009, the official winners of the Challenger were:
| Prize | Team | Points |
|---|---|---|
| DC3 Prize (U.S. Winner) | Little Bobby Tables | 1,772 |
| SANS Prize - High School (U.S.) | pwnage | 1,309 |
| SANS Prize - Undergraduate (U.S.) | WilmU | 1,732 |
| IMPACT Prize (International & Overall) | DFRC | 2,014 |
2010 DC3 Digital Forensics Challenge
A total of 1010 teams from 51 states and 53 countries applied to enter the 2010 DC3 Challenge. This is a 12% decrease in team applications from 1,153 teams from 49 states and 61 countries entered in 2009. Of that number of teams in 2010, 70 teams submitted solution packets back to FX for grading. This is a 59% increase in the number of submissions returned to the DC3 Challenge from 2009 with 44 submissions returned.2010 Sponsors
New in 2010, several new sponsors provided additional prizes to allow for multiple winners:
SANS Institute for the U.S. High School and U.S. Undergraduate prizes
The SysAdmin, Audit, Network, Security (SANS) Institute
SANS Institute
The SANS Institute is a private US company that specializes in internet security training. It was founded in 1989, provides computer security training, professional certification through Global Information Assurance Certification , and a research archive - the SANS Reading Room...
is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS is also a sponsor in the Center for Strategic & International Studies US Cyber Challenge.
IMPACT for the Non-U.S. prize
The International Multilateral Partnership Against Cyber-Threats
IMPACT
This article is on the international collaboration called IMPACT. For the charitable organisation, see IMPACT . For the Irish trade union, see Irish Municipal, Public and Civil Trade Union...
(IMPACT) and the Department of Defense Cyber Crime Center have partnered to provide a Digital Forensic Challenge opportunity for non-U.S. entries. This opportunity will provide an international aspect to a previously U.S.-based event and allow additional insight into global methods to fight cyber crime.
The winner(s) of the International category from an IMPACT-member country will be eligible to fly to Malaysia for a tour of the IMPACT facility in Cyberjaya, official presentation of a commemorative plaque and potential grants of EC-Council and SANS courses.
EC-Council for US Government, US Military, Commercial, and Civilian individual prizes
The International Council of Electronic Commerce Consultants
International Council of Electronic Commerce Consultants
The International Council of Electronic Commerce Consultants is a member-supported professional organization. The EC-Council is headquartered in Albuquerque, New Mexico...
(EC-Council) is a world leader in Information Security Certification and Training. With over 450 training locations for it’s information security courses in over 60 countries, it is a world leader in technical training and certification for the Information Security community. It is a trusted source for vendor neutral Information Security training solutions. EC-Council and DC3 have partnered to expand prize awards opportunities for our DC3 Digital Forensic Challenge. EC-Council will sponsor the categories of:
- U.S. Government
- U.S. Military
- Civilian for all U.S. and non-U.S. entries
- Commercial teams for all U.S. and non-U.S. entries
The winning teams of the Civilian, Commercial, Government, and Military categories will receive the following prizes for up to 4 members from the EC-Council:
- A Plaque
- A pass to the Hacker Halted Conference to winners worth $1799 each
- Any free EC-Council electronic courseware of choice for the winners on Ethical Hacking, Computer Forensic, Security Analysis or Disaster Recovery worth $650 each
JHU for Community College Participants
The John Hopkins University (JHU) Carey School for Business as part of CyberWatch will be awarding a prize for the team with the highest score that is also enrolled in a community college.
The Johns Hopkins/CyberWatch (JHU/CW) winning team will be recognized as the academic leader at the U.S. Community College level. The winning team members will also be presented with an award to mark their outstanding achievement.
UK Cyber Security Challenge
Cyber Security Challenge UK and DC3 have partnered together to provide an opportunity for teams consisting of all UK citizens residing in the UK.
The UK Challenge winning team will be offered two prizes from Cyber Security Challenge UK:
- Two weeks at the new UK Cyber Security Academy, which develops the skills required of next-generation cyber security specialists, including courses on digital forensics, threat and risk management, cyber-crime, and emerging security technologies.
- Invitations to take part in the Cyber Security Challenge UK’s masterclass challenge to compete against other successful contestants from other UK Challenge competitions.
2010 Winners' Circle
| Prize | Team | Points |
|---|---|---|
| DC3 Prize (U.S. Winner) | Williams Twin Forensics | 1,470 |
| SANS Prize - High School (U.S.) | Crash Override | 361 |
| SANS Prize - Undergraduate (U.S.) | Team Name | 1,129 |
| IMPACT Prize (International) | DFRC | 3,297 |
| EC-COUNCIL Prize (US GOVT) | LBPDCCID | 409 |
| EC-COUNCIL Prize (US Military) | Batcheej | 88 |
| EC-COUNCIL Prize (Commercial) | Little Tree | 1,791 |
| EC-COUNCIL Prize (Civilian) | William Twins Forensics | 1,470 |
| JHU Prize (Community College) | PWNsauce | 84 |
| UK Cyber Security Challenge | Mine Inc | 352 |
2011 DC3 Digital Forensics Challenge
The 2011 Challenge, currently underway, has more than doubled its sponsors. Sponsor announcements will be rolled out in the near future. As of 11 May 2011, 779 teams from 44 countries (including the United States) have registered since the challenge kickoff on 15 December 2010.Published tools
To assist the DoD in cyber investigations, various tools and utilities have been written by agencies within DC3, and some have been released publicly. One of the most prominent of these tools is dcfldd, a modification of the Unix ddDd (Unix)
In computing, dd is a common Unix program whose primary purpose is the low-level copying and conversion of raw data. According to the manual page for Version 7 Unix, it will "convert and copy a file". It is used to copy a specified number of bytes or blocks, performing on-the-fly byte order...
utility to include a progress bar, pattern-based disk wiping, and inline data hashing. The dcfldd utility is maintained by Nick Harbour, who had previously worked at DCFL while developing the tool.
DC3 continued development of the dcfldd utility with a new effort, dc3dd. This new version is based upon standard modifications
Diff
In computing, diff is a file comparison utility that outputs the differences between two files. It is typically used to show the changes between one version of a file and a former version of the same file. Diff displays the changes made per line for text files. Modern implementations also...
to the existing dd application, instead of continually rewriting the utility for each dd release. This development style allows dc3dd to simply plug in its functionality into the latest dd version.