Hi all, I’m glad to share some information about upcoming Forensics CTF. Sorry for my English…

What is Forensics CTF?
It’s a set of 16 Computer Forensics tasks with different difficulty levels. First tasks are very simple, but the last tasks are much harder to complete.
Why should I participate?

1. You want to test your Computer Forensics skills.
2. You want to learn something new. At the end of the event document with complete solutions for every task will be sent to every participant.
3. You want to become the winner of DEFCON event.

How difficult are tasks in the Forensics CTF?
Overall difficulty level of this CTF is LOW to MEDIUM, so it doesn’t have super hard Forensics tasks. But time to complete this CTF is limited, so you still need to work hard to complete them all on time.

What is the schedule for Forensics CTF?

• 5 August, 10AM – CTF opening.
  • Publication of CTF tasks descriptions Word document.
  • Publication of CTF files.
  • Forensics CTF officially started.
  • You MUST get the decryption password for .zip archive at the CTF table.
  • Forensics CTF area is open for any questions.
• 5 August, 8PM – end of first day.
  • Forensics CTF area close.
• 6 August, 10 AM - Forensics CTF area is open for any questions.
• 6 August, 7PM – last time for submissions.
  • Forensics CTF area close.
  • End of second day.
• 7 August
  • Forensics CTF answers will be send to all participants after 12pm 07 August (Sunday). I will reply back to everyone who will send me his/her answers.
  • Forensics CTF results (winners and scores) publication on forum. I'll do it before 12pm 07 August (Sunday).
  • Final ceremony. Final Forensics CTF ceremony will be a part of final DEFCON ceremony (starts at 2pm on the stage on the Contest Floor), be there to get your reward.

What is the length of Forensics CTF?
Two days (5 – 6 August) for answers submissions. One day (7 August) for results publication and winner’s ceremony (no answer submissions accepted).

How to participate?
Get CTF tasks using one of the following methods:

• Tasks descriptions:
  • Tasks descriptions (Word document) will be included in Tasks files (.zip archive). See information below.
• Tasks files:
  • Links for .zip archive with all of the tasks will be published on Forensics CTF forum one week before DEVCON. This file will be encrypted. You will be able to get the encryption/decryption key at the CTF area starting from 10AM 5 August.
  • You will also be able to connect to Ethernet switch (Ethernet cables will be provided) at CTF zone and download all required files. DHCP IP-address. Connect to 10.0.0.10 host using CTF SMB share - **10.0.0.10*CTF - and download all files.
• Send your answers to whymirosh@gmail.com till 7PM 6 August. Attach .doc file with your answers. Do not encrypt it, do not add any links, just attach the .doc file. Don’t forget to add your nickname, first and last name, last day, during final ceremony you should show me your ID. I will not share your first and last names.
• Wait for results to be published on forum 12pm 7 August (Sunday).

Tasks from which areas to expect on this CTF?
List of areas includes but not limited to:

• Memory forensics
• Windows Event logs
• Linux Event logs
• Event logs for non-standard OSs: QNX, BeOS, Solaris, etc.
• Network traces forensics
• Hard drives forensics
• Malware analysis
• And many more…

What if I will have questions?

• Forensics CTF zone open 10AM-8PM 5 August and 10AM-7PM 6 August for any questions.
• Ask any questions on forum.
• Send question to me (Mir0sh) – whymirosh@gmail.com.

How the winners of the Forensics CTF will be determined?
It’s easy. Every task has difficulty level. For each task you will get points:

• Easy task – 1 point.
• Normal task – 2 points.
• Hard task – 3 points.

Person who will get more points will be the winner. If more than one person will get maximum number of points, then the person who submitted the answers earlier will be the winner.
What about the prizes?
We will have 1^st , 2^nd and 3^rd places. Unfortunately, there will not be any expensive prizes, because I’m the only author and organizer of this event and will need also to pay for my hotel, tickets, beer, prostitutes, casino, etc. But all winners will get trophies and some small prizes.

Here what I have for our CTF winners:

All winners (1, 2, 3 places) will get:
Office 365 Personal Subscription for Windows/Mac [BOX]:


Extra prizes:
3-rd place:
Windows 10 Pro Box:


2-nd place:
Arc Touch Mouse:



1-st place:
Universal Foldable Keyboard Clavier Pliable: