Honeynet Project Forensic Challenge Results

Today Dave Dittrich of the Honeynet Project announced the results of the "Honeynet Fornesic Challenge". The results of all submitted reports are available on the page. Dave also talks about how the Honeynet Project is going to continue using this example to "develop examples and best practices that fit the needs of local, state and federal law enforcement agencies in understanding and assessing computer crime cases and pursuing suspects."

Below is the text of the email Dave sent to the FORENSICS mailing list:

 Date: Mon, 19 Mar 2001 21:38:39 -0800 From: challenge@HONEYNET.ORG To: FORENSICS@SECURITYFOCUS.COM Subject: Honeynet Project Forensic Challenge results  I'm happy to announce the winners of the Honeynet Project Forensic Challenge.  We received 13 submissions from around the world, with one team spending a total of 104 hours on their analysis.  We have decided to award the top three submissions with prestigious Honeynet Project shirts, and all of the entrants will receive a copy of "Hacking Exposed" (Second Edition).  The Top Three are (the envelope please...)          Thomas Roessler          Brian Carrier          Peter Kosinar   The full results and all submissions (including the Honeynet Project analysis and IDS logs) are available at:            More details about the lessons learned in running the Forensic Challenge, who may have done the intrusion, tools developed by one of the top three entrants, and the best techniques used by all, will come out in the following weeks (including in a talk which will be presented at CanSecWest '01 at the end of this month.)  We are also working with members of the United States Department of Justice and the King County Prosecutor's Office to develop examples and best practices that fit the needs of local, state and federal law enforcement agencies in understanding and assessing computer crime cases and pursuing suspects.  Detailed technical analyses are great for geeks, but hard for judges, prosecutors, and criminal investigators to digest and understand quickly. This is the first time a learning situation like this has existed, where members of law enforcement can speak openly about the analyses of a real intrusion without fear of compromising an actual -- and quite costly -- criminal case. Hopefully this will help bridge some gaps and smooth the road between computer security professionals and the law enforcement community.  (Note that *there will be no prosecutions of anyone involved in this intrusion*.  This is not about catching the person who did this intrusion, but rather about what can be learned from it.  Whoever did this is *verrrrrry* lucky its working out this way. *This* time. ;)  I would like to thank everyone who has assisted or participated in the challenge including all those who submitted entries, Lance Spitzner, Dan Farmer, Wietse Venema, Tan, Kevin Mandia, T Elam, Rik Farrow, Kevin Manson, Steve Schroeder, Floyd Short, Richard Murray, Ivan Orton, and Alisha Ritter (if I left anyone out, I apologize - blame it on lack of sleep.)  This never would have been possible without everyone's help.  -- Dave Dittrich dittrich@speakeasy.net 

The link for this article located at Dave Dittrich is no longer available.