KIISC Digital Forensics Challenge 2021
The write-up of the winning team
Hosted by the Korean Institute of Information Security and Cryptology(KIISC), the Digital Forensics Challenge 2021(DFC 2021) aims to expand our knowledge of digital forensics and to contribute to this field. Now in its fourth year, it plays a significant role in developing new technologies and training forensic experts such as researchers and graduate students in the field of information security. Last year alone, the number of participants recorded a total of 765 people from 500 teams, with 327 Korean and 173 International teams.
This challenge consists of 24 problems and they have 100, 200, 300, 400, or 4~5 problems will be released on the 1st of each month, and the deadline for submission is the last day of the month. There is no limit on the number of submissions within the due date, but there is a disadvantage when submitting after the due date.
QUALIFICATION – Anyone interested in Digital Forensics. – Participants can register individually or as a team. – The maximum number of team members is six.
PARTICIPATION – Participants can use any tool (No Limitation) – You can write answer-sheet in English or Korean – Sharing answers or codes is not permitted
This is the final score and ranking of the top 5 teams. To check the scores of more teams, access the rank page.
| Rank | Name | Final Score | Nation |
|---|---|---|---|
| 🥇 | DogeCoin | 5520 | Korea (South) |
| 🥈 | K2YPLZ | 5138 | Korea (South) |
| 🥉 | InfoWarrior404 | 5114 | Korea (South) |
| 4 | HM | 4978 | Korea (South) |
| 5 | K-Forensics | 3908 | Korea (South) |
We do not provide source codes and image files used in challenge, but only write-ups.
| No | Problems | Keyword | Score | Main Author |
|---|---|---|---|---|
| 101 | Shellcode Analysis | Assembly, Reversing | 100 | Dongbin Oh |
| 102 | Find all graphics | Parsing, Graphics | 100 | Donghyun Kim (ZIGBANG) |
| 103 | Malware Downloader | Malware, Download | 100 | Yeongwoong Kim |
| 104 | System reconfiguration | Docker, Memory, Dataleak | 100 | Yeongwoong Kim |
| 151 | Malicious Service | Malware, Registry | 0 | All |
| No | Problems | Keyword | Score | Main Author |
|---|---|---|---|---|
| 201 | Shredder Testing | Delete, Shredder, Testing | 200 | Dongbin Oh |
| 202 | Where have you been | Wearable, Finding | 200 | Dongbin Oh |
| 203 | Find suspicious USB & documents | USB, Document | 190 | Donghyun Kim (Korea Military Academy) |
| 204 | Slack Off | Mobile, Game | 200 | Donghyun Kim (ZIGBANG) |
| 205 | Diagnosis | Telemetry, SQLite | 200 | Yeongwoong Kim |
| 206 | Secret message | Steganography | 170 | Donghyun Kim (Korea Military Academy) |
| 207 | Living | Living, ADS | 200 | Donghyun Kim (Korea Military Academy) |
| 208 | iOS Fridump | iOS, Fridump3 | 200 | Dongbin Oh |
| No | Problems | Keyword | Score | Main Author |
|---|---|---|---|---|
| 301 | What is the secret information | Android, Screenlock | 300 | Dongbin Oh |
| 302 | User Behavior Analysis | Windows, Artifacts | 220 | Donghyun Kim (Korea Military Academy) |
| 303 | How was it leaked? | Investigation, DataBreach | 300 | Donghyun Kim (ZIGBANG) |
| 304 | Find a confidential file | Partition, Decryption | 300 | Donghyun Kim (Korea Military Academy) |
| 305 | Crack the app | Android, 2-FactorAuth | 300 | Dongbin Oh |
| 306 | Event Logs | Eventlogs | 225 | Donghyun Kim (Korea Military Academy) |
| 307 | Bitcoin wallet | Cryptocurrency, Wallet | 240 | All |
| 308 | Find Forged Record | Forged, Meida_meta | 275 | Donghyun Kim (ZIGBANG) |
| No | Problems | Keyword | Score | Main Author |
|---|---|---|---|---|
| 401 | Irresponsible predecessor | FileSystem, Decryption | 400 | Dongbin Oh |
| No | Problems | Keyword | Score | Main Author |
|---|---|---|---|---|
| 501 | VolaVola | Malware, Memory, Plugin | 500 | All |
| 502 | M1 Ransom | Reversing, Programming | 500 | Donghyun Kim (ZIGBANG) |
If you want to contact us, please send at this email.
This license lets others remix, adapt, and build upon your work non-commercially, as long as they credit you and license their new creations under the identical terms.
