CSAW’13 – High School Forensic Challenge


CSAW'13 English Flyer

Congratulations to UAE finalist teams ‘Ins0mnia’ from Emirates International School Meadows, and ‘Bitfield’ from The Indian High School!

The two teams received an expense-paid trip to New York City to compete in the 2013 CSAW @ NYU HSF competition finals on November 15, 2013.  Both teams were performed very well and ranked right after the top three teams among 12 competing teams.

We thank all the students and their mentor teachers for participating in the High School Forensics challenge.  This year’s HSF competition has been one of the largest high school cyber security events in the world!  We like to note that in its first year in Abu Dhabi more than 70 teams from all across the UAE have registered for the HSF’13.  We hope everyone had fun and found the challenge to be a worthwhile learning activity.  For more information on please visit the HSF site.

UAE Finalist Teams

Team #1: Ins0mnia

School: Emirates International School Meadows
Mentor Teacher : Jonathan Houghton
Students: Mohamed Kayali and Tala Nahhas

Team #2: Bitfield

School: The Indian High School
Mentor Teacher: Malini Vincent
Students: Arpit Raorane, Manas George and Eashaan Tiwari


Cyber Security Awareness Week 2013

Starting on September 18, registered teams will receive a cyber forensics murder mystery challenge to analyze and solve using cyber forensics tools and methods. Two finalist UAE teams winning the regional competition and their teachers/mentors will receive an expense paid trip to New York City to compete with finalists from the US for the championship on November 15,2013.

NYUAD invites high school students in the UAE to recruit a teacher/mentor and a team of one to three motivated students to participate in our 

2013 High School Cyber Forensics Challenge, in collaboration with NYU Poly and National Electronic Security Authority (NESA).

Discover the fascinating world of Cyber Security such as log and file analysis, rootkit detection and analysis, botnet detection and analysis, live system forensics, steganography, file carving and more.

Your team will battle against other elite teams from across the United Arab Emirates, the United States—and the clock—as they gather clues to solve this fast-paced mystery.

Important Dates
  • September 18
    Preliminary Round Release Date
  • October 18
    Preliminary Round Due Date
  • November 15
    Final Round (in New York City)
  • October 18
    Registration will remain open through the final day for the preliminary round submissions.
Download the Flyer:
More Information
Frequently Asked Questions (FAQ’s)

Who should participate?

Students who have an interest in math, science, computer science and technology are ideal candidates for this competition. Each team must have a mentor who is a teacher at their high school.

What is a team?

Each team will consist of one to three students and a mentor/teacher from your school.

Can there be more than one team from a school?

Yes, each school can field multiple teams. But, students can participate in only one team.

What does each team have to do?

At the beginning of the challenge, teams will be given a disk image as well as other evidence collected by the fictitious ISIS Police investigating a fake murder case. As teams make progress in unraveling the forensic evidence, they will discover clues about what happened. The clues will reveal evidence both within the disk image and online. Finalists will use their evidence to compete in the final stage of the forensics challenge on NYU-Poly’s campus before the awards ceremony. Teams will not be responsible for chain-of-custody and other legal aspects of the investigations.

What types of information should team members be comfortable with?

Team members should be comfortable with a variety of forensics topics, including traditional log and file analysis, rootkit detection and analysis, botnet detection and analysis, live system forensics, steganography and file carving. The challenge is designed to escalate in difficulty as students move through it.

Where can a teacher/mentor direct any additional specific questions to the competition?

All additional questions and concerns pertaining to the competitionshould be sent tocsaw-hsf@isis.poly.eduTeachers/mentors can also sign up for announcements on our teacher’s Mailing List.

Is there other information online?

Yes, you will find other information online, but will not need to login to any non-ISIS computers to access that information. If you have any questions about if a machine is within gameplay, or what access is allowed, you may request a “Warrant” from “Judge C. Saw” by e-mailing csaw-hsf@isis.poly.edu

What should be in the final challenge submission?

The final challenge submission should be a PDF document that includes: 1) the evidence you found, 2) the tools you used to find the evidence, 3) time line of events and 4) your conclusions.

Is there a standard, or sample format for the challenge submission?

There is no correct format for the challenge submission, only that the main report should be a 5- page (max) PDF document with evidence included as separate appendix or files.You may look at last year’s winners as examples.

What can I use to analyze the network data?

The network captures are stored PCAP format, and can be opened with programs such as Wireshark, or other network analysis tools.

What can I use to extract the tar.gz archive?

You can decompress the archive with WinZip, or 7Zip, on Windows Systems, or tar using the “-zxvf” options on Linux/Unix Systems.

How do I access the computer once it is decompressed?

The file is a VMWare image of the machine, a virtual machine. You can access the virtual machine by opening the “jmusic.vmx” file using one of the free software products from VMWware (either Player or Server), or the licensed Workstation product (any versions greater than 5).You can also use the free 30-day trial version of VMWare Workstation (6.5).

Do I have to worry about chain-of-custody, or evidence tampering?

No. You may also take advantage of the snapshot feature with the virtual machine.

Can I turn on and log into the virtual machine?

Yes, the virtual machine is functionally a ceased computer. You may turn it on and even login for your investigation, but you should take care in doing so.

Can I use any scanners, password crackers or other automated tools?

You may use anything you want locally, but you may *NOT* use any automated tools (brutus, nessus, nikto, etc) on *ANY* online resource. The challenges are designed such that you can gain access by careful investigation and use of information gathered from your investigation.

How will the finalist teams obtain information regarding travel and lodging accommodations for the final competition?

Each team’s teacher/mentor will be contacted by the YES Center and provided with all necessary information.