Found a website and a forensics contest yesterday quite by accident. I was waiting for somebody before going out for the night and I thought this might be a little fun while I waited. Now the contest had closed and the results where available, which I ignored until the end and went straight to Puzzle #2: Ann skips bail.

I came across an old enough post on Didier’s blog about Group policies that have disabled cmd.exe from running. Didier mentions a few ways to get cmd.exe to run. The suggestion I like the most is to find the DisableCMD string in cmd.exe and change it to DisableAMD using a hex editor. Thankfully there is a tool which will allow us to patch cmd.exe in one tiny line.

Over at the Honeynet Project they used to run security competitions which were quite a bit of fun. I remembered one in particular which I looked at but hadn’t completed. It dealt with the forensic investigation of a floppy disk. I was tinkering with an application to measure byte entropy and thinking of a way that it could be used in a forensic investigation. There is no point using the little application to analyse my terabyte (TB) sized drives so remembering the floppy disk challenge I downloaded the floppy disk image (1.44MB;MD5 = b676147f63923e1f428131d59b1d6a72).