2023 National Cybersecurity Industry Vocational Skills Competition---Electronic Data Forensics Analyst Competition Sample Questions

2023 National Cybersecurity Industry Vocational Skills Competition – Electronic Data Forensics Analyst Sample Questions

Competition time: December

Project Introduction:

Introduction
The electronic data forensics analyst project requires contestants to perform on-site and online extraction of various electronic data, such as different storage media
, intelligent terminals, servers and databases, Internet of Things and engineering control systems, etc., recover electronic data based on physical repair or data characteristics, etc., and conduct analysis. The project is designed to test the contestants' theoretical knowledge and technical skills in a series of electronic data extraction, fixation, recovery, and analysis.

Task description
This project requires the use of different electronic data forensic techniques. The task has the following parts:
Electronic data extraction and fixed electronic data recovery< /span>
Electronic Data Analysis

1. Read all tasks in detail before starting configuration. Each task may depend on the completion of previous and subsequent tasks. Dependent
on the completion of the previous or next item.
2. This competition is in the form of online remote access, 在比赛前请确认设备是否能够正常访问，在比赛中请时 刻注意配置操作是否会影响系统的正常访问，如在比赛时因配置原因造成系统无法正常 访问，需要选手自行解决。
3. 本次比赛素材以加密压缩包形式提前上传至网盘，选手须提前下载，在比赛时由系统公 布解压密码。
4. The competition is conducted by submitting a Flag on the answering platform. The Flag must correspond to the serial number in the answering platform. The presets of the answer box must match exactly to get points. 5. Any self-brought equipment and tools can be used in the competition, . Required equipment, installation and materials Competitors must prepare their own tools to complete all required implementation of this project.

但禁止使用影响他人比赛或妨碍平台运行的工具、方 法和手段，如有发现将立即取消成绩

mission target:

Part I: Electronic Data Extraction and Fixation (30%)

General requirements: Based on the provided inspection materials, complete the specified electronic data extraction task 1: Task on inspection material 1.e01
1. Calculate the SHA256 check value of the image, Submit this as flag. (5 points)
2. Extract the file named index.rar, calculate its SHA256 check value, and submit it as a flag. (5 points)
3. Search for files in ISO format in the inspection materials, and submit this file name as flag. (5 points)
Task 2: Task on material inspection 2.e01
1. Calculate the MD5 check value of the image and submit it as a flag. (5 points)
2. Extract the file in MOV format, calculate its MD5 check value, and submit it as a flag. (5 points)
3. Extract the largest html file in the "Bank Robbery"_Interactive Encyclopedia folder, and submit this file name as a flag. (5 points)

Part II: Electronic Data Recovery (30%)

Task 3: Task on inspection material 3.e01
Some confidential information in inspection material 3.e01 has been marked as a special flag. Please use technical means to find out or Recover this information.
1. Find or restore flag2 information and submit it as flag. (6 points)
2. Find or restore the flag6 information and submit it as flag. (6 points)
3. Find or restore the flag11 information and submit it as flag. (6 points)
4. Find or restore the flag4 information and submit it as flag. (12 points)

Part 3: Electronic Data Analysis (40%)

Task 4: Task on Inspection Material 4.dd
Data on an important computer of a company has been leaked. Now please check the computer inspection materials and analyze the inspection through technical means. Material information.
1. Analyze the full computer name of the inspection material and submit it as a flag. (4 points)
2. Analyze the last login time of the valid account of the inspection material computer, and submit it as a flag. (4 points)
3. Analyze the name and number of accounts with the most frequent logins to the computer for testing materials, and submit this as a flag.
(Format: username11, all lowercase) (4 points)
4. Analyze the brand and serial number of the U disk connected to the computer for testing materials, and use this as flag submission.
(Format brandseriesnumber, all lowercase) (4 points)
5. Analyze the mac address of the computer network card of the test material, and submit it as a flag. (4 points)
6. Analyze the name of the software downloaded by the computer through the browser and submit it as a flag. (All lowercase) (4 points)
7. Analyze the encryption method of the encrypted partition of the computer for inspection and submit it as a flag. (4 points)
8. Analyze the last access time of the word document file in the encrypted partition of the computer and submit it as a flag. (4 points)
9. Analyze the version number of the remote connection tool ToDesk used by the inspection computer, and submit it as a flag. (4 points)
10. Analyze the IP address of the sample computer connected to the local computer through Sunflower, and submit it as a flag. (4 points)

If you need relevant evidence collection environment, you can send a private message to the blogger! !

PS: It is not the original question of the competition, it is just evidence-related information for practice.