Rush job: Computer students make
short work of forensics challenge © Jan. 30, 2009, Norwich University Office of Communications

A photo illustration showing a computer atop a puzzle piece.

©iStockphoto.com/geopaul

Stu Gorton and Brian Maxwell, two computer security and information assurance students at Norwich University, have taken last-minute test cramming to new heights.

The pair decided to enter a national computer forensics contest 20 days before answers were due. Twenty days sounds like a long time, until you consider that the Department of Defense, the government organization that presents the annual Digital Forensics Challenge [DC3], allows much longer. Participating teams have more than 200 days to extract mysteries from a host of mind-bending challenges, and most teams capitalize on that.

About 200 four-person teams entered, many with six or seven months to complete the questions. Just 20 teams turned in answers. The Norwich Frost Heaves, one of the last teams to enter, came in seventh. The winning team had 202 days to complete the challenge.

You have to be curious. You have to be the kind of person who digs.

~ Peter Stephenson,
Computing Department chairman

“It was kind of fast paced,” said Gorton, who was a freshman in November 2008 when answers were due. “It was challenging. It really made you explore new ideas ... It’s just something I got lost in.”

Computer forensics is a broad science of extracting information from a host of digital media and formats, including computer hard drives, disks, files such as text documents or .jpg photos, and information moving through computer networks. It has a host of commercial, security and law-enforcement applications.

“It’s a pretty remarkable accomplishment,” said Peter Stephenson, chairman of Norwich’s computing department. “You have to be curious. You have to be the kind of person who digs.”

After registering, teams were given a folder containing 15 to 20 problems and a disk with files that needed to be extracted, analyzed or interpreted.

For example, the first digital forensics challenge in 2006 had contestants extract information from a broken CD, break into password-protected files and determine whether photographic images were real or computer generated. Teams often must develop their own tools and programs, and document how they come up with answers.

“DC3 was really just focusing my hobbies,” said Gorton, of Sarasota, Fla., who has taken a year off from Norwich and looks forward to returning. Figuring out how to keep information and code secure has been a passion of Gorton’s since he started programming at 13. He describes himself as the type of person who was always encouraged by his parents to pick up old, abandoned computers, resuscitate them and try to find what he could learn.

“A lot of kids in their free time play video games,” he said. “I’m not that kid.”

Maxwell, a third-year CSIA major, had been on previous Norwich teams that took up the challenge, but never at this pace.

“We knocked it out pretty fast,” said Maxwell, who estimates he devoted 10 or 15 hours to the project, on top of his normal school work. Gorton, he added, took on most of the work load, while Maxwell concentrated on three or four questions involving programming—his key interest.

Maxwell, of Carlsbad, Calif., mentioned a challenge where he had to extract the relevant information from a text chat program on Skype, a multimedia communications tool. The problem involved research and examination of how the software was configured, and took some time.

“Once I knew what I was doing, it wasn’t too hard,” he said. “It made for a fun puzzle.”

CSIA majors at Norwich, the county’s first private military college, have participated in DC3 since it started in 2006. Teams under the names Super Secret Squirrels and CyberCadets placed in the top 10, and students planned to field a team for 2008.

They registered as CyberCadets in the spring, but decided much later in the game to let it rest, according to Keith Gilbert, a CSIA major in his third year who participated in the first two competitions. As the deadline approached, people were simply too busy, and unable to give the challenge the attention it deserved, he said. In October, Gorton and Maxwell decided they didn’t want to see Norwich drop from the list of finishers.

The challenge is tough, and most teams are graduate-level or come from military factions, Gilbert said. The competition is becoming more competitive and difficult each year, which he believes is necessary to its vitality.

“The reason ... is to find new ways of doing things, and not rely on already-available tools,” said Gilbert. “I think what we’ll probably do next year is create two teams.”