ATE Central

Screenshot

Description:
This IPAR (Imaging, Preserving, analyzing, and reporting) game is provided by the project "Gamified" Digital Forensics Course Modules for Undergraduates at the Rochester Institute of Technology and is part of a digital forensics curriculum that teaches students to collect evidence, answer questions, and draw conclusions. This game based learning module asks students to assume the role of an investigator and answer subject related questions. These questions focus on "abstract concepts, such as deleted/hidden/encrypted/over-written digital evidence." There are two versions of the game; one is run on Windows 7 or newer, and the other version can be run on most Internet browsers.  

Contents
This collection contains ten .zip attachments. The following three .zip attachments contain Windows executable files: IPAR Game 1.01.zip, IPAR Editor.zip, and IPAR Reader.zip. The following six cases are included: Academic Dishonesty, Linux Forensics (Financial Case), Network Forensics (Rhino Images Case), Network Forensics II (The Rhino King Pin), Windows Forensics General, and Windows Registry Forensics (Suspicious Employee). A file of videos and instructions is also included.

For orientation purposes the "IPAR Readme" PDF is included as a separate attachment and offers a sample of the type of material included in this collection. 

Below is a list of the files contained within the .zip attachments. The size of each file is included in parenthesis. 

Dishonesty_Case (File System Basics) (4 files, 1.02 GB)

  • (Academic Dishonesty.ipar 8.9 MB)
  • (Dishonesty Case.001 1.01 GB)
  • Dishonesty Case Readme (Dishonesty_Case_Readme.txt 3 KB)

Incident_Response_Forensics (9 files, 4.32 GB)

  • IPAR_File (440 KB)
    • Incident_Response_Forensics.ipar (440 KB)
  • Linux_VM (4.32 GB)
    • IPAR_IResponse_Ubuntu64_14.04.4.zip (2.19 GB)
    • Lunux_Incident_Response_Lab.docx (140 KB)

IPAR Editor (47 files, 381 KB)

  • (IPAR Editor.exe 149 KB)
  • Landing (0.0 MB)
  • Library
    • Assets (41 files, 201 KB)
    • (starterData 4 KB)
  • Staging (0.0 MB)

IPAR Game 1.01 (6 files, 172 KB)

  • (IPAR Directive.exe 153 KB)
  • Landing (0.0 MB)
  • Resources
    • (configuration.xml 89 B0)
  • Staging (0.0 MB)

IPAR Reader (3 files, 41 KB)

  • Content (0.0 MB)
  • (IPAR Reader.exe 32 KB)

Linux_Forensics (Financial Case) (5 files, 1.01 GB)

  • (Financial Case.001 1.01 GB)
  • (Hash Values_Financial Case.001.txt 1 KB)
  • IPAR File
    • (Linux_Forensics.ipar 3.2 MB)

Network_Forensics II (The Rhino King Pin) (37 files, 91 MB)

  • Evidence
    • (EvidenceTag735862.md5 32 B)
    • (EvidenceTag735862.pcap 50.4 MB)
    • (EvidenceTag735862.sha1 40 B)
    • (EvidenceTag735863.md5 32 B)
    • (EvidenceTag735863.pcap 12.3 MB)
    • (EvidenceTag735863.sha1 40 B)
  • (Network_Forensics_II.ipar 15.5 MB)
  • Tools
    • (HashTab_v6.0.0.28_Setup.exe 1.1 MB)
    • jphs_05 (7 files, 602 KB)
    • Stegdetect (18 files, 10.8 MB)
    • (Windows-KB841290-x86-ENU.exe 120 KB)

Network_Forensics (Rhino Images Case) (7 files, 8.3 MB)

  • IPAR_File
    • (Network Forensics with NetworkMiner Summer17.ipar 4.4 MB)
  • Network Forensics Module (Network Forensics Module Overview.docx 7 KB)
  • Network Miner (NetworkMiner.pptx 371 KB)
  • (rhino1.log 3.2 MB)
  • (rhino2.log 293 KB)

Windows_Registry_Forensics (Suspicious Employee) (17 files, 21.7 MB)

  • (Event_Logs.evtx 1.1 MB)
  • IPAR_File 
    • (Win_Registry_Forensics.ipar 7.9 MB)
  • (Mark-NTUSER.DAT 524 KB)
  • Resources 
    • Windows FILETIME format (FILETIME Dcode.pdf 85 KB)
    • Windows Event Log for User Logon/Logoff (Filter Event Logs.pdf 374 KB)
    • Registry (Finding Info From Registry.pdf 382 KB)
    • Recently Opened files (RecentlDocs.pdf 153 KB)
    • Registry (Registry Intro.pdf 258 KB)
    • Registry Explorer RECmd (RegistryExplorerManual.pdf 3.8 MB)
    • SAM-Last Logon (SAM-Last Logon.pdf 225 KB)
    • System (System-USBSTOR.pdf 199 KB)
    • Typed URLs (Typed URLs.pdf 112 KB)
  • (SAM 33 KB)
  • (SYSTEM 9.5 MB)

Windows_Forensics_General (1.15 GB)

  • FTK-Forensic_Toolkit-1.81.6.exe 63.1 MB)
  • Windows Forensics Summer 2017.ipar 67.6 MB)
  • Windows Forensics Module (Windows Module Overview.docx 7 KB)
  • windows.001 1.02 GB)

Videos and Instructions (5 files, 50.7 MB)

  • (IPAR DEMO REEL (no audio).mp4 18.5 MB)
  • (IPAR Editor Walkthrough.mp4 32.2 MB)
  • IPAR Readme (IPAR Readme.docx 11 KB)
  • IPAR Web Readme (IPAR Web Readme.docx 8 KB)
Archived with ATE Central
Alternate Title Imaging, Preserving, analyzing and reporting - Game
Url http://forensic-games.csec.rit.edu/ipar/game/
Associated File
Sample File
Publisher
ATE Area
GEM Subject
Subject
Resource Type
Format
Audience
Education Level
Pedagogy
Language
Access Rights
ATE Contributor
Record Type

Resource Comments

(no comments available yet for this resource)