Digital  Forensics  CONSORTIUM

                                                                                                                                                                                         A NON-PROFIT CORPORATION

Where the ART OF THE POSSIBLE is transformed into the SCIENCE OF THE PROBABLE

The Digital Forensics Consortium (DFC) supports America's national defesne, economic competitiveness, public safety and strategic viability by encouraging the nation's best and brightest to tke an interest in Digital Forensics.  DFC addresses these goals by investing in yber workforce development through educational STEM programs, industry outreach, and research and development activities that provide for the cyber surety of the United States.  Through its collaboration with industry, academia and government, DFC provides cyber competitions, educational seminars, workshops, and intellectual cultivation.  This innovative organization provides for a capabilities-based Digital Forensics Cyberhunters to meet the nation's growing demand for a broad range of Digital Forensics needs.

                                     VISION                                                     MISSION
       MITIGATE THE THREAT TO PUBLIC SAFETY,                                    ONE EXERCSE AT A TIME

The DFC's US Digital Forensics Challenge (USDFC) supports the White House "" site, which encourages federal agencies to promote creativity and captivate the public's imagination through challenges that drive innovation.  Since its creation in 2010, "" has engaged more than 42,000 citizens in competitions that have solved vexing problems facing more than 60 Federal Agencies.  The USDFC is designed to develop and hone those skills necessary to ensure an organized an unified response to future cyber threats while also inspiring current and future citizens to assure vital national interest.

Additionally, DFC's Digital Crime Scene Challenge (DCSC) introduces Digital Forensics in STEM (Science, Technology, Engineering, and Mthematics) programs to cultivate awareness and digital literacy to build the digital workforce of the 21st century.  And DFC's Strategic Advisory Board (SAB) provides for a collaborative endeavor to strengthen public/private partnerships to facilitate cutting-edge research to meet the digital challenges of our time.

DFC consists of 5-Pillars to serve their vision and mission statement:

          PILLAR 1:  US DIGITAL FORENSICS CHALLENGE:  Virtual Cyberhunting competition                                    focusing upon skills & innovative approach to identify digital evidence

          PILLAR 2:  DIGITAL CRIME SCENE CHALLENGE:  Direct hands on interactive mock                                       crime scene to show the importance of STEM in Cyberhunting          
          PILLAR 3:  DIGITAL FORENSICS INTELLIGENCE:  Develop technological tools, tactics,                                  techniques and operational processes for the Cyberhunter    

          Pillar 4:  STRATEGIC ADVISORY BOARD:  Partnership with academia, government                                   & industry to harness the intellectual capacity present in today's                                               information environment

          Pillar 5: CHARACTERIZE the INFORMATION ENVIRONMENT:  Develop a strategic                                    framework & operational process to characterize information environment

The US Digital Forensics Challenge (USDFC) is an international virtual competition focusing on the critical Cyberhunting discipline of digital forensics. The USDFC consists of more than 25 scenario-based digital forensic exercises, of progressively greater complexity, which engage and excite students to consider a career of advance study in the disciplines of Digital Forensics. The Challenge is a call to the digital forensics community to pioneer new investigative tools, techniques and methodologies while, most importantly, connecting the participants with our sponsors to fill critical positions focused on the following objectives:

          – Visibility w/in critical Digital Forensics Cyberhunting disciplines

         – Address shortage of cyber professionals, in Digital Forensics

          – Establish relationships and a network of talent within the

             Digital Forensics Community

         – Resolve real-world issues facing Digital Forensics Community

        – Develop new tools, techniques, and methodologies for the

           Digital Forensic Community

       – Connect our sponsors w/ best & brightest in Digital Forensics

 The Digital Forensics Challenge was conducted by the Department of Defense (DoD) for 7 years before ceasing operations due to budget challenges.  Many of these dedicated experts have joined with DFC to continue this overwhelmingly successful competition.

The 2015 US Digital Forensics Challenge is open to individuals and teams consisting of Cyberhunters from corporate, government or academic entities of 1 to 5 players per team. Recognized as a premier challenge over the last 7 years the USDFC has stimulated interest in the discipline of digital forensics at all levels, from High School through graduate level as well as private sector and government. As one of the earliest cyber challenges, it quickly became an international competition with participation by over 600 US and over 600 non-US teams from 53 different countries.

The USDFC leverages the application of science for an investigative or legal purpose involving the processing, discovery and interpretation of electronic data. Until recently, Digital Forensics was a discipline limited to law enforcement as well as the Intelligence communities. Today, nearly all major corporations and law firms deploy critical Digital Forensics capabilities on their mobile phones, laptops, desktops, tablets, GPS devices, networks and vehicles. Thus Digital Forensics is a Cyberhunter discipline that is in high demand and low supply in today’s cyber marketplace and therefore the criticality of developing STEM skills and the benefits derived from this challenge are essential to

       - Building and developing hands-on and critical thinking skills

       - Application of teamwork and time management skills

       - Demonstrate knowledge and skill sets in digital forensics

       - Provide employers’ confirmation of a candidate's capabilities

Currently all other competitions within the cyber domain focus on defensive tools and strategies to protect networks from attacks. Digital forensics is the discipline necessary to uncover the who, what, when, where, why, and how of a cyber-attack. Was the breach caused by an insider or an outsider? What was compromised by the breach? What was the attacker’s intent? Is the actor still inside the network? Did they leave anything behind? Did they change anything when they were there? Insiders have and continue to pose the greatest threat because they already have trusted access to an entity's network and data. Thus characterizing the digital environment and establishing attribution is vital to managing the growing risk in this quickly evolving domain. 

Hence DFC conducts worldwide digital forensics competitions to engage, encourage and excite new talent                                        

             – ranging from middle school students to grad students to consider                               careers digital forensics

              - provide opportunitites for the private sector and government agencies                     to scout the best and brightest 

To date participants meet the DHS’s National Initiative for Cybersecurity Careers and Studies (NICCS) knowledge, skills, and abilities (KSA’s) the future holds the need to derive a greater awareness as to the effects of the information environment and understand the impacts these strategic endeavors have on the world stage. 

The USDFC develops challenges in a building block approach which evolve through five levels of difficulty (100-500 level).  Through experiential learning, these progressive exercises provide extensive opportunity to develop both breadth and depth which are assigned point value based on the complexity of the research and innovation required to develop solutions.

                   100 - Novice- exercises w/ well known solution in the community

                    200 - Advance- solvable exercises w/ varying degree of difficulty               

                                              (e.g. Data Hiding, File Headers, Passwords, Registry)
                    300 - Expert- no guarantee that these exercises have a solution
                                            (e.g. Encryption, Parsing, etc.).
                    400 - Master- these 400 point exercises have no known solution
                                            (e.g. Comm Recovery/Parsing, Info Concealment. etc.)
                    500 - Developer - required development of digital forensic tools  

                                                   based on defined requirements

                                                   (e.g. tools, methodologies, known Digital

                                                   Forensic investigation issues).

Digital Forensics Crime Scene Challenge (DCSC) is a hands-on experiential experience that can be taken to schools, conferences or events. The DCSC affords participants the opportunity to experience firsthand the implications, scope and benefits of digital forensic and learn how to apply investigative skills to focus on potential digital evidence at a mock crime scene.  Each team of 1-5 participants is given a scenario and an interrogation script of a suspect. Participants must process a physical mock crime scene and complete their investigation within 15 minutes. They will triage the digital evidence and key devices, which contain vital information (evidence) and related stored data in an effort to collect the maximum possible points. 

Our seasoned digital forensics experts mentor and educate teams on the issues investigators face, while challenging them through real-time, fun and interactive exercises. Each exercise begins with an introductory briefing – available to both participants and observers – describing digital forensics’ implications for today’s technologies and the need to develop applied skills associated with academic STEM programs. This hands-on learning laboratory has enjoyed unrivaled success for over four years given the innovative manner in which it has elevated awareness of the necessity of digital forensics in today’s information environment. 

This pillar encompasses the organization’s future objective of maturing the tools, technologies, operational process and a common framework upon which to evolve the capabilities resident within the digital forensics community. Thus it is the intent of the Tactics, Tools & Procedures (TTPs) evolved from this endeavor to serve as a catalyst to develop standards and compliance within the field of digital forensics. Overall, our objective is toward the evolution of the industry providing for a common perspective and enlightened understanding to the value of characterizing the information environment. 

An innovative think tank providing a commonality of perspective within the field of digital forensics. This collaborative environment continues to grow the digital forensics community, integrating industry, government, law enforcement and academia into a diverse partnership of common purpose and perspective. Through their ongoing engagement in this rapidly evolving field, the SAB provides insight to all aspects of the consortium as they harvest ideas and experiences to the mutual benefit of the digital forensics community at large.

Through ongoing efforts to build a strategic framework upon which to identify the characteristics of the information environment provides the basis upon which to assess the rapidly adapting information environment. By identifying the who, what, when and why actions are taken motivation as to their actions is revealed. Through these endeavors the opportunity to manage and overcome risk and harvest the art of the possible within the science of probable exist. For the predictive causality of action which serves to inform understanding by living in the question identifies those involved and the relationship they hold to the circumstances as they unfold.

At the strategic level, Digital Forensics is essential to assessing the viability of networks and is critical to solving crimes, which increasingly have a digital nexus today. Until recently, the majority of the focus has been on cybersecurity defense or the effort to prevent the compromises without clear understanding of the motive or identifying the perpetrator. Understandably, incident management and response teams actions after an attack is the foremost priority in an organization’s efforts to recover from its impact.  However, without a focus on remediation the opportunity to manage risk and prevent re-occurrence leaves the organization vulnerable. 

Given increased reliance on these systems for vital operational decisions, it is imperative that characterizing the environment in order to be aware of and manage risk is critical to reliable operational capacity. For it is through this baseline that affords the means to identify what happened, how it happened, who did it, what was their objective/motive, was it an insider or outsider, do they still have access, and did they change the data/information, are all question vital to assess damage and impact from the attack.  

Today organizations demand and deserve to proactively manage and lead their organizations with assurance of the veracity and accessibility of their information.  The DFC has been formulated to leverage the vast intellect of their Strategic Advisory Board (SAB) comprised of industry experts to invest in the future of this critical capability. Through the US Digital Forensics Challenge the DFC will inspire and invest in academia, industry and the Science, Technology, Engineering, Scientific (STEM) community to quickly evolve current standards vital to providing reliable, accessible and trusted networks. 

Through DFC's objective to support public safety, the national defense, economic competitiveness, and improving the workforce via their educational, outreach, and research activities to ensure the future viability of the security and public safety of the United States. These activities include, but are not limited to the formation and operation of a Cyberhunting competition, educational seminars and workshops focused upon the intellectual cultivation of digital forensics.

Currently the growing demand has outpaced the need for this skillset exponentially. The DFC is a non-profit organization with the technical experts to fulfill this vital capability critical to the future viability and evolution of the digital domain. Given that in today's net-centric environment the Digital Forensics discipline has expanded beyond the law enforcement community to include government, businesses, and academia and the resulting reliance on technological means to drive strategic advantage puts everyone at risk.  Thus ongoing assessment as to identify activities as being benign or malicious in an environment designed for unencumbered access and anonymity presents a daunting task. 

Due to the rapidly evolving nature of this environment and the exponential increase in the level of risk, today’s Cyberhunters or digital detectives are essential to determine the , when, where, why, and how to every event. It is from this common perspective and sight picture that their collaborative partners illuminates that threat in order to manage risk, explore opportunities and ensure the future viability of the organization within this quickly evolving do