Last Updated: 17 May, 14:42 GMT
In order to maintain sanity and control of time, the most frequently asked questions about The Honeynet Project's Reverse Challenge are found here. I hope the answer you're looking for is included.
QUESTIONS:
Reverse engineering is a part of forensics. Computer forensics is the analyzing of a hacked computer to determine what happened. It is the process of preserving and recovering evidence to determine who did what when. This is very similar to the forensic's process law enforcement uses at a scene of a crime, such as a car accident, murder scene, or bank robbery. Reverse engineering is a critical component of computer forensics. It is the process of taking a unknown computer program that an attacker used, and determining how it works and what it is used for. One analogy would be law enforcement finding a strange, mechanical device the size of a watch at a crime scense. Their forensics team would take the device apart, analzye it, and determine its purpose (perhaps in this case its a device for criminals to covertly communicate with each other). We have the same challengs in the computer world, determining the purpose of hacker tools we find in the wild. Reverse engineering allows us to determine the tools purpose, who designed it, and teaches us about the threats we all face.
The idea of the Forensic Challenge was to open this learning process up to the security community at large and allow everyone to benefit from the experiment. Part of the challenge in forensic analysis is identifying questions like this yourself -- devloping hypotheses -- and then finding evidence to allow you to determine whether your hypothesis is probable (a theory) or not. The more supporting evidence you can find, the greater the likelihood your theory is correct. Sometimes you find evidence that doesn't fit your hypothesis, and it leads you to a new one, or to a brief AHA!!! moment of enlightenment. Also, in a real world investigation, you may not have the luxury of interviewing the system administrator.