What is the DFRWS Rodeo?

The DFRWS Rodeo is a team based event where participants group together to solve forensically themed challenges in order to score points. The Rodeo is open to all attendees of the conference, regardless of ability level, and is designed to be a lighthearted social event where participants can meet new people and learn new skills.

When is the Rodeo?

The Rodeo is held each year at the DFRWS conference after the banquet, and lasts between 3-4 hours. At the end, the winners are awarded prizes, and a walk-through of each challenge is provided.

How does it work?

The rodeo takes the form of a jeopardy style capture-the-flag event. A set of challenges will be released, spanning a number of categories and point values, and teams will have a limited amount of time to solve as may as they can. Each challenge, once solved, will produce a “flag” value, a short text string that must be submitted to the game sever in order to score points.

Flags are typically case-sensitive and often contain underscores and other symbols. In some cases, they will be clearly marked as a flag.



What are the challenges like?

Challenges range from entry level to advanced in terms of difficulty, and this is typically reflected in how many points they are worth. In the past, challenges have spanned a wide variety of disciplines related to digitial forensics and incident response, such as crypto, file/disk/memory/network forensics, dynamic analysis, and reverse engineering. Check out the write-ups and problem sets on this site for examples of challenges from previous years.

How do I participate?

Simply show up to the Rodeo after the banquet and you can join in! If you do not have anyone to form a team with, we will help you find one.

What should I bring?

A laptop is highly recommended, as many problems will not be solvable without one.

In terms of tools and software, problems could require any of the following, so being prepared will save you time on the night.

  • Virtualization software (eg vmware, virtualbox)
  • Windows / Linux virtual machines
  • Disk analysis tools (eg sleuth kit, foremost)
  • Memory analysis tools (eg volatility, rekall)
  • Network analysis tools (eg wireshark)
  • Document analysis tools (eg Office, oledump)
  • File analysis tools (eg file, hex editor)
  • Dynamic analysis tools (eg dbg, ollydbg, procmon)
  • Static analysis tools(eg IDA, ghidra, strings)
  • Your scripting language of choice

Some challenges may need specific software, so be prepared to download and install things on the fly as well.