# UNODC Africa DIGITAL FORENSIC COMPETITION 2022 --- Throughout the month of June, the United Nations Office on Drugs and Crime (UNODC)’s Global Program on Cybercrime in Africa held an Africa-wide Digital Forensics competition. ## Aim The UNODC Global Program on Cybercrime launched this Africa-wide competition to raise knowledge and build capacity on the continent on digital forensics, but also to highlight the vast expertise in this field that exists and continues to grow here. ## Competition This competation involves Africans countries where Digital Forensics experties and students from Government, law enforcements and universites were eligible to parcitipate.During the competition, where a set of different challenges were released each week for four weeks in June. categories that were included are : * Dark web investigation * cryptocurrency investigation * Android Phone Investigation * Iphone Investigation In addition, training videos were also released to assist participants that were struggling with certain challenges or who just wanted to learn more on the topics. In total, 5 training videos were created. these videos were intended to give a hint to those question that were hard to some participats. ## Overall Forensic Report The scenario all begins with **Artemis Nuru** who in this case is our victim. The victim seems to be interested in knowing more about the Dark-web. They, the (victim) creates a private network to protect his activities and location virtually trying to remain anonymous via the Dark-web in this case he used anonymous network called **i2p**. In this network the victim, he configured the network (**i2p**) via **icecat browser** and set the hostname to **nurucoin.i2p**. Thereafter, the victim found out about another private network called **TOR** where he found a site that he could purchase skimmed cards. The victim then paid an amount for the skimmed cards as instructed by the site. The payment was done via bitcoin using bit-pay application through address **bc1qelkxqqna2r2jamd90y37605jjtxykwvqtrk98p** address. Upon the completion of the payments, the victim was provided website link as well with credentials that allowed him download an executable program that was supposed to run to get the cards. However, this program did not only provide the cards but also create a backdoor access to the attacker. At this point the victim’s computer was compromised. The suspicious attacker after gaining access was able to transfer **crypto-currency** from the victim’s wallet to his own personal wallet and encrypted the victim’s files. He later-on left a message to the victim that if he needed his files back, he would have to pay a **$500** to **bc1q9l2t50aa4vam2xynqypcgh2a2t8p55hke0xv5q** in order to decrypt the files. The victim then went to the investigators, as soon as he saw that there were some important files that had been encrypted and the note left behind by the suspicious attacker. The investigators(us) analyzed the victim’s computer from acquisition of the Ram and the Hard disk dump. This narrowed down the suspect list to be Habiba Rhaxma. The Habiba’s computer shows to have suspicious files that are similar with the one that created backdoor to the victim’s computer, also Habiba’s computer shows the wallet that contains address that used to claim to victim to send money. At the end, there high chance that Habiba Rhaxma is responsible to this attack. ## Achievement Above forensic's report refer an overall scenario that we were summerizing together depends on questions/challenges that we were asked to solve which means if you were right on solving all challenges you get to know what exactly happended to victim. ### Week 1 we solved all challenges from this week, the dataset we used is from victim's computer harddisk dump and RAM dump. This week challenges were all about analysing victim's activites ### Week 2 we solved all challenges from this week, the dataset we used is from victim's computer harddisk dump and RAM dump. This week challenges were all about what activites were done by suspicous attacker to a victim's computer ### Week 3 we solved all challenges expect one, the dataset we used is from victim's computer harddisk dump and RAM dump. This week challenges were all about what and how victim's computer was compromised ### Week 4 we solved all challenges expect one, the dataset we used is from Suspicious's computer harddisk dump and Phone image's dump. This week challenges were all about ananlysing a suspicous's computer to check if she is responsible for the attack. ## Position This year competition involved two categories which were * Team * Individual Under team we managed to be in **5th** Position under individual we managed to be in **4th** and **5th** Position   ## challenges This year compitition was kind tough due to some challenges that were involved password cracking that consume alot of time on generating all possible combination passwords to recovery an ecrypted files. Also data set for this challenges was big , almost 20 gb were we had trouble downloading them via torrent. ## Conclusion By concluding, We learnt alot of new things this year due to scenario of challenges based on real life scenario on how people got scammed and their computers got compromised when trying to explore new things on internet. Also thanks to our University of Dodoma for their support on using the forensic lab. also thanks to e-Government Authority for their support on their resources that helps us alot on password cracking challenges.