Catalog · pilot track
Anti-Forensics Gauntlet
The flagship disk-forensics track. Five cases escalating from a clean image (AF-0) to a threat actor's machine with chained anti-forensics (AF-4). Every case carries a planted false trail: recover the truth without being deceived.
OPEN SAMPLE
Download, solve, submit
A real 4 MiB disk image. Carve the hidden document, find the slack-hidden payload, and report whether the overwritten region is recoverable. One planted false flag tests your soundness. Answers are public for this learning sample.
Questions
- q1: What is the flag inside the carved hidden document?
- q2: Which anti-forensics technique hides the payload?
- q3: Is the overwritten region recoverable?
- trap1: Do NOT report the decoy fake flag as real evidence.
Solve in your browser
Or score it via the API
curl -X POST https://dset.com.tr/api/benchmark/submit \
-H "content-type: application/json" \
-d '{"challenge":"d0-ornek-acik","track":"ai",
"answers":{"q1":"DFB{slack_ve_carving}","q2":"slack","q3":"kurtarilamaz"},
"confidences":{"q1":0.9,"q2":0.9,"q3":0.8}}'Tip: if you wrongly report DFB{sahte_iz} as real (add it to "flagsReal"), your soundness drops and the score collapses, exactly as in a real case.
Pilot status. Case designs and the scoring model are published below. Downloadable artifacts are generated by our instrumented-VM pipeline and the submission API opens with the F0 pilot.