The Rhino Hunt data set requires examination of a small image file and  three network traces.

This image was contributed by Dr. Golden G. Richard III, and was originally used in the DFRWS 2005 RODEO CHALLENGE.


 The city of New Orleans passed a law in 2004 making possession of nine or more unique rhinoceros images a serious crime.   The network administrator at the University of New Orleans recently alerted police when his instance of RHINOVORE flagged illegal rhino traffic.  Evidence in the case includes a computer and USB key seized from one of the University’s labs.  Unfortunately, the computer had no hard drive.  The USB key was imaged and a copy of the dd image is on the CD-ROM you’ve been given.

 In addition to the USB key drive image, three network traces are also available—these were provided by the network administrator and involve the machine with the missing hard drive.    The suspect is the primary user of this machine, who has been pursuing his Ph.D. at the University since 1972.

 MD5 hashes for evidence:

c0d0093eb1664cd7b73f3a5225ae3f30 *rhino.log
cd21eaf4acfb50f71ffff857d7968341 *rhino2.log
7e29f9d67346df25faaf18efcd95fc30 *rhino3.log
80348c58eec4c328ef1f7709adc56a54 *RHINOUSB.dd

The image and trace files are in a zip archive.

The task:

 Recover at least nine rhino pictures from the available evidence and include them in a brief report.  In your report, provide answers to as many of the following questions as possible:

The answer (pdf).