__      _____________________ _________ ________  _________             ________  ___________._____________ 
/  \    /  \______   \_   ___ \\_   ___ \\______ \ \_   ___ \            \______ \ \_   _____/|   \______   \
\   \/\/   /|       _/    \  \//    \  \/ |    |  \/    \  \/             |    |  \ |    __)  |   ||       _/
 \        / |    |   \     \___\     \____|    `   \     \____            |    `   \|     \   |   ||    |   \
  \__/\  /  |____|_  /\______  /\______  /_______  /\______  /           /_______  /\___  /   |___||____|_  /
       \/          \/        \/        \/        \/        \/                    \/     \/                \/ 
	  
Hello there! This is a readme file for the DFIR content on the archive. This data was presented at the 2023 Blue Team Con by Turb0Yoda and Bluescreenofwin (https://blueteamcon.com/2023/talk-tracks/talk-track-1-50-minutes/). This is LIVE DATA collected from the WRCCDC security competition where blue teams protected a "fully functioning" business from an active red team during 2 day period. The data is collected from 10 teams from 1 Windows box and 1 Linux box. The Windows box is "Bluecheese" and is a Windows Server 2016 domain controller. The Linux box is "Oaxaca" and is a Ubuntu 16.04 Wordpress site.

Licensing:
The data here can be used freely for research purposes. We only ask that you include the source of the data and original authors (Turb0Yoda and Bluescreenofwin). We plan to do this annually after each season. If you have any questions feel free to contact us via Twitter/LinkedIn or via email at michael.glass(at)wrccdc.org

-Windows artifacts were collected with Velociraptor (https://github.com/Velocidex/velociraptor)
-Linux artifacts were collected via CyLr (https://github.com/orlikoski/CyLR)

Happy hunting!