Cyber Forensics - LAB 3

docx

School

Meru University College of Science and Technology (MUCST) *

*We aren’t endorsed by this school

Course

MISC

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

2

Uploaded by ChefMaskWolf17

Report
Cyber Forensics for Data Breaches Lab Assignment 3 – Memory Analysis Your Forensics Team Lead has provided you a Memory Dump of a suspected system and asked you to focus on the following questions. Password for the 7z file is as follows: LetsGetReady! 1. Examine Network Connections a) Create a table with external IP addresses with established connections and find out more about the IP addresses (WHOIS Information) b) Which connections would you deem suspicious and why? c) Create a table with destination ports of both external and internal connections and find out the function of each port d) Is there any additional connection that looks suspicious? If yes, why? 2. Examine Running Processes a) How many active processes are on the system? b) Do you see any suspicious processes? If yes, list the PID and Process Names in a table c) After conducting Network Connections examination and Running Processes examination, which processes seems to be the most suspicious? 3. Examine potential Malicious Processes a) Run the "malfind" plugin and determine which processes are suspicious b) After conducting Network Connections examination, Running Processes examination and Malicious Processes examinations, which processes seems to be the most suspicious. 4. Examine Commands History a) Do you see any evidence that would implicate another system within the company network?
b) Which site is used to download suspicious files? c) What is the name of malicious PHP file that attacker wants to use? d) What is the persistence mechanism used by the attackers? e) Create a list of all Commands in the table and comment on the function of each command. 5. Dumping Processes and DLLs a) Dump the binaries of suspicious processes b) Grab MD5 Hashes of all suspicious processes and list in a table c) Search VirusTotal.com for the MD5 Hashes and report any new information learned. Submit your work in a Microsoft Word document titled [Lab 3 - FirstName Last Name] on Canvas Portal
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CIS206_3.3_Create_and_Modify_Users_and_Groups_Corey_Adams.docx
Screenshot 2023-11-02 090532.png
Exploring business careers.docx
decbb6d6-0975-4321-9b13-0c9ae3ff665b.docx
Report part A.docx
How to Use Flask Programming for Computer Forensics.docx
WGU C172 Network and Security (27).pdf
Marcus Vinicius A20234 Life Cycle Management Processes Assessment 2.docx
intrusion detection week 4.docx
NAmedz.docx
Creating a Comprehensive Sales Strategy for Saudi.edited.docx
Recovery For Module 1 Assignment.docx