Performing_Incident_Response_and_Forensic_Analysis_4e_-_Shakiera_Williams

pdf

School

Harford Community College *

*We aren’t endorsed by this school

Course

105

Subject

Information Systems

Date

Feb 20, 2024

Type

pdf

Pages

10

Uploaded by ChiefWaterBuffalo3801

Report
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Student: Email: Shakiera Williams swilliams120.owlmail@harford.edu Time on Task: Progress: 12 hours, 0 minutes 100% Report Generated: Wednesday, December 13, 2023 at 10:44 AM Section 1: Hands-On Demonstration Part 1: Analyze a PCAP File for Forensic Evidence 10. Make a screen capture showing the Time Graph . Page 1 of 10
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 16. Make a screen capture showing the details of the 2021-Jul-13 15:33:00 session . Part 2: Analyze a Disk Image for Forensic Evidence 6. Make a screen capture showing the email message containing FTP credentials and the associated timestamps . Part 3: Prepare an Incident Response Report Page 2 of 10
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Date Insert current date here. December 1, 2023 Name Insert your name here. Shakiera Williams Incident Priority Define this incident as High, Medium, Low, or Other. High Incident Type Include all that apply: Compromised System, Compromised User Credentials, Network Attack (e.g., DoS), Malware (e.g. virus, worm, trojan), Reconnaissance (e.g. scanning, sniffing), Lost Equipment/Theft, Physical Break-in, Social Engineering, Law Enforcement Request, Policy Violation, Unknown/Other. Compromised user FTP server credentials Incident Timeline Define the following: Date and time when the incident was discovered, Date and time when the incident was reported, and Date and time when the incident occurred, as well as any other relevant timeline details. July 31, 2021 at 10:30 AM Eastern time and reported 10 minutes later. Incident Scope Define the following: Estimated quantity of systems affected, estimated quantity of users affected, third parties involved or affected, as well as any other relevant scoping information. Estimated quantity of systems affected= Estimated quantity of users affected= 11238 Page 3 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Systems Affected by the Incident Define the following: Attack sources (e.g., IP address, port), attack destinations (e.g., IP address, port), IP addresses of the affected systems, primary functions of the affected systems (e.g., web server, domain controller). IP addresses of the affected systems Primary functions of the affected systems e.g., web server, domain controller Security software loaded on the affected systems (e.g., anti-virus, anti-spyware, firewall Users Affected by the Incident Define the following: Names and job titles of the affected users. Marvin the Project Manager. Page 4 of 10
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Section 2: Applied Learning Part 1: Identify Additional Email Evidence 5. Make a screen capture showing the email from Dr. Evil demanding that Marvin install a keylogger . 6. Make a screen capture showing the email from Dr. Evil reminding Marvin to update the firewall and scheduler . Page 5 of 10
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Part 2: Identify Evidence of Spyware 12. Make a screen capture showing the three events that are related to the Actual Keylogger file in the /Windows/System32/Tasks folder with a June 30 timestamp . 15. Make a screen capture showing the one event that is related to the Actual Keylogger file in the /Windows/System32/Tasks folder with a July 1 timestamp . Page 6 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 20. Record the date and time that the keylogger’s executable file was created. 2021-06-24 08:57:56 MDT 22. Record the date and time when the keylogger’s executable file was last started. 2021-07-01 15:54:39 23. Record whether you think you have evidence to claim that Marvin opened the keylogger. MJ_Evidence.001_1 Host Detail Login Count=16 Flag=Normal User Account Password Do not match Part 3: Update an Incident Response Report Date Insert current date here. 13/12/2023 Name Insert your name here. Shakiera Williams Incident Priority Has the incident priority changed? If so, define the new priority. Otherwise, state that it is unchanged. HIGH Page 7 of 10
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Incident Type Has the incident type changed? If so, define any new incident type categories that apply. Otherwise, state that it is unchanged. Compromised System (Phishing Attack) Incident Timeline Has the incident timeline changed? If so, define any new events or revisions in the timeline. Otherwise, state that it is unchanged. July 31, 2021 at 10:30 AM Eastern time and reported 10 minutes later. Incident Scope Has the incident scope changed? If so, define any new scoping information. Otherwise, state that it is unchanged. State Unchange Systems Affected by the Incident Has the list of systems affected changed? If so, define any new systems or new information. Otherwise, state that it is unchanged. Security software loaded on the affected systems Users Affected by the Incident Has the list of users affected changed? If so, define any new users or new information. Otherwise, state that it is unchanged. No Page 8 of 10
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Section 3: Challenge and Analysis Part 1: Identify Additional Evidence of Data Exfiltration Make a screen capture showing an exfiltrated file in Marvin's Outlook database . Part 2: Identify Additional Evidence of Spyware Make a screen capture showing the email with instructions for installing additional spyware . Page 9 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Document the red flags in the email that indicate that it may be a phishing attempt. red Flag:Yes dr evil send two link to marvin and that's link which is like that dr Evil trying phishing attack Powered by TCPDF (www.tcpdf.org) Page 10 of 10

Related Documents

Assignment 1 HTML CSS Landing Page-1.pdf
IT313 Risk Analysis and Mitigation Plans.docx
MIE 330 - Project #2.docx
IT313 Project One.docx
IT 304 Project One.docx
Hello Class.docx
Quiz Template.docx
Week 2 Discussion General Client Questions.docx
City Jail ERD.docx
D._Chance_-_City_Jail_Database_Submission.pdf
City Jail Database Submission.docx
D._Chance_-_City_Jail_Constraints_Submission (1).docx