User Account

All Pages

Analyse forensic data and review findings

Assignment Help Other Subject
Reference no: EM132368514

Assessment: Case Investigation Report

This document supplies detailed information on assessment tasks for this unit.

Learning Outcomes
This assessment assesses the following Unit Learning Outcomes (ULO) and related Graduate Learning Outcomes (GLO):

Unit Learning Outcome (ULO)
ULO 1: Apply knowledge of security on Windows network domain and follow standard procedure to investigate different types of cyber-crime
ULO 3: Analyse forensic data and review findings to further probe and investigate serious computer crimes; and
ULO 4: Reflect on findings and prepare reports for target audience that justifies findings.

Purpose
This assessment requires students to apply knowledge of security on the Windows network domain and follow the standard procedure to investigate different types of cyber-crime

Instructions
This is an individual assessment task. You are required to submit a case investigation report supporting your findings and a bibliography. You will be acting the role of the investigator Arif and report the findings.

This report should consist of:
• an overview of the computer crime case
• a list of necessary resources for forensic investigation
• an analysis of detailed findings
• a review and reflection on the findings

Problem Statement

Arif works for a university as an IT administrator. He received a call on Sept 8, 2009 from a staff member Amy who complained that a suspicious account has been created on her personal laptop without her consent. The general IT policy of the university disallows Arif to acquire any research-related files from Amy's laptop because she is participating in a top-secret government project. Therefore, Arif asked Amy to export the Windows Registry and copy a few Windows log files of her laptop from the directory:

C:\Windows\system32\config

Task 1 (Scanning the machine)
To ensure that Arif's machine is free of rootkit programs which may alter the investigation results, he decides to run a thorough scan on his investigation machine to ensure that there is no rootkit program. Choose at least two scanning programs and provide the screenshots of the scanning results.

Task 2 (Repairing Windows Logs)

Having ensured the safety of his forensic investigation platform, Arif decompresses the file "Desktop.zip" and finds 4 Windows event log files. Describe the information stored in each log file and repair those important log files so that they can be viewed in Windows EventViewer.

Task 3 (Which account is created)

Having repaired the log files, Arif examines one of them in order to identify which account was created without Amy's consents. Which log file and which EventID number should Atif search? Provide a screenshot for the account-creation event.

Task 4 (Where is Amy's password)

Having identified the event that a new user was created on Amy's laptop, Arif telephones Amy and asks whether she can provide more clues. Amy tells that she has a personal password safe as an encrypted ZIP file hidden on the university network. But Amy is confident that only she can access her account details because this password safe has multiple security protection mechanisms. However, Arif wants to demonstrate that Amy's belief may be too optimistic. Provide screenshots and describe how Arif can easily access Amy's account information.

Task 5 (Amy's password)

Arif has extracted Amy's password safe, but he wants to demonstrate to Amy that her Windows password can be easily cracked. So he calls Amy and Amy bets that he cannot get her password. Being challenged and authorized, Arif decides to crack Amy's Windows password used on her laptop. Work out what the username and the password are on Amy's laptop.

Task 6 (When did things go wrong?)

Amy now realizes that Windows provides a very weak protection and she becomes concerned about the safety of her research data. Arif decides to look through the log files again in order to identify when the bogus account logged on to Amy's laptop. Use two screenshots to indicate when the bogus account was logged on and logged off.

Task 7 (I know what you did)

Arif believes that he can find all important activities on Amy's system during the session time identified in Task 6. Which event recorded in the system log file will tell Arif about the actions performed by the bogus account?

When did this event terminate?

Task 8 (Using LogParser)

Arif recalls that some events with EnventID 11728 are closely related to the installation of Windows programs. He decides to use the program LogParser to search for the events with EventID 11728 in the log files. List all the events Arif will find by using LogParser (screenshots are required).

Task 9 (The valuable Registry)

Arif feels that things might be very serious, so he decides to go through the Registry file "Server.reg" in the "Desktop.zip" file. What program(s) will Arif classify as suspicious? Provide strong reasons.

Task 10 (Before calling the police)

Arif and Amy feel that they must report to the police about their findings. Before they write a formal complaint to the forensic team, Arif recalls that he has intercepted an NTLM authentication session of user "helpdesk" and the hash is:

3520EFAAD3850A27AAD3B435B51404EE:13C1E98BECA440FADC09F3D24670EA72

Arif guesses that the password is 3 characters long but contains special symbols. Now, crack this password by using your own rainbow tables (screenshots are required).

Reference no: EM132368514

Questions Cloud

The cask of amontillado and the ledge : In spite of the great differences that exist between the stories "The Cask of Amontillado" and "The Ledge," and the styles of their respective authors,
How can you apply that information to your own project : How can you apply that information to your own project, especially when you work on your observation task-based testing, which is coming up.
How you would diagnose and prescribe treatment for patient : Review the scenario provided, as well as Chapter 25 in the Huether and McCance text. Consider how you would diagnose and prescribe treatment for the patient.
Explain how your coursework helped you meet each outcome : A professional portfolio will showcase your knowledge and skills to prospective employers and will increase your marketability as a baccalaureate-prepared.
Analyse forensic data and review findings : SIT703 - Advanced Digital Forensics - Deakin University - Provide screenshots and describe how Arif can easily access Amy's account information
What are the five pillars of islam : How did The Immigration and Naturalization Act of 1965, also known as the Hart-Celler Act, change the American religious landscape?
Post a description of the pathophysiology of acute pain : Post a description of the pathophysiology of acute, chronic, and referred pain, including similarities and differences between them. Then, explain how GENDER.
Analyzes the poems treatment of scale : Compare these two poems that analyzes the poems' treatment of scale. What is the significance of one moment, one life,
What is marginal income for an additional year of education : You have estimated the following equation using OLS: According to this model, what is the marginal income for an additional year of education

Reviews

len2368514

9/9/2019 11:15:36 PM

Criteria 2: Students find/generate needed information/data using appropriate methodology (T2 – 4 marks) Collect and record required information / data from self-selected sources using one of several prescribed methodologies Criteria 3: Students critically evaluate information/data and the process to find/generate that information/data (T5 – 2 marks) Evaluate information / data and inquiry process using criteria related to the aims of the inquiry Criteria 4: Students organize information collected/generated (T6, T8 – 2 mark) Organize information / data using recommended structures and self- determined processes

len2368514

9/9/2019 11:15:04 PM

Criteria Attributes and Assignment Questions Criteria 1: Students embark on inquiry and so determine a need for knowledge/ understanding (T1, T3 – 2 mark) Very Good (above 75% of total marks) Respond to questions / tasks generated from a closed inquiry

len2368514

9/9/2019 11:14:20 PM

Criterion 3: Students critically evaluate information/data and the process to find/generate that information/data (TS - 4 marks) 4 points Evaluate information / data and the inquiry process using prescribed criteria Criterion 4: Students organise information collected/generated (To. T8 - 4 marks) 4 points Organise information / data using recommended structures and self-determined processes

len2368514

9/9/2019 11:13:54 PM

Criteria Criterion 1: Students embark on inquiry and so determine a need for knowledge/understanding (T1. T3 - 4 marks) Highly proficient (75-100%) 4 points Respond to questions / tasks generated from a closed inquiry Criterion 2: Students find/generate needed information/data using appropriate methodology (T2 - 8 marks)8 points Collect and record required information / data from self-selected sources using one of several prescribed methodologies

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd