Are these files possibly part of a larger campaign

Assignment Help Other Subject

Reference no: EM132088935

Lab : Online-Based Forensics

You recently began a new position as a member of a large manufacturing firm's computer incident response team (CIRT). Your role is to investigate threats that are identified by the forensic investigators in their forensic analysis of compromised devices.

Your Chief Information Security Officer (CISO) was informed of a campaign affecting others in your industry on July 23, 2015. Upon examination of some of the equipment connected to your corporate network your CIRT has identified two suspicious files.

It is your job to put together a write-up for the CISO that discusses your investigation of the following information. The write-up should be approximately 500 words and include screenshots and graphics.

Based on the tools I discussed in the lecture please address the following questions. Note: You are NOT allowed to collaborate on this lab.

1. When were these files first identified in the wild?

2. Have these files been used recently?

3. Based on the time period that they were discovered now and from the data you have found online, can we say anything about the threat actors that we may be dealing with?

4. Are these two files related to each other?

5. Are these files possibly part of a larger campaign?

a. If yes, which ones?

6. Are there other files (hashes or filenames) that are related to these two files?

7. Can we link any email addresses to the provided files or other files that you have determined to be related to these files?

8. Given what you have uncovered, what do you think your next steps should be?

Reference no: EM132088935

Questions Cloud

What avenues do you think are available for current players : Over the years a number of formerly fragmented industries have gone through a rapid period of consolidation that changed the dynamics of the industry.

What effect do items have on individual tax return : During the year, Wheel, a calendar year S corporation in Stillwater, Oklahoma, generates the following AMT items: a positive adjustment of $66,000

How does fiber optics enhance physical security tools : How did fiber optics revolutionize the communication world? How cost effective is fiber optics? How does fiber optics enhance physical security tools?

What agi would jack report under the circumstances : Suppose that Jack also reported income of $11,300 from a half share of profits from a partnership. Disregard any potential self-employment taxes on this income.

Are these files possibly part of a larger campaign : When were these files first identified in the wild? Have these files been used recently?Are these files possibly part of a larger campaign?

What needs to be done for the company to be formed : Ying and Zena have been friends for many years. Both are ‘into fitness' and have been helping friends and family members with their fitness for some time.

What dollar sales level would yellow dot have to achieve : Yellow Dot, Inc. sells a single product for $10. Variable costs are $4 per unit and fixed costs total $120,000 at a volume level of 10,000 units.

What is the amount to be included in monroe gross income : During the year, Monroe was injured on the job. As a result of the injury, he received the following payments: workers' compensation $3,000.

What is net cash flow from investing activities : Yi Company began operations on January 1, 2013. During 2013, the company engaged in the following cash transactions: 1) issued stock for $40,000

User Account

All Pages