User Account

All Pages

Automating e-mail evidence discovery

Assignment Help Computer Network Security
Reference no: EM132998674

Lab 6: Recognizing the Use of Steganography in Image Files
All tools and instructions to complete this lab are found in the virtual lab access that accompanies the textbook.
In a forensic investigation, investigators will explore a targeted machine in search of steganographic evidence, but when they do this, they risk changing the very data they seek, potentially invalidating evidence. For this reason, they will often make an image (copy) of an evidence drive and conduct the investigation on that image. In this lab, you will use S-Tools, and Windows Paint to discover possible steganographic activity on the image files in this evidence drive copy. Using S- Tools, you will properly identify and extract embedded data in a carrier image and document your findings.
Upon completing this lab, you will be able to:
Use S-Tools for Windows utility to search for possible steganographic activity embedded in image files
Extract a cipher key text file
Identify the use of steganographic data concealment techniques for covert communication and potential injected data
Extract steganographic sequestered data from identified image files while conserving their integrity
Report the details of hidden files

Deliverables:

SECTION 1 of this lab has two parts which should be completed in the order specified.
In the first part of the lab, you will open image files on the TargetWindows01 machine using Microsoft Windows Paint and describe the images in your Lab Report
In the second part of the lab, you will S-Tools to identify and extract any hidden embedded data.

Lab 7: Automating E-mail Evidence Discovery (E3)

All tools and instructions to complete this lab are found in the virtual lab access that accompanies the textbook.
In this lab, you will use E3 to automate e-mail and chat analysis to identify suspect files that may be useful in a forensic investigation. You will use E3's sort features to sort the files on the evidence drive into categories for easier analysis. You will document your progress throughout the lab to preserve the source and ensure the evidence is defensible and presentable in a court of law.
Deliverables:
Please complete Sections 1 and 2 of this lab (excluding lab quiz),
SECTION 1 of this lab has two parts which should be completed in the order specified.
1. In the first part of the lab, you will create and sort an evidence case file using E3.
2. In the second part of the lab, you will use E3 to view suspicious chat and e-mail files for evidence investigation.
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will review e-mail evidence from a different drive image, export e-mail files as evidence, and compare hash codes before and after exporting the e-mail files..

Lab 8: Decoding an FTP Protocol Session for Forensic Evidence

All tools and instructions to complete this part are found in LAB 8 as part of the virtual lab access that accompanies the textbook.
In this lab, you will use two very powerful forensic analysis tools, Wireshark and NetWitness Investigator, to examine the same File Transfer Protocol (FTP) traffic capture file, and compare the results of each. FTP is a protocol that is used extensively in business and social communications as a means to move files between a host and a client. Just about every time you download something from an internet site, you are using a version of FTP to manage the process. It is the most-frequently used file transfer tool, but it is vulnerable. You will explore the protocol capture file to see how FTP's cleartext transmission can endanger an organization.

Please complete Sections 1 and 2 of this lab (excluding lab quiz),
SECTION 1 of this lab has two parts which should be completed in the order specified.
1. In the first part of the lab, you will use Wireshark to examine a protocol capture file and identify the specifics of an FTP
2. In the second part of the lab, you will use NetWitness Investigator to examine that same protocol capture file and identify further specifics of an FTP
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will generate your own protocol capture file for examination.

Lab 9: Identifying and Documenting Evidence from a Forensic Investigation
All tools and instructions to complete this part are found in LAB 9 as part of the virtual lab access that accompanies the textbook.
In this lab, you will explore the forensic capabilities of E3 by using the sorting and search features to identify evidence. You will create bookmarks for the evidence you find to make it easier to locate them later. You will create an evidentiary report that can be used in a court of law, and a MD5 hash code for the report.
perform the following:
• Discuss proper documentation requirements and the chain of custody for a forensic investigation
• Use E3 to search for potential evidence in a forensic case file
• Bookmark evidence in a forensic case file
• Generate an evidentiary report from E3 that can be submitted in a court of law
• Generate an MD5 hash file for evidentiary reports generated by E3
Please complete Sections 1 and 2 of this lab (excluding lab quiz)
SECTION 1 of this lab has two parts which should be completed in the order specified.
In the first part of this lab, you will create and sort a new case file using E3.
1. In the second part of this lab, you will identify relevant evidence and generate an investigative report from E3.
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will identify and document evidence from a different drive image.

Lab 10: Conducting an Incident Response Investigation for a Suspicious Login

All tools and instructions to complete this part are found in LAB 10 as part of the virtual lab access that accompanies the textbook.
In this lab, you will use NetWitness Investigator to analyze the network traffic to identify a suspect's login credentials from an FTP packet trace. You will also use E3 to analyze the digital portion of a forensic image and locate the transferred file on the suspect's own evidence drive. You will export the suspect files, add bookmarks in the Case Log, and create a report to detail your findings.

Upon completing this lab, you will be able to:
• Identify suspect login credentials from an FTP packet trace
• Evaluate information that would be useful to an attacker who has infiltrated the network
• Analyze the digital portion of a forensic investigation and link the two pieces of evidence together to solidify your case
• Bookmark and export suspect data
• Create a report detailing findings based on automated reporting of evidence related to a suspect's email communications, identified email attachments, and the protocol capture of the FTP session
Please complete Sections 1 and 2 of this lab (excluding lab quiz)

SECTION 1 of this lab has four parts which should be completed in the order specified.
1. In the first part of the lab, you will use NetWitness Investigator to examine a protocol capture file and find specific information needed to complete the deliverables for this lab.
2. In the second part of this lab, you will create and sort a new case file using E3.
3. In the third part of the lab, you will use E3 to perform a forensic image investigation and explore a suspect user's email account for
4. In the fourth part of the lab, you will use E3 to generate an evidentiary report of a suspect's email
SECTION 2 of this lab allows you to apply what you learned in SECTION 1 with less guidance and different deliverables, as well as some expanded tasks and alternative methods. You will also add screen captures from a Netwitness Investigator report to your E3 case file.

Attachment:- Forensics labs 6 -10.rar

Reference no: EM132998674

Questions Cloud

What you would pay for a share of company x : The stock of company X pays dividends annually, with next year's dividend expected to be $1 a share. What you would pay for a share of Company X
Write a report that includes a data recovery plan : Write a report that includes a data recovery plan outline, listing the steps to be performed in recovering the data in the order of importance
How much additional credit can the company avail : If a company's Current Assets figure is $12,000 and Current Liabilities are $4,000, how much additional credit can the company avail
Purpose of purchasing a factory : Ace Publishing Ltd needs to borrow money for the purpose of purchasing a factory to expand its business.
Automating e-mail evidence discovery : Automating E-mail Evidence Discovery - Identifying and Documenting Evidence from a Forensic Investigation
What the alton company indirect product costs totaled : During the current month, the company incurred the following product costs: Raw materials $85,000; What the Alton Company's indirect product costs totaled
Analyzing images to identify suspicious or modified files : Analyzing Images to Identify Suspicious or Modified Files - Image Analyzer to sort and analyze the images contained within an evidence drive under investigation
What is the implied value of an ordinary share : Using CAPM, calculate the expected rate of return of Blackmores Ltd AND What is the implied value of an ordinary share of Blackmore Ltd. today?
What is wang net income using accrual accounting : Wang Company had the following transactions during 2016: Sales of $10,800 on an account; What is Wang net income using accrual accounting

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd