Determine the trail of suspicious activity

Assignment Help Econometrics

Reference no: EM131240818

his assessable involves a scenario where you will need to use a variety of tools and approaches in the forensic analysis.

Security analysts at a critical infrastructure facility have received an alert indicating that some type of suspicious activity is occurring in the network, involving the IP address 192.168.1.30.

Specifically, unusual DNS traffic is either originating or terminating at thisparticular host.

As a forensic investigator, you are assigned the following mission:

Analyse the DNS traffic and determine the trail of suspicious activity,if at all such activity exists.

Determine the purpose of the unusual traffic generated as part of the the anomalous activity associated with the above IP address.

Upon confirmation of suspicious activity, recover as much informationas possible about the local and remote systems involved.

Collect and/or recover as many statistics as possible from the suspicous data.

Write up a report enlisting the summarised points of the case thatyou have studied through the analysis exercise.

Network architecture details:

1. The internal network is 192.168.1.0/24

2. DMZ: 10.1.1.0/24

3. The IP range 172.16.0.0/12 must be treated as the 'Internet'

4. 10.1.1.20 is the internal DNS server

5. Evidence is provided in the evidence-network-tunneling.pcap file

Reference no: EM131240818

Questions Cloud

Rank the intensity of the sounds : You are standing in the middle of a large room listening to a cacaphony of sounds. Rank the intensity of the sounds from each source (1=loudest, 2= next loudest, ...) Consider all objects to be right next to you. If two values are within 0.1 dB fr..

Determine the inlet and throat areas : Downstream of the shock the flow is isentropic; the Mach number is unity at the throat; and the air exits at 100 lbf/in.2 , 540 °R, with negligible velocity. If the mass flow rate is 100 lb/s, determine the inlet and throat areas, in ft2 .

Role and career opportunities for a healthcare assistant : The title is - The Role and Career Opportunities for a Healthcare Assistant/Nurse. The report is to include the qualifications, skills, attributes and experience that are required to be a HCA/ Nurse

Monopolistic competitors-hamburgers-radios and cosmetics : In what ways may the small retail sellers of the following products differentiate their goods from those of their rivals to make themselves monopolistic competitors: hamburgers, radios, cosmetics? How will these factors affect sales? Provide specific..

Determine the trail of suspicious activity : Security analysts at a critical infrastructure facility have received an alert indicating that some type of suspicious activity is occurring in the network, involving the IP address 192.168.1.30.

How much time does the ball spend in the air : A ball is thrown from an initial height of 3.2 m above the ground. Its initial velocity is 6.5 m/s at an angle of 22? above the horizontal. (a) How much time does the ball spend in the air? (b) How much time does it take for the ball to reach its m..

What are the major strategies : What are the major strategies and why is it important to implement security policy's in today's organizations? Make sure you include the following: Include a summary paragraph/abstract at the beginning of the report.

How mime with new or system-specific image and text format : one of the central problem faced by faced by a protocol such as MIME is the vast number of data formats available.consult the MIME RFC to find out how MIME with new or system-specific image and text format.

Profit maximizing attendance and profit in each case : Graph a short-run situation where a big market team has lower profits at its profit maximizing level of attendance than a small market team has at its profit maximizing level of attendance. in your graph, be sure to identify the profit maximizing att..

User Account

All Pages