Reference no: EM133163330

Question:

You will:

1. investigate the existing network protocols
2. analyze the network attack
3. gather forensic data about the attack
4. prepare the incident report, identifying
- the attacker
- compromised server and service
- exploited vulnerability
- data breached
- your recommendations to strengthen the organization's network infrastructure

Begin by looking into how the network attack could have occurred by researching techniques attackers use to infiltrate a network such as denial of service, backdoor, botnet, and brute-force attacks.

The next step is to examine the latest network forensic analysis tools (NFAT). Then, you'll summarize the information you gathered from your research and include it in the first section of the incident report. This summary will provide the leaders in your organization with an understanding of how network attacks happen and how your organization's security operations team analyzes the network for vulnerabilities.

After that you've completed your research on network attacks and tools for network analysis, you're ready to go to the next step: analyzing the organization's incident response

Having conducted research on network attacks and network forensic analysis tools, you're ready to prepare for the investigation on this particular network intrusion. To do this, you'll learn how to gather network evidence from log files, network/server configuration, user accounts, and network infrastructure.

Once you have gathered the network evidence in this case, you'll incorporate it into the second section of your final incident report. As with the first section of your report, the audience for this section are the leaders in your organization who will need an overview of how the organization's security team gathers network evidence.

You will conduct packet sniffing with Wireshark to gather information about the attacker, determine the resources that may have been compromised during the attack, and learn how the attacker compromised the resources.

You will incorporate this written report into the third section of your incident report. This section-geared to the leaders, network administrators, and the security operations team in your organization-will provide them with detailed information about the network attack and vulnerabilities the organization needs to address.

You've conducted the network analysis using Wireshark and answered the forensic analysis questions in the written report. Now, you'll complete a forensic investigation report to document the results of the Wireshark analysis. Refer to the Guidelines for Digital Forensics Examiner Reports as needed. Your report will include screenshots and analysis of the following:
• packets
• server images
• log review
• user account and privilege escalation
• account weaknesses
You'll include this forensic investigation report as a part of your final incident report, which you will create in the next step.

You are confident that you've conducted a comprehensive network investigation and gathered the necessary information about the network attack and how to mitigate future attacks. You combine the results of Steps 1-4 to prepare a final incident report on the compromised network for your organization's leaders, network administrators, and security operations team.

Your report should include
- a summary of the field of network forensics, including attack techniques, attack vectors, and digital forensic tools and procedures for analyzing network traffic to understand how a network attack can occur (or could have occurred)
- your written report from the Wireshark virtual lab
- your forensic investigation report
- recommendations for network administrators to follow to harden their network infrastructure