User Account

All Pages

Practical cyber forensics - forensic investigation

Assignment Help Computer Network Security
Reference no: EM133529987

Cyber Forensics

Assessment - Practical Cyber Forensics - Forensic Investigation

Learning outcome 1: Apply a range of techniques for collecting digital evidence and case assessment.

Learning outcome 2: Discuss the functionality of the various tools and phases of evidence collection and analysis.

Learning outcome 3: Communicate effectively and professionally the outcomes of the cyber investigation.

Learning outcome 4: Discuss the strengths and limitations of forensics tools.

Learning outcome 5: Compare various types of evidence collected from different devices and environments.

Learning outcome 6: Communicate ideas and solutions with rational and reasoned arguments using appropriate methods (e.g. orally, electronically, written reports).

Assessment task details and instructions

Lectures will be used to introduce and discuss important concepts and techniques of cyber investigation, which will then be practised in more details in practical classes.

In this practical assignment, students are required to solve a real-world cyber investigation case. They are also required to utilize their knowledge and skills to collect evidence and answer the main questions generated by the case study.

The students will be given a cyber-crime case description and the related collected evidence (disk images, RAM images, files, etc.). They are required to apply the appropriate forensics tools to extract data, retrieve hidden files, and comment on their findings. They are also required to answer the questions generated by the case study based on the data retrieved from the provided evidence. They are required to submit an assignment report producing a detailed walkthrough for each task, explaining techniques used and include relevant screenshots where appropriate.

Case Scenario

On 09/20/04, a Dell CPi notebook computer, serial # VLQLW, was found abandoned along with a wireless PCMCIA card and an external homemade 802.11b antennae. It is suspected that this computer was used for hacking purposes, although cannot be tied to a hacking suspect, Greg Schardt. Schardt also goes by the online nickname of "Mr. Evil" and some of his associates have said that he would park his vehicle within range of Wireless Access Points (like Starbucks and other T-Mobile Hotspots) where he would then intercept internet traffic, attempting to get credit card numbers, usernames & passwords.

A DD image (in eight parts and notes) and EnCase Image (in two parts) of the abandoned computer have already been made and are available.

Your Task

In the provided images, find any hacking software, evidence of their use, and any data that might have been generated. Attempt to tie the computer to the suspect, Greg Schardt.

You can use any of the tools and techniques that have been discussed in the class, as well as other tools that you may find useful but have not been covered in this module to perform the investigation.

What the work must include:

Before beginning the practical investigation, from the information and material provided, develop a high-level set of procedures, processes, and techniques to plan this investigation. Your plan should be clear and concise, and should then be followed throughout this investigation. The plan should be specific to this case, but backed up by best-practice. (20%)

Before beginning the practical investigation, Identify initial key questions that will need to be answered throughout the investigation. Also record how the question was answered - what was the source of the answer including what procedure/process/technique was used to determine the answer.

As you work through the practical investigation, identify further key questions to lay the factual groundwork for this case. An example list of some key questions is below, - use this and add to this list. Answer these key questions and also record how the question was answered.

Keep a record of the answers and sources to all the key questions in a separate self-contained chapter or appendix. These will comprise part or all of the evidences.

For the main body of the work, in accordance to your plan, piece together all the pieces of evidence to present a solid case with conclusions. Refer to your evidences. Present and address any conflicting or circumstantial evidences directly.

Throughout this work, you must references and best-practice to give credence to your work.

The above does not define a structure. You are expected to form a reasonable structure to your work, in accordance Layout of Report. Although no marks are awarded directly for the structure, the inability to be well-structured could impact the overall quality of your work. - See Assessment Criteria, below.

Example list of some key questions

1. What is the image hash? Does the acquisition and verification hash match?
2. What operating system was used on the computer?
3. When was the install date?
4. What is the timezone settings?
5. Who is the registered owner?
6. What is the computer account name?
7. What is the primary domain name?
8. When was the last recorded computer shutdown date/time?
9. How many accounts are recorded (total number)?
10. What is the account name of the user who mostly uses the computer?
11. Who was the last user to logon to the computer?
12. A search for the name of "Greg Schardt" reveals multiple hits. One of these proves that Greg Schardt is Mr. Evil and is also the administrator of this computer. What file is it? What software program does this file relate to?
13. List the network cards used by this computer
14. This same file reports the IP address and MAC address of the computer. What are they?
15. An internet search for vendor name/model of NIC cards by MAC address can be used to find out which network interface was used. In the above answer, the first 3 hex characters of the MAC address report the vendor of the card. Which NIC card was used during theinstallation and set-up for LOOK@LAN?
16. Find 6 installed programs that may be used for hacking.
17. What is the SMTP email address for Mr. Evil?
18. What are the NNTP (news server) settings for Mr. Evil?
19. What two installed programs show this information?
20. List 5 newsgroups that Mr. Evil has subscribed to?
21. A popular IRC (Internet Relay Chat) program called MIRC was installed. What are the user settings that was shown when the user was online and in a chat channel?
22. This IRC program has the capability to log chat sessions. List 3 IRC channels that the user of this computer accessed.
23. Ethereal, a popular "sniffing" program that can be used to intercept wired and wireless internet packets was also found to be installed. When TCP packets are collected and re- assembled, the default save directory is that users \My Documents directory. What is the name of the file that contains the intercepted data?
24. Viewing the file in a text format reveals much information about who and what was intercepted. What type of wireless computer was the victim (person who had his internet surfing recorded) using?
25. What websites was the victim accessing?
26. Search for the main users web based email address. What is it?
27. Yahoo mail, a popular web based email service, saves copies of the email under what file name?
28. How many executable files are in the recycle bin?
29. Are these files really deleted?
30. How many files are actually reported to be deleted by the file system?
31. Perform a Anti-Virus check. Are there any viruses on the computer?

Layout of Report

This report must be formatted and submitted as one document. The report should look presentable with the target audience being a peer. It must at least have;
a title,
one Contents section or page at the start, a very brief introduction to the report,
a well-structured body that addresses the task,
and a chapter or appendix that records all the key questions, answers, and source.
A reader of your report must be able to navigate the document; sections / sub-sections must be named appropriately, and numbered if considered useful.
Write the report so that the reader does not need to refer to this Assignment Brief. I.e. it should be self-contained.

Organisation advice:
• Number all figures and tables used, and use brief captions to each figure or table. Refer to the figure or table from the body of the text.
• Use presentable formatting; Use headers, and break into appropriate sections with sub- headers
• Don't write complicated long sentences unless they completely make sense; it is often easier to write shorter sentences that are well-formed and unambiguous, clearly making a point.
All/any Appendices should be referred to from the main body of the report.

Reference no: EM133529987

Questions Cloud

What type of fluid balance problem is the client exhibiting : What type of fluid balance problem is the client exhibiting? Discuss each of the electrolyte abnormalities present. What signs and symptoms would you expect for
Discuss the first and greatest priority of the first officer : Discuss the first and greatest priority of the first officer on a scene. Discuss the steps for interviewing victims, witnesses and suspects.
Perspectives on meaning-application of strategic risk : We learned of multiple perspectives on the meaning and application of strategic risk. how do you think these two companies viewed strategic risk, before fire.
Demonstrates safe nursing care and knowledge and critical : Explain the difference between a hypotonic solution and an isotonic solution and an example of when each may be given to a patient.
Practical cyber forensics - forensic investigation : Cyber Forensics - University of Salford - Practical Cyber Forensics - Forensic Investigation and Discuss the functionality of the various tools and phases
Explain three types of vehicle searches : List and explain the steps an officer must follow to execute a search warrant on a home. List and explain three types of vehicle searches.
What would kants formula of ends require the doctor to : Based on the Module 2 reading, what would Kant's Formula of Ends require the doctor to? If you were the patient, what would you prefer your doctor did? Why?
According to barilla spa case study : According to barilla spa case study explain Headings to be covered: Introduction, Issue(s) Identification, Environmental and Root Cause Analysis,
Discussing domestic violence : In discussing domestic violence, it is important to note that most men in this country aren't abusive.

Reviews

Write a Review

Computer Network Security Questions & Answers

  Security issues in cloud computing requirement

Security issues in Cloud Computing Requirement and Identify cloud security issues experienced with software-as-a-service - Brief write up on cloud computing

  Design the layout of users

The topology diagram for the different servers and locations and trust domains. For example, where is the firewalls, and where are the users located in the topology.

  Write the net neutrality paper

Having read the "Transcending Net Neutrality: Ten Steps Toward an Open Internet" and "SOPA and PIPA What Went Wrong" papers, write the Net Neutrality paper.

  Describe the three types of security incidents

Describe the three types of security incidents encountered in that industry that require digital forensics methodologies to be employed.

  Describes how malicious code can get on your company

Which statement best describes the advantages of public key encryption?

  Examples of sales progress for the christmas season

Please make up some data and make a donut chart out of that data. For example, the sales progress for the Christmas season, progress of a fundraising event.

  Describe how are you going to perform sql injection

Describe how are you going to perform SQL Injection and what are the expected results and Describe how are you going to exploit the hijacked session token

  Plan suitable testing and deployment activities

Plan suitable testing and deployment activities for the BookPedia - Online Book Ordering System.

  What are the common methods of infection

COIT20262 - Advanced Network Security - Explain recommendations for end-users and/or organisations to avoid ransomware and/or handle ransomware infections

  Which cis controls v8 could have helped to prevent attack

Which CIS Controls v8 could have helped to prevent the attack that is detailed in the case study? (Please use bullets or numbers.)

  Discuss preventing cyberbullying and harassment

Discuss Preventing cyberbullying and harassment. Create a 2- to 3-page handout that can be distributed to the attendees at the seminar.

  Explain primary tasks high-level investigation processes

Explain the basic primary tasks, high-level investigation processes, and challenges of a computer forensics specialist.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd