SIT703 Advanced Digital Forensics Assignment

Assignment Help Computer Network Security

Reference no: EM132629580

SIT703 Advanced Digital Forensics - Deakin University

Assessment: Case Investigation Report

Learning Outcome 1:Apply knowledge of security on Windows network domain and follow standard procedure to investigate different types of cyber-crime
Learning Outcome 2: Analyse forensic data and review findings to further probe and investigate serious computer crimes; and

Learning Outcome 3: Reflect on findings and prepare reports for target audience that justifies findings.

Purpose
This assessment requires students to apply knowledge of security on the Windows network domain and follow the standard procedure to investigate different types of cyber-crime

Task 1 (Scanning the machine)
To ensure that Arif's machine is free of rootkit programs which may alter the investigation results, he decides to

run a thorough scan on his investigation machine to ensure that there is no rootkit program. Choose at least two scanning programs and provide the screenshots of the scanning results.

Task 2 (Repairing Windows Logs)

Having ensured the safety of his forensic investigation platform, Arif decompresses the file "Desktop.zip" and finds 4 Windows event log files. Describe the information stored in each log file and repair those important log files so that they can be viewed in Windows EventViewer.

Task 3 (Which account is created)

Having repaired the log files, Arif examines one of them in order to identify which account was created without Amy's consents. Which log file and which EventID number should Atif search? Provide a screenshot for the account-creation event.

Task 4 (Where is Amy's password)

Having identified the event that a new user was created on Amy's laptop, Arif telephones Amy and asks whether she can provide more clues. Amy tells that she has a personal password safe as an encrypted ZIP file hidden on the university network. But Amy is confident that only she can access her account details because this password safe has multiple security protection mechanisms. However, Arif wants to demonstrate that Amy's belief may be too optimistic. Provide screenshots and describe how Arif can easily access Amy's account information.

Task 5 (Amy's password)

Arif has extracted Amy's password safe, but he wants to demonstrate to Amy that her Windows password can be easily cracked. So he calls Amy and Amy bets that he cannot get her password. Being challenged and authorized, Arif decides to crack Amy's Windows password used on her laptop. Work out what the username and the password are on Amy's laptop.

Task 6 (When did things go wrong?)

Amy now realizes that Windows provides a very weak protection and she becomes concerned about the safety of her research data. Arif decides to look through the log files again in order to identify when the bogus account logged on to Amy's laptop. Use two screenshots to indicate when the bogus account was logged on and logged off.

Task 7 (I know what you did)

Arif believes that he can find all important activities on Amy's system during the session time identified in Task 6. Which event recorded in the system log file will tell Arif about the actions performed by the bogus account?
When did this event terminate?

Task 8 (Using LogParser)

Arif recalls that some events with EnventID 11728 are closely related to the installation of Windows programs. He decides to use the program LogParser to search for the events with EventID 11728 in the log files. List all the events Arif will find by using LogParser (screenshots are required).

Task 9 (The valuable Registry)

Arif feels that things might be very serious, so he decides to go through the Registry file "Server.reg" in the "Desktop.zip" file. What program(s) will Arif classify as suspicious? Provide strong reasons.

Task 10 (Before calling the police)
Arif and Amy feel that they must report to the police about their findings. Before they write a formal complaint to the forensic team, Arif recalls that he has intercepted an NTLM authentication session of user "helpdesk" and the hash is:

0D431BAB5ED2A51BAAD3B435B51404EE:B9604B6612AC88B1C1ADE6E929376393

Arif guesses that the password is 3 characters long but contains special symbols. Now, crack this password by using self-built rainbow tables (screenshots and explanations of the parameter settings are required).

Attachment:- Advanced Digital Forensics.rar

Reference no: EM132629580

Questions Cloud

Organizations benefit from employment of jit-lean : Q. Can nonmanufacturing organizations benefit from employment of JIT/Lean?

Given the growth in telecommuting : Given the growth in telecommuting and other mobile work arrangements, how might offices physically change in the coming years?

Discuss what went right during the redesign : Discuss what went right during the redesign and what went wrong from your perspective.

Hormone replacement therapy : Hormone Replacement Therapy (HRT) is most commonly known for treating the discomfort associated with menopause.

SIT703 Advanced Digital Forensics Assignment : SIT703 Advanced Digital Forensics Assignment Help and Solution, Deakin University - Assessment Writing Service - Reflect on findings and prepare reports

Optimal order size for tomato sauce for biagio : a) What is the optimal order size for tomato sauce for Biagio?

Population or cultural community : Select two strategies focused on health care literacy for developing an intervention targeted to a selected population or cultural community.

How IaaS facilitates system redundancy and load balancing : Create a paper that compares and contrasts how IaaS facilitates system redundancy and load balancing.

Analyze legal and ethical implications of counseling clients : Develop diagnoses for clients receiving family psychotherapy. Analyze legal and ethical implications of counseling clients with psychiatric disorders.

User Account

All Pages