Reference no: EM133653929
Homework: Digital Forensic Report
Purpose
In this homework, you will examine an HKCU hive for evidence of unauthorized access. Read the scenario carefully, as you may consider it interview notes with your client. This is often one of the first real examination tasks you're likely to encounter and will be a test of your ability to make inferences, be thorough in your search, and document your examination.
Instructions
You'll need to use the following resources to complete the homework:
A. Investigation 01 Sample Evidence located in the Virtual Lab
B. A registry analysis tool, such as Registry Explorer by Eric Zimmerman located in the Virtual Lab
After reading the Investigation 01 scenario, open your forensic tool and import the sample evidence into the tool. Begin a forensic report and begin your search. As you do, be sure to take special note of these answers to these questions. These questions represent those that need to be answered to arrive at a logical conclusion to this scenario. They are provided here, but in the future, you will be required to decide these questions on your own.
Scenario
This scenario takes place circa 2012. You were recently contacted by Nick Fury of S.H.I.E.L.D. to investigate a suspected corporate espionage incident. They have reason to believe that S.H.I.E.L.D. was infiltrated by an enemy spy who used the generic vibranium account to access and exfiltrated sensitive information from an endpoint connected to the SHIELD network with the hostname of nromanoff. Nick Fury believes that the culprit may be a recently terminated employee named Jim Tandy. Jim was recently fired under suspicion of leaking confidential information to Hydra. Your job will be to examine the NTUSER.DAT file containing the HKCU registry hive for the vibranium user to determine the answers to the following questions.
Task
Question A. What was the most recent keyword that the user vibranium searched using Windows Search for on the nromanoff system?
Question B. How many times did the vibranium account run excel.exe on the nromanoff system?
Question C. When was this program last run?
Question D. What is the most recent Typed URL in the vibranium NTUSER.DAT?
Question E. List the last five files that were accessed, in order, with the time they were accessed.
|
Specific agreement with respect to sharing of lottery win
: Although there was no specific agreement with respect to sharing of lottery win, indicate what arguments could be advanced by both parties and likely outcome.
|
|
Vw illegally installed so-called defeat devices
: In 2015, Volkswagen (VW) got a caught in an emissions scandal termed "Dieselgate." VW illegally installed so-called defeat devices which limited emissions
|
|
Analyzed the profitability and risk of walmart stores
: Analyzed the profitability and risk of Walmart Stores for its fiscal years 2018, 2019, and 2020.
|
|
Customer service and support experience
: Were the three elements of customer service evident in your customer service and support experience?
|
|
What is the most recent typed url in the vibranium ntuser
: What is the most recent Typed URL in the vibranium NTUSER.DAT? List the last five files that were accessed, in order, with the time they were accessed.
|
|
What is the physical layout of your school
: What is the physical layout of your school? What will your school look like? E.g., Number of rooms, What learning and play materials will be present?
|
|
Regarding emotional intelligence
: Regarding emotional intelligence, what works and does not work for a person to manage their emotions?
|
|
Evaluate main benefits and opportunities for organization
: Evaluate the main benefits and opportunities for an organization to use this platform. What do you believe would be the optimal days/times to post? Why?
|
|
Difficulty effectively collaborating in a remote environment
: COM 200 Communication: The Key to Working Together, Strayer University - providing the benefits, features, and advantages of using the tool in your workplace
|