User Account

All Pages

Procedure to investigate different types of cyber-crime

Assignment Help Other Subject
Reference no: EM132112746 , Length: word count:2000

Assessment: Case Investigation Report

Purpose

This assessment requires students to apply knowledge of security on Windows network domain and follow standard procedure to investigate different types of cyber-crime

Instructions

This is an individual assessment task. You are required to submit a case investigation report supporting your findings and a bibliography.

This report should consist of:
- an overview of the computer crime case
- list of necessary resources for forensic investigation
- analysis of detailed findings
- review and reflection on the findings

Problem Statement

Arif works for a university as an IT administrator. He received a call on Sept 8, 2009 from a staff member Amy who complained that a suspicious account has been created on her personal laptop without her consent. The general IT policy of the university disallows Arif to acquire any research-related files from Amy's laptop because she is participating a top-secret government project. Therefore, Arif asked Amy to export the Windows Registry and copy a few Windows log files of her laptop from the directory C:\Windows\system32\config

Amy copied 5 files and compressed them in to a ZIP file named "Desktop.zip". Now, Arif receives a copy of the ZIP file and starts to analyze what took place on Amy's laptop (IP: 139.132.118.80).

Task 1 (Scan your machine)
To ensure that Arif's machine is free of rootkit programs which may alter the investigation results, he decides to run a thorough scan. Choose at least two programs and provide the screenshots of the scanning results.

Task 2 (Repairing Windows Logs)

Arif decompresses the file "Desktop.zip" and finds 4 Windows event log files. Describe the information stored in each log file and repair those important log files so that they can be viewed in Windows EventViewer.

Task 3 (Which account is created)

Having repaired the log files, Arif examines one of them in order to identify which account was created without Amy's consents. Which log file and which EventID number Arif should search? Provide a screenshot for the account-creation event.

Task 4 (Where is Amy's password)

Having identified the event that a new user was created on Amy's laptop, Arif telephones Amy and asks whether she can provide more clues. Amy tells that she has a personal password safe as an encrypted ZIP file hidden on the university network, teaching. But Amy is confident that only she can access her account details because this password safe has multiple security protection mechanisms. However, Arif wants to demonstrate that Amy's belief may be too optimistic. Provide screenshots and describe how Arif can easily access Amy's account information.

Task 5 (Amy's password)

Arif has extracted Amy's password safe, but he wants to demonstrate to Amy that her Windows password can be easily cracked. So he calls Amy and Amy bets that he cannot get her password. Being challenged and authorized, Arif decides to crack Amy's Windows password used on her laptop. Work out what the username and the password are on Amy's laptop.

Task 6 (When did things go wrong?)

Amy now realizes that Windows provides a very weak protection and she becomes concerned about the safety of her research data. Arif decides to look through the log files again in order to identify when the bogus account logged on to Amy's laptop. Use two screenshots to indicate when the bogus account was logged on and logged off.

Task 7 (I know what you did)

Arif believes that he can find all important activities on Amy's system during the session time identified in Task 6. Which event recorded in the system log file will tell Arif about the actions performed by the bogus account?
When did this event terminate?

Task 8 (Using LogParser)

Arif recalls that some events with EnventID 11728 are closely related to the installation of Windows programs. He decides to use the program LogParser to search for the events with EventID 11728 in the log files. List all the events Arif will find by using LogParser (screenshots are required).

Task 9 (The valuable Registry)

Arif feels that things might be very serious, so he decides to go through the Registry file "Server.reg" in the "Desktop.zip" file. What program(s) will Arif classify as suspicious? Provide strong reasons.

Task 10 (Before calling the police)
Arif and Amy feel that they must report to the police about their findings. Before they write a formal complaint to the forensic team, Arif recalls that he has intercepted an NTLM authentication session of user "helpdesk" and the hash is
a83938d111b45823aad3b435b51404ee:e5986e48146ab6a5f677dda1b1766351
Arif guesses that the password is 3 characters long but contains special symbols. Now, crack this password by using your own rainbow tables (screenshots are required).

Students are required to submit a case investigation report of approximately 2000 words along with exhibits to support findings and a bibliography.

Reference no: EM132112746

Questions Cloud

How many pieces of candy was just sold and what type : A good friend of yours is managing a fund raiser for a football team. He needs a program to calculate the total amount of candy sold at a football game.
Create implementation of priorityarrayqueue : Create implementation of PriorityArrayQueue and PriorityLinkedQueue.
Prompt the user for the names of two text files : Write a script named copyfile.py. this script should prompt the user for the names of two text files. the contents of the first file.
Write a function named init that takes one argument : Write a function named init that takes one argument, a tuple of the proper length, and returns an tuple initialized as described above.
Procedure to investigate different types of cyber-crime : SIT703: Advanced Digital Forensics - Case Investigation Report - apply knowledge of security on Windows network domain and follow standard procedure
Create a class that will take into it the amount of money : You have been asked to work on a much larger project for a mobile app that helps people manage their budget.
Calculate the balance and the other to determine the message : Your portion of the code requires you to create a class that will take into it the amount of money someone has earned for a month and their monthly expenses.
Displays the frequency table of the characters in the file : Displays the frequency table of the characters in the file, and displays the Huffman code for each character.
Create and use a function called compute compound interest : Your local bank wants you to write a program that would allow a bank customer to see what his/her savings account balance would be based on an initial balance.

Reviews

len2112746

9/14/2018 3:43:10 AM

Criteria 3: Students critically evaluate information/data and the process to find/generate that information/data (T5 – 2 marks) Evaluates information / data and inquiry process using simple prescribed criteria. Evaluate information / data and the inquiry process using prescribed criteria Evaluate information / data and inquiry process using criteria related to the aims of the inquiry Criteria 4: Students organize information collected/generated (T6, T8 – 2 mark) Organize information / data using simple prescribed structure and process Organize information / data using a recommended structure and process Organize information / data using recommended structures and self- determined processes

len2112746

9/14/2018 3:43:02 AM

Criteria Attributes and Assignment Questions Satisfactory (up to 50% of total marks) Above Average (50% to 75% of total marks) Very Good (above 75% of total marks) Criteria 1: Students embark on inquiry and so determine a need for knowledge/ understanding (T1, T3 – 2 mark) Respond to questions / tasks arising explicitly from a closed inquiry. Respond to questions / tasks required by and implicit in a closed inquiry Respond to questions / tasks generated from a closed inquiry Criteria 2: Students find/generate needed information/data using appropriate methodology (T2 – 4 marks) Collect and record required information / data using a prescribed methodology from a prescribed source in which the information is clearly evident Collect and record required information / data and using a prescribed methodology from prescribed sources in which the information is not clearly evident Collect and record required information / data from self-selected sources using one of several prescribed methodologies

Write a Review

Other Subject Questions & Answers

  Explore the positive and negative consequences

technology that interest you and you believe impacts your peers. In the essay, explore the positive

  Estimate ethical and legal considerations of workplace

prepare a 1050- to 1400-word paper on legal and ethical issues concerning workplace drug testing while also addressing

  How does human trafficking connect to social justice

How does human trafficking connect to social justice, John Rawls, The universality of the universal declaration of human rights, legal means and so on

  What is an anthropological concept

What is an anthropological concept? Anthropological concepts are anthropological terms and ideas. Examples of some that we've studied include: ethnocentrism, ethnicity, reciprocity, kinship, language and communication. You should not use this exa..

  What is your assessment of the stella awards

What are the similarities and differences between the coffee burn case and the pickle burn case? Does one represent a more serious threat to consumer harm? What should McDonald's, and other fast food restaurants, do about hot food, such as hamburg..

  Define the various research methods employed in psychology

Analyze the various research methods employed in psychology to determine which research method seems the most applicable across the greatest number of situation

  What issues need to be addressed with inmates to prepare

Parole is a method by which an offender is released earlier than the full-sentence completion date. All states maintain differing "conditions" for parole and these "conditions" are used in lieu of a jail cell for the express purpose of controlling..

  Describe the level of democracy set down in the constitution

Describe the level of democracy set down in the Constitution by the Framers by doing the following.

  Security program-strategic-technical and operational view

A security program should address issues from a strategic, technical, and operational view. The security program should be integrated at every level of the enterprise's architecture. List a security program in each level and provide a list of securit..

  Application: standards, privacy and security issues

What individual and/or groups are accountable for maintaining patient privacy? Who is responsible for health system security?

  Current international company in the societal context

Prepare a short PowerPoint presentation of 10+ slidesof the stakeholder model for sustainability. Use a current international company in the societal context as an example.

  Major philosophical concept

A major philosophical concept, , deals with basic human character¬istics and similar traits in other beings like chimpanzees and dolphins.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd