Procedure to investigate different types of cyber-crime
Course:- Other Subject
Length: word count:2000
Reference No.:- EM132112746

Assignment Help
Expertsmind Rated 4.9 / 5 based on 47215 reviews.
Review Site
Assignment Help >> Other Subject

Assessment: Case Investigation Report


This assessment requires students to apply knowledge of security on Windows network domain and follow standard procedure to investigate different types of cyber-crime


This is an individual assessment task. You are required to submit a case investigation report supporting your findings and a bibliography.

This report should consist of:
- an overview of the computer crime case
- list of necessary resources for forensic investigation
- analysis of detailed findings
- review and reflection on the findings

Problem Statement

Arif works for a university as an IT administrator. He received a call on Sept 8, 2009 from a staff member Amy who complained that a suspicious account has been created on her personal laptop without her consent. The general IT policy of the university disallows Arif to acquire any research-related files from Amy's laptop because she is participating a top-secret government project. Therefore, Arif asked Amy to export the Windows Registry and copy a few Windows log files of her laptop from the directory C:\Windows\system32\config

Amy copied 5 files and compressed them in to a ZIP file named "Desktop.zip". Now, Arif receives a copy of the ZIP file and starts to analyze what took place on Amy's laptop (IP:

Task 1 (Scan your machine)
To ensure that Arif's machine is free of rootkit programs which may alter the investigation results, he decides to run a thorough scan. Choose at least two programs and provide the screenshots of the scanning results.

Task 2 (Repairing Windows Logs)

Arif decompresses the file "Desktop.zip" and finds 4 Windows event log files. Describe the information stored in each log file and repair those important log files so that they can be viewed in Windows EventViewer.

Task 3 (Which account is created)

Having repaired the log files, Arif examines one of them in order to identify which account was created without Amy's consents. Which log file and which EventID number Arif should search? Provide a screenshot for the account-creation event.

Task 4 (Where is Amy's password)

Having identified the event that a new user was created on Amy's laptop, Arif telephones Amy and asks whether she can provide more clues. Amy tells that she has a personal password safe as an encrypted ZIP file hidden on the university network, teaching. But Amy is confident that only she can access her account details because this password safe has multiple security protection mechanisms. However, Arif wants to demonstrate that Amy's belief may be too optimistic. Provide screenshots and describe how Arif can easily access Amy's account information.

Task 5 (Amy's password)

Arif has extracted Amy's password safe, but he wants to demonstrate to Amy that her Windows password can be easily cracked. So he calls Amy and Amy bets that he cannot get her password. Being challenged and authorized, Arif decides to crack Amy's Windows password used on her laptop. Work out what the username and the password are on Amy's laptop.

Task 6 (When did things go wrong?)

Amy now realizes that Windows provides a very weak protection and she becomes concerned about the safety of her research data. Arif decides to look through the log files again in order to identify when the bogus account logged on to Amy's laptop. Use two screenshots to indicate when the bogus account was logged on and logged off.

Task 7 (I know what you did)

Arif believes that he can find all important activities on Amy's system during the session time identified in Task 6. Which event recorded in the system log file will tell Arif about the actions performed by the bogus account?
When did this event terminate?

Task 8 (Using LogParser)

Arif recalls that some events with EnventID 11728 are closely related to the installation of Windows programs. He decides to use the program LogParser to search for the events with EventID 11728 in the log files. List all the events Arif will find by using LogParser (screenshots are required).

Task 9 (The valuable Registry)

Arif feels that things might be very serious, so he decides to go through the Registry file "Server.reg" in the "Desktop.zip" file. What program(s) will Arif classify as suspicious? Provide strong reasons.

Task 10 (Before calling the police)
Arif and Amy feel that they must report to the police about their findings. Before they write a formal complaint to the forensic team, Arif recalls that he has intercepted an NTLM authentication session of user "helpdesk" and the hash is
Arif guesses that the password is 3 characters long but contains special symbols. Now, crack this password by using your own rainbow tables (screenshots are required).

Students are required to submit a case investigation report of approximately 2000 words along with exhibits to support findings and a bibliography.

Put your comment
View Conversion
  1. user image

    Criteria 3: Students critically evaluate information/data and the process to find/generate that information/data (T5 – 2 marks) Evaluates information / data and inquiry process using simple prescribed criteria. Evaluate information / data and the inquiry process using prescribed criteria Evaluate information / data and inquiry process using criteria related to the aims of the inquiry Criteria 4: Students organize information collected/generated (T6, T8 – 2 mark) Organize information / data using simple prescribed structure and process Organize information / data using a recommended structure and process Organize information / data using recommended structures and self- determined processes

  2. user image

    Criteria Attributes and Assignment Questions Satisfactory (up to 50% of total marks) Above Average (50% to 75% of total marks) Very Good (above 75% of total marks) Criteria 1: Students embark on inquiry and so determine a need for knowledge/ understanding (T1, T3 – 2 mark) Respond to questions / tasks arising explicitly from a closed inquiry. Respond to questions / tasks required by and implicit in a closed inquiry Respond to questions / tasks generated from a closed inquiry Criteria 2: Students find/generate needed information/data using appropriate methodology (T2 – 4 marks) Collect and record required information / data using a prescribed methodology from a prescribed source in which the information is clearly evident Collect and record required information / data and using a prescribed methodology from prescribed sources in which the information is not clearly evident Collect and record required information / data from self-selected sources using one of several prescribed methodologies

Ask Question & Get Answers from Experts
Browse some more (Other Subject) Materials
Conduct an internal audit on your selected organisation's marketing strategy using a SWOT analysis. Identify the strengths, weaknesses, threats and opportunities you identif
Develop three (3) topic sentences that articulate the major ideas that will comprise the body of your essay. Remember that your topic sentences should clearly state the argu
Power of prejudice and use of religious ideals to fuel terrorist action. Is such a confluence dangerous? Give specific example of terrorist group.
Investigate at least 5 different social media tools and post short synopses of each to the discussion forum. State how you would apply each tool to your personal entity.
Understanding cultural phenomena is essential to the completion of an accurate health assessment. Please choose a cultural group from Table 4.1 (pp. 69-71) from your text an
Include the following in your presentation:· The research question, A summary of the literature review, The research hypothesis, A summary of t
The role employees play in the organization's performance. Why it is important to have a diverse workforce, and the potential problems and Why conflict can never be completely
Examine the diagram below.  It describes (black arrows) how the three types of influence we have learned about can interact with each other over ontogenic time (aka dev. of