Procedure to investigate different types of cyber-crime
Course:- Other Subject
Length: word count:2000
Reference No.:- EM132112746

Assignment Help
Expertsmind Rated 4.9 / 5 based on 47215 reviews.
Review Site
Assignment Help >> Other Subject

Assessment: Case Investigation Report


This assessment requires students to apply knowledge of security on Windows network domain and follow standard procedure to investigate different types of cyber-crime


This is an individual assessment task. You are required to submit a case investigation report supporting your findings and a bibliography.

This report should consist of:
- an overview of the computer crime case
- list of necessary resources for forensic investigation
- analysis of detailed findings
- review and reflection on the findings

Problem Statement

Arif works for a university as an IT administrator. He received a call on Sept 8, 2009 from a staff member Amy who complained that a suspicious account has been created on her personal laptop without her consent. The general IT policy of the university disallows Arif to acquire any research-related files from Amy's laptop because she is participating a top-secret government project. Therefore, Arif asked Amy to export the Windows Registry and copy a few Windows log files of her laptop from the directory C:\Windows\system32\config

Amy copied 5 files and compressed them in to a ZIP file named "Desktop.zip". Now, Arif receives a copy of the ZIP file and starts to analyze what took place on Amy's laptop (IP:

Task 1 (Scan your machine)
To ensure that Arif's machine is free of rootkit programs which may alter the investigation results, he decides to run a thorough scan. Choose at least two programs and provide the screenshots of the scanning results.

Task 2 (Repairing Windows Logs)

Arif decompresses the file "Desktop.zip" and finds 4 Windows event log files. Describe the information stored in each log file and repair those important log files so that they can be viewed in Windows EventViewer.

Task 3 (Which account is created)

Having repaired the log files, Arif examines one of them in order to identify which account was created without Amy's consents. Which log file and which EventID number Arif should search? Provide a screenshot for the account-creation event.

Task 4 (Where is Amy's password)

Having identified the event that a new user was created on Amy's laptop, Arif telephones Amy and asks whether she can provide more clues. Amy tells that she has a personal password safe as an encrypted ZIP file hidden on the university network, teaching. But Amy is confident that only she can access her account details because this password safe has multiple security protection mechanisms. However, Arif wants to demonstrate that Amy's belief may be too optimistic. Provide screenshots and describe how Arif can easily access Amy's account information.

Task 5 (Amy's password)

Arif has extracted Amy's password safe, but he wants to demonstrate to Amy that her Windows password can be easily cracked. So he calls Amy and Amy bets that he cannot get her password. Being challenged and authorized, Arif decides to crack Amy's Windows password used on her laptop. Work out what the username and the password are on Amy's laptop.

Task 6 (When did things go wrong?)

Amy now realizes that Windows provides a very weak protection and she becomes concerned about the safety of her research data. Arif decides to look through the log files again in order to identify when the bogus account logged on to Amy's laptop. Use two screenshots to indicate when the bogus account was logged on and logged off.

Task 7 (I know what you did)

Arif believes that he can find all important activities on Amy's system during the session time identified in Task 6. Which event recorded in the system log file will tell Arif about the actions performed by the bogus account?
When did this event terminate?

Task 8 (Using LogParser)

Arif recalls that some events with EnventID 11728 are closely related to the installation of Windows programs. He decides to use the program LogParser to search for the events with EventID 11728 in the log files. List all the events Arif will find by using LogParser (screenshots are required).

Task 9 (The valuable Registry)

Arif feels that things might be very serious, so he decides to go through the Registry file "Server.reg" in the "Desktop.zip" file. What program(s) will Arif classify as suspicious? Provide strong reasons.

Task 10 (Before calling the police)
Arif and Amy feel that they must report to the police about their findings. Before they write a formal complaint to the forensic team, Arif recalls that he has intercepted an NTLM authentication session of user "helpdesk" and the hash is
Arif guesses that the password is 3 characters long but contains special symbols. Now, crack this password by using your own rainbow tables (screenshots are required).

Students are required to submit a case investigation report of approximately 2000 words along with exhibits to support findings and a bibliography.

Put your comment
View Conversion
  1. user image

    Criteria 3: Students critically evaluate information/data and the process to find/generate that information/data (T5 – 2 marks) Evaluates information / data and inquiry process using simple prescribed criteria. Evaluate information / data and the inquiry process using prescribed criteria Evaluate information / data and inquiry process using criteria related to the aims of the inquiry Criteria 4: Students organize information collected/generated (T6, T8 – 2 mark) Organize information / data using simple prescribed structure and process Organize information / data using a recommended structure and process Organize information / data using recommended structures and self- determined processes

  2. user image

    Criteria Attributes and Assignment Questions Satisfactory (up to 50% of total marks) Above Average (50% to 75% of total marks) Very Good (above 75% of total marks) Criteria 1: Students embark on inquiry and so determine a need for knowledge/ understanding (T1, T3 – 2 mark) Respond to questions / tasks arising explicitly from a closed inquiry. Respond to questions / tasks required by and implicit in a closed inquiry Respond to questions / tasks generated from a closed inquiry Criteria 2: Students find/generate needed information/data using appropriate methodology (T2 – 4 marks) Collect and record required information / data using a prescribed methodology from a prescribed source in which the information is clearly evident Collect and record required information / data and using a prescribed methodology from prescribed sources in which the information is not clearly evident Collect and record required information / data from self-selected sources using one of several prescribed methodologies

Ask Question & Get Answers from Experts
Browse some more (Other Subject) Materials
Research done by a financial services company asked the respondents to describe the company using the brand name of an automobile. This is obviously an example of quantitative
The Edmonds Police Department received an anonymous tip contained in a mailed note that Robert Young was growing marijuana in his house. A police detective went to the address
The question is related to Sociology and the question is explores the definition of terms sex, gender and sexuality. The terms gender, sex and sexuality have definite or sta
Explain two conditions that impair visual information processing. Discuss current trends in the research of visual information processing and how they advance understanding o
During the Missouri debates, Thomas Jefferson expressed the fear that that "question, like a fireball in the night, awakened and filled me with terror."? What was at stake in
The community health nurse needs to be open to different cultures. We have all heard this statement, "They are in the U.S. and so they should learn to conform". In our int
Over the past fifty years there has been a considerable increase in the amount of the attention paid to the problem of terrorism. Why has terrorism become such a salient issue
Differential reinforcement and punishment -Apply differential reinforcement and punishment procedures to various scenarios. Shaping with interventions and behavior - Explain t