User Account

All Pages

CO7606 Digital Forensics and Incident Response Assignment

Assignment Help Other Subject
Reference no: EM132931163

CO7606 Digital Forensics and Incident Response - University of CHESTER

Learning Outcome 1: Analyse malware and perform intrusion analysis
Learning Outcome 2: Use operational techniques effectively to provide attribution details on a cyber attack
Learning Outcome 3: Determine the use of anti-forensics methods/techniques and falsification
Learning Outcome 4: Craft and justify a measured incident response plan

Assignment Brief

Introduction

You are working as a Digital Forensics and Incident Response officer for the company "Incident Response for You" (referred to as IR4U).

IR4U has just been contracted by a company, Driving Solutions to provide them support in identifying an ongoing breach in their company. They identified this breach from their ISP reporting 200GB more bandwidth going out of their network than normal. They suspect that files are being exfiltrated from their network.

About Driving Solutions

Driving Solutions is a national local company based at Chester. They employ 10 staff comprising of:
- 2x Administration staff who organise the client appointments with the driving instructors
o The two staff job share, one working Mon-Wed, and the other Thurs-Fri. There is 1x Windows 7 desktop machine in use which stays onsite, and they both share this computer.
- 6x Driving instructors
o These staff do not use the computers on site.
- 1x Car Mechanic
o The mechanic uses his own Windows 10 laptop he brings in from home.
- 1x CEO
o The CEO has a MacBook pro 2012 running macOS Catalina. That's the latest version the laptop will run. He brings this between work and home.

They do not employ IT staff, instead relying on a friend of the CEO who comes in when needed to help with any problems or setting up new computer equipment.

Task 1:

Driving Solutions Uncovers Malware

A malicious MS Word Document file has been found on the Windows 7 machine which had been received by email and previously opened, some time ago. This is noted to have previously cause business continuity issues, so the Windows 7 machine was rebooted and everything then seemed ok.
(Note: File available on the VLE platform)

Study this file, and provide detailed information about it, including what the malware did and how to fix what it did. Also cover how this can be prevented in the future.

More marks will be given for analysis which finds each part of the code in the malware and shows understanding of what each part does. Documentation is very important and the company expects a high level of detailed analysis so that they can ensure their customers that this is handled and measures are in place for the future to prevent this.

Be sure to remark on whether this malicious document and its payload is or can be associated with the exfiltration of the data reported by the high bandwidth usage.

This Word Document will lead you onto another file which you also need to analyse and provide details on what it does.

Task 2:

Your IR4U colleague has checked the email that was sent containing the Word Document from Task 1. They have uploaded this (containing all the email headers) for you to download.

By using both the Word Document, and the email just mentioned, you are to use this to attempt attribution of the attacker in question. You are to also attempt to identify what type of threat actor this attacker is. Eg. APT, Organised Crime, Script Kiddie, or other. Give detail and justification behind this judgement made including a percentage of how accurate this attribution is.

Task 3:

Your colleague at IR4U has started checking over the other computers connected on the company's network by running a malware scan on each computer. They found several more malware files on this Windows 7 computer so far and nothing on the other computers.

You are to perform malware analysis on the files provided. In addition to stating what the malware does, you are to discuss the anti-forensics/anti-analysis techniques present. These techniques will be present in one or more files.

You suspect that malware might have spread to the other computers and not been detected by the anti-virus. You are to discuss the process of ‘threat hunting' across the other computers on the network. Propose a plan including tools and techniques that should be used to help audit these other computers for signs of infection in the organisation? E.g. Network traffic analysis for command and control? Ram analysis?

Task 4:

This whole incident has made the CEO realise that they are not prepared to deal with issues like this. They have asked you to formulate an incident response plan for the future to help better prepare for when this happens again.

You are to detail the entire process (preparation, identification, containment, and so on...) - What tools and techniques could the organisation use to help plan better for when this happens.

Additionally, you should make use of the Cyber Kill Chain to discuss what has happened via the Word Document phishing attack in Task 1.

Attachment:- Digital Forensics and Incident Response.rar

Reference no: EM132931163

Questions Cloud

What is a characteristic of a joint arrangement : What is a joint arrangement whereby the parties with joint control of the arrangement have rights to the net assets of the arrangements?
How much higher is the manager bonus : The net income after taxes is $54220 for FIFO and $45400 for LIFO. The tax rate is 30%. The bonus rate is 20%. How much higher is the manager's bonus
What is the probability the customer has never sailed : If the customer has never cruised with Castaway before, what is the probability she is female? What is the probability the customer has never sailed
How many committees can be formed : A group of 9 people is going to be formed into committees of 4, 3, and 2 people. How many committees can be formed if a person can serve onnumber of committees
CO7606 Digital Forensics and Incident Response Assignment : CO7606 Digital Forensics and Incident Response Assignment Help and Solution, University of CHESTER - Assessment Writing Service
Should Enviro accept the new customer : Assuming that Enviro division desires to maximise its gross margin, should Enviro accept the new customer and drop its sales to Energy Plus for 2019? Why
What is the role of internal controls in business settings : What is the role of internal controls in business settings? How not having internal controls in place may impact the accurate analysis of any wrongdoing
What are the earnings before interest and taxes : The addition to retained earnings is $350 and net new equity is $380. The tax rate is 32 percent. What are the earnings before interest and taxes
What is the shut-down cost : The company normally produces and sells 10,000 gallons of the glue each month. What is the shut-down cost? What is the shutdown point

Reviews

len2931163

6/30/2021 11:31:32 PM

Below attached is an assignment brief of MSc. Cybersecurity. There are 4 tasks in total but since this is a group assignment . Can you please update me on whether you can do task or not. Also how much it will cost and need the work as soon as possible.

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd