Reference no: EM132329467 , Length: word count : 2500
Assignment
Part I Evidence Collection
Acquiring evidence is incredibly important phase of any response. If done properly, it provides the data necessary to conduct a thorough investigation that will stand up in a court of law. If done improperly, post incident litigation or criminal prosecution becomes more difficult, if not impossible.
To ensure proper acquisition, incident response analysts should include the necessary information found in this sample Evidence Collection and Processing Worksheet.
Your Task
You are the first one on the scene, and you are responsible for filling out this form. This time you will take on the role of the incident response analyst. Please document detailed evidence information found based on the exploit you performed as an attacker in the Week 6 -Exploitation Lab.
1. Fill out the form with detailed information.
2. Include at least 3 screenshots of the evidence.
Make sure you save all screenshots and write your explanations under the header label of Part I in Word.
Part II Chain of Custody
After evidence has been acquired and the evidence acquisition has been completed for each evidence item, the incident analyst should fill out a chain of custody form.
1. Fill out the form with detailed information
Make sure you save all work under the header label of Part II in Word.
Part III Breach Scenario Response
You work for a payment credit card organization. During your investigation as an incident response analyst, you have determined that the compromised device that you have collected evidence on in Week 6 - Exploitation Lab is a critical server that the company houses:
Customer Personal Identifiable Information (PII) such as:
o Name, Address, SSN#s, DOB, etc), .
You have determined in your investigation that daily during after work hours between the hours of 10p to 11pm, that files associated with this data is exfiltrated from the compromised device.
Write a two to three page paper describing your response as the dedicated incident response analyst in this scenario. You are to use your own imaginative/creative response using information and concepts to describe your response that are described throughout this course.
For example: How will you use concepts and terms in this course such as notifying personnel, detection, containment, eradication, recovery, governmental policies, etc. to this Breach Scenario?
Make sure you save all screenshots and written work under the header label of Part III in Word.
Attachment:- Assignment Details.rar