User Account

All Pages

Describe the information stored in each log file

Assignment Help Computer Network Security
Reference no: EM13835648

Problem Statement

Arif works for a university as an IT administrator. He received a call on Sept 8, 2009 from a staff member Amy who complained that a suspicious account has been created on her personal laptop without her consent. The general IT policy of the university disallows Arif to acquire any research-related files from Amy's laptop because she is participating a top-secret government project. Therefore, Arif asked Amy to export the Windows Registry and copy a few Windows log files of her laptop from the directory C:\Windows\system32\config Amy copied 5 files and compressed them in to a ZIP file named \Desktop.zip". Now, Arif receives a copy of the ZIP file and starts to analyze what took place on Amy's laptop (IP: 139.132.118.80).

Task 1:

To ensure that Arif 's machine is free of rootkit programs which may alter the investigation results, he decides to run a thorough scan. Choose at least two programs and provide the screenshots of the scanning results.

Task 2 (Repairing Windows Logs)

Arif decompresses the file \Desktop.zip" and finds 4 Windows event log files. Describe the information stored in each log file and repair those important log files so that they can be viewed in Windows EventViewer.

Task 3 (Which account is created)

Having repaired the log files, Arif examines one of them in order to identify which account was created without Amy's consents. Which log file and which EventID number Arif should search? Provide a screenshot for the account-creation event.

Task 4 (Where is Amy's password)

Having identified the event that a new user was created on Amy's laptop, Arif telephones Amy and asks whether she can provide more clues. Amy tells that she has a personal password safe as an encrypted ZIP file hidden on the university network.

The link to access the password safe is https://www.deakin. edu.au/~zoidberg/SIT703/Login.php. But Amy is confident that only she can access her account details because this password safe has multiple security protection mechanisms. However, Arif wants to demonstrate that Amy's belief may be too optimistic. Provide screenshots and describe how Arif can easily access Amy's account information.

Task 5 (Amy's password)

Arif has extracted Amy's password safe, but he wants to demonstrate to Amy that herWindows password can be easily cracked. So he calls Amy and Amy bets that he cannot get her password. Being challenged and authorized, Arif decides to crack Amy's Windows password used on her laptop. Work out what the username and the password are on Amy's laptop.

Task 6 (When did things go wrong?)

Amy now realizes that Windows provides a very weak protection and she becomes concerned about the safety of her research data. Arif decides to look through the log files again in order to identify when the bogus account logged on to Amy's laptop. Use two screenshots to indicate when the bogus account was logged on and logged off.

Task 7

Arif believes that he can find all important activities on Amy's system during the session time identified in Task 6. Which event recorded in the system log file will tell Arif about the actions performed by the bogus account? When did this event terminate?

Task 8

Arif recalls that some events with EnventID 11728 are closely related to the installation of Windows programs. He decides to use the program LogParser to search for the events with EventID 11728 in the log files. List all the events Arif will find by using LogParser. (screenshots are required.)

Task 9

Arif feels that things might be very serious, so he decides to go through the Registry file \Server.reg" in the \Desktop.zip" file. What program(s) will Arif classify as suspicious? Provide strong reasons.

Task 10

Arif and Amy feel that they must report to the police about their findings. Before they write a formal complaint to the forensic team, Arif recalls that he has intercepted an NTLM authentication session of user \helpdesk" and the hash is a83938d111b45823aad3b435b51404ee:e5986e48146ab6a5f677dda1b1766351 Arif guesses that the password is 3 characters long but contains special symbols. Now, crack this password by using your own rainbow tables.

Reference no: EM13835648

Questions Cloud

Calculate the mass of chromium : Calculate the mass of chromium-52 in amu from the following if the average atomic mass of chromium = 51.9961. Chromium 50 Mass 49.95amu 4.40 abundance Chromium 52 Mass x amu 83.9 abundance Chromium 53 mass 52.94 9.50 abundance Chromium 54 mass 53.94 ..
Percentage appreciation or depreciation of japanese yen : 1. Please use the exchange rate quotes provided in the table to answer following questions.
Explain shine bakery produces specialty coffee machines : Shine Bakery produces specialty coffee machines. Shine uses a standard cost system. Data regarding production during August are as follows
Paper about a topic related to your major or intended career : Write a 9 to 10 page research paper about a topic related to your major or intended career. The thesis of your paper should propose a solution to solve a specific problem
Describe the information stored in each log file : To ensure that Arif 's machine is free of rootkit programs which may alter the investigation results, he decides to run a thorough scan. Choose at least two programs and provide the screenshots of the scanning results.
Defining supplier requirements : Defining supplier requirements
Chvorinovs rule calculate the mold constant b : A rectangular casting having the dimensions 3 inch by 5 inch by 0inch solidifies completely in 11.5min. Using n=2 in 2 in Chvorinov’s rule, calculate the mold constant B. Then compute the solidification time of a 0.5inch by 8inch by 8inch casting pou..
Write sql queries to solve the given specifications : Write SQL queries to solve the following specifications. Include the query AND THE OUTPUT. A screen dump of the output is acceptable. Show as many rows as you can.
Explain market segmentation analysis and a value proposition : Market Segmentation Analysis and a Value Proposition. Your company has decided to explore the possibility of developing a new retail brand aimed at a specific target market. Please prepare a report that would form the basis of a planning discussio..

Reviews

Write a Review

Computer Network Security Questions & Answers

  Examine the different levels of security

Examine the different levels of security and how an organization can provide the proper level of effort to meet each information security need and how this relates to what is in an organization's information security policy

  Explain hardware and software used to support personal

Write 700-1050 word paper explaining hardware and software used to support personal, workgroup, and enterprise computing within current organization, an organization.

  Explain the most common forms of digital crime

Explain the most common forms of digital crime. Determine the category of computer crimes or cyber terrorism that presents the greatest overall threat at the present time. Provide a rationale to support your response.

  Important benefit of asymmetrical encryption

What is the most important benefit of asymmetrical encryption? Contrast with symmetrical encryption - Which part of CAIN is realized through the use of message digest functions and hashes?

  Security through obscurity in a computer situation

Give an example of security through obscurity in a computer situation. Give an example of security through obscurity in a situation not involving computers. Is security through obscurity an effective countermeasure in either example?

  Denial of service and distributed denial of service attacks

US cryptography export restrictions: past, present, and future and biometrics for authentication: security and privacy implications.

  Estimating resources with the budget

Managing a project and I have an $850,000 budget. For the project, the resources include 4-developers and on project manager. A suppose that the average workweek per person is forty hours

  De-cipher the message using vigenere cipher analysis tool

Using statistical analysis only on Caesar cipher, decrypt this cipher. Show your work in detail. Do not use brute force - De-cipher the following message using Vigenere Cipher analysis tool

  Reliable transmission of large volume data

Modern network applications require reliable transmission of large volume of data with bounded delay, between users and data-centres and between data-centres, potentially half way around the earth. What are the limitations in using distributed data c..

  Security risk to acknowledge using macros

Write down 200- to 300-word response which answers the following question: Based on article by Lenning (2005), what is main security risk which users must acknowledge when using macros?

  Compute value of shared secret key

You have secretly picked value SA = 17. You begin session by sending Bob your computed value of TA. Bob responds by sending you value TB = 291. What is the value of your shared secret key?

  Was the tjx break-in due to a single security weakness

Explain different ways that this program can be sabotaged so that during execution it computes a different sum, for example, 3 to 20.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd