Skip to main content

This assessment requires students

Assessment Information

SIT703: Advanced Digital Forensics

Assessment 2: Case Investigation Report

This document supplies detailed information on assessment tasks for this unit.

Key information

  • Weighting: 20%

  • Word count: 2000 words

Purpose

This assessment requires students to apply knowledge of security on Windows network domain and follow standard procedure to investigate different types of cyber-crime

Instructions

This is an individual assessment task. You are required to submit a case investigation report supporting your findings and a bibliography.

This report should consist of:

  • an overview of the computer crime case

  • list of necessary resources for forensic investigation

  • analysis of detailed findings

  • review and reflection on the findings

Problem Statement

Arif works for a university as an IT administrator. He received a call on Sept 8, 2009 from a staff member Amy who complained that a suspicious account has been created on her personal laptop without her consent. The general IT policy of the university disallows Arif to acquire any research-related files from Amy’s laptop because she is participating a top- secret government project. Therefore, Arif asked Amy to export the Windows Registry and copy a few Windows log files of her laptop from the directory C:\Windows\system32\config

Assessment Information

Amy copied 5 files and compressed them in to a ZIP file named “Desktop.zip”. Now, Arif receives a copy of the ZIP file and starts to analyze what took place on Amy’s laptop (IP: 139.132.118.80).

Task 1 (Scan your machine)

To ensure that Arif’s machine is free of rootkit programs which may alter the investigation results, he decides to run a thorough scan. Choose at least two programs and provide the screenshots of the scanning results.

(1 mark)

Task 2 (Repairing Windows Logs)

Arif decompresses the file “Desktop.zip” and finds 4 Windows event log files. Describe the information stored in each log file and repair those important log files so that they can be viewed in Windows EventViewer.

(4 marks)

Task 3 (Which account is created)

Having repaired the log files, Arif examines one of them in order to identify which account was created without Amy’s consents. Which log file and which EventID number Arif should search? Provide a screenshot for the account-creation event.

(1 mark)

Task 4 (Where is Amy’s password)

Having identified the event that a new user was created on Amy’s laptop, Arif telephones Amy and asks whether she can provide more clues. Amy tells that she has a personal password safe as an encrypted ZIP file hidden on the university network, say the link is https://ift.tt/2wpmy3u teaching. But Amy is confident that only she can access her account details because this password safe has multiple security protection mechanisms. However, Arif wants to demonstrate that Amy’s belief may be too optimistic. Provide screenshots and describe how Arif can easily access Amy’s account information.

(3 marks)

Task 5 (Amy’s password)

Arif has extracted Amy’s password safe, but he wants to demonstrate to Amy that her Windows password can be easily cracked. So he calls Amy and Amy bets that he cannot get her password. Being challenged and authorized, Arif decides to crack Amy’s Windows password used on her laptop. Work out what the username and the password are on Amy’s laptop.

(2 marks)

Task 6 (When did things go wrong?)

Amy now realizes that Windows provides a very weak protection and she becomes concerned about the safety of her research data. Arif decides to look through the log files again in order to identify when the bogus account logged on to Amy’s laptop. Use two screenshots to indicate when the bogus account was logged on and logged off.

(1 mark)

Task 7 (I know what you did)

Arif believes that he can find all important activities on Amy’s system during the session time identified in Task 6.

Which event recorded in the system log file will tell Arif about the actions performed by the bogus account?

When did this event terminate?

(1 mark)

Task 8 (Using LogParser)

Arif recalls that some events with EnventID 11728 are closely related to the installation of Windows programs. He decides to use the program LogParser to search for the events with EventID 11728 in the log files. List all the events Arif will find by using LogParser (screenshots are required).

(1 mark)

Task 9 (The valuable Registry)

Arif feels that things might be very serious, so he decides to go through the Registry file “Server.reg” in the “Desktop.zip” file. What program(s) will Arif classify as suspicious? Provide strong reasons.

(3 marks)

Assessment Information

Task 10 (Before calling the police)

Arif and Amy feel that they must report to the police about their findings. Before they write a formal complaint

to the forensic team, Arif recalls that he has intercepted an NTLM authentication session of user “helpdesk” and

the hash is

a83938d111b45823aad3b435b51404ee:e5986e48146ab6a5f677dda1b1766351

Arif guesses that the password is 3 characters long but contains special symbols. Now, crack this password by using your own rainbow tables (screenshots are required).

(3 marks)

Submission details

Students are required to submit a case investigation report of approximately 2000 words along with exhibits to support findings and a bibliography.

The post This assessment requires students appeared first on My Assignment Tutor.



Logo GET THIS PAPER COMPLETED FOR YOU FROM THE WRITING EXPERTS  CLICK HERE TO ORDER 100% ORIGINAL PAPERS AT PrimeWritersBay.com

Comments

Post a Comment

Popular posts from this blog

Identify and discuss a key milestone in the history of computers that interests you and why.

  Part 1Title: Lab ResponseDiscuss one feature of MS Word and one feature of MS Excel that you found challenging within the lab and why. Examples are WordArt, inserting shapes, adding borders, cell styles, etc. This response should be at least one paragraph in length. Part 2Title: History of Computers Identify and discuss a key milestone in the history of computers that interests you and why. This section should be at least one paragraph. Part 3Title: System Software vs. Application Software In your words, explain the difference between application software and system software as if to another coworker who has limited technical knowledge. Use examples to support your rationalization. This section should be at least two paragraphs. Part 4Title: Blockchain and Cryptocurrency In a minimum of one paragraph each: 1. Conduct some research on the internet and discuss one underlying technology of cryptocurrencies like blockchain, cryptography, distributed ledger technol...
Post a Comment
Read more

You have been given the t

PPMP20009 Leading Lean Projects Term 2, 2018 Page 1 of 3 Assessment 1 (Individual Work – 40%) Case study: Managing Lean Project Introduction You have been given the task to organise the FIFA 2018 World Cup football tournament ( https://ift.tt/2If0UDE ). (For those not familiar with football, you may change the event to the recently concluded 2018 Gold Coast Commonwealth Games: https://gc2018.com/ ). Your tasks This assessment item requires you to work INDIVIDUALLY. 1. As the project manager in charge of delivering such as an important world sporting event: i. Identify and elaborate the following terms with regards to the event. a. Voice of the Customer (VOC) b. Critical to Customer Requirements (CCR) c. Critical to Quality parameters (CTQ) ii. In what ways would you have implemented lean project management for this event? Identify and elaborate processes from PMBOK, PRINCE2, Organisational Project iii. Management Agile Practices and Lean Six Sigma (DMAIC Me...
Post a Comment
Read more

Cybersecurity and Infrastructure Security (CISA)

 Develop a research paper that identifies a specific Department of Homeland Security (DHS) operating agency. Fully describe 1 DHS operating agency from the following list: Cybersecurity and Infrastructure Security (CISA) U.S. Customs and Border Protection (CBP) U.S. Citizenship and Immigration Services (USCIS) Federal Emergency Management Agency (FEMA) U.S. Coast Guard (USCG) U.S. Immigration and Customs Enforcement (ICE) U.S. Secret Service (USSS) Transportation Security Administration (TSA) The information must include a discussion of the selected DHS agency. Identify the agency’s mission, goals, objectives, and metrics. Conduct an analysis of how these mission areas address the threats or challenges. Recommend agency program priorities among the current set of goals, objectives, metrics, or budget items. Justification of all choices is an essential element of this assignment. Reference all source material and citations using APA format. WE OFF...
Post a Comment
Read more