18 Dec Write a forensic report. The details are in the file below. I will send the login info for the link to the hard drive image. It’s best if you know EnCase but not necessary I have
Write a forensic report. The details are in the file below.
I will send the login info for the link to the hard drive image. It's best if you know EnCase but not necessary
I have made some progress already as well, but it is due by 5:30 today so don't bid unless that is ok.
CS 340/440 Final Exam Report
Instructions: For the Final Exam Report, you will be doing a simple forensic investigation of a hard drive image. In the scenario below you are asked to answer certain questions through examination of this system.
This part of the exam is worth 60 points (3 points per question, 3 points for any grammar or spelling errors per question).
You will submit a forensic report that includes the answer to the questions, along with supporting evidence to show how you got the answers. Keep in mind the answer to a question might be that there is no evidence of something actually occurring (because it didn’t), so if you can’t find evidence that something did happen, then that’s your answer (and how you confirmed it). This is designed to test your investigation skills, applying the lab/homework assignments we’ve done over the semester, and the reading you’ve been assigned. Remember the way to answer a question may come from your reading assignments, not necessarily something I covered in a lecture.
Since this will be similar to an “official” report, make sure you include things like:
· Software used and versions
· Any testing you did to confirm your findings
Ground Rules:
1) Your final report is to be submitted to me electronically by 12/16/2022 at 6:00pm Central. NO EXCEPTIONS.
2) Make sure your name is on EVERY page of the report. Put it in the header or footer.
3) You are allowed to ask for help from your fellow classmates or work in groups.
4) You are allowed to search for information online to help you answer the questions.
5) You are NOT allowed to ask for help from anyone outside of your classmates in the Fall 2022 CS340/440 class.
6) You must submit your own individual report. I don’t want to receive 20+ copies of the same report.
7) I will take off points for spelling/grammatical errors!
8) You may use any forensic software tool to find the answers. Not just the tools on your Windows 10 VM.
9) You can copy the hard drive image to another machine. You do not have to do the examination on the Lab VM’s. OneDrive folder with the image can be found here: Final Exam Evidence
10) You must submit your report via Sakai in the Assignments section. If your file is too large for Sakai you can either email it to me, or send me a link to where I can download it.
11) DO NOT SIMPLY SUBMIT A DOCUMENT WITH THE QUESTIONS AND THE ANSWERS. You will lose 30 points right off the bat for doing that.
12) You do not HAVE to use all the sections of a report we discussed in class. Use whatever headings are appropriate for your report.
Take advantage of the SANS DFIR Posters under Resources (Week Fifteen) for locations of different artifacts in Windows.
Scenario: On December 16th, 2022 you were contracted to perform a forensic analysis for Dewey, Cheatum, and Howe, LLP. The CEO of Kidco, William L. Howard has been compromised by an unknown individual. He believes it began sometime around November 19th, 2021. Mr. Howard is concerned that company information has been stolen off of his computer. He recalls receiving an email with an attachment that would not open prior to the 19th, but he’s not sure on the exact date.
Kidco had another security incident in 2020, but that was handled by another firm. As part of the company’s security improvements from that incident, they started testing an open source program called Velociraptor to monitor their workstations and servers. However the software has not been fully implemented yet and was unavailable for this current incident.
A third party forensic firm, Grouppunch, was brought in to image the hard drive of Mr. Howard’s computer. A copy of that image has been provided for your investigation.
Remember when you drag and drop the first E01 image file into EnCase, it will automatically load the other EWF/E0* files in the directory.
You are being tasked with examining the evidence, and providing a forensic report on your findings based on the following questions:
1) What is the Disk Signature?
2) Parse out the Master Boot Record and provide the following data for the valid partitions:
a. Partition Type
b. Starting sector
c. Partition Size
3) Find out the following information about the machine:
a. Computer Name
b. Time Zone of Computer
c. Last Shutdown Time
4) When did the unknown individual get access to Mr. Howard’s laptop?
5) How did the unknown individual get access to Mr. Howard’s laptop?
6) Is there any evidence the unknown individual placed malware on Mr Howard’s laptop?
7) Was any information potentially stolen off of Mr. Howard’s laptop?
8) Is there any possible indication that Mr. Howard was in on the scheme?
9) Is there any evidence that the unknown individual accessed any other systems on the network?
10) Put a timeline together that shows the activity of the unknown individual on Mr. Howard’s machine.
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteEdu. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
Do you need help with this question?
Get assignment help from WriteEdu.com Paper Writing Website and forget about your problems.
WriteEdu provides custom & cheap essay writing 100% original, plagiarism free essays, assignments & dissertations.
With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Chat with us today! We are always waiting to answer all your questions.