Lab 10

.pdf

School

American Public University *

*We aren’t endorsed by this school

Course

422

Subject

Information Systems

Date

Feb 20, 2024

Type

pdf

Pages

11

Uploaded by PresidentRiverWasp4

Report
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Student: Email: Steven Engelken steven.engelken@mycampus.apus.edu Time on Task: Progress: 2 hours, 12 minutes 100% Report Generated: Monday, January 22, 2024 at 1:00 AM Section 1: Hands-On Demonstration Part 1: Analyze a PCAP File for Forensic Evidence 10. Make a screen capture showing the Time Graph . Page 1 of 11
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 16. Make a screen capture showing the details of the 2021-Jul-13 15:33:00 session . Part 2: Analyze a Disk Image for Forensic Evidence 6. Make a screen capture showing the email message containing FTP credentials and the associated timestamps . Part 3: Prepare an Incident Response Report Page 2 of 11
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Date Insert current date here. 01/21/2024 Name Insert your name here. Steven Engelken Incident Priority Define this incident as High, Medium, Low, or Other. High Incident Type Include all that apply: Compromised System, Compromised User Credentials, Network Attack (e.g., DoS), Malware (e.g. virus, worm, trojan), Reconnaissance (e.g. scanning, sniffing), Lost Equipment/Theft, Physical Break-in, Social Engineering, Law Enforcement Request, Policy Violation, Unknown/Other. Compromised System, Reconnaissance, Policy Violation Incident Timeline Define the following: Date and time when the incident was discovered, Date and time when the incident was reported, and Date and time when the incident occurred, as well as any other relevant timeline details. Date and time when the incident was discovered: 2024-01-22 20:20:00 PST Date and time when the incident was reported: 2024-01-22 20:40:00 PST Date and time when the incident occurred: 2021-07-01 16:05:00 MDT Page 3 of 11
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Incident Scope Define the following: Estimated quantity of systems affected, estimated quantity of users affected, third parties involved or affected, as well as any other relevant scoping information. Estimated quantity of systems affected: 4 Estimated quantity of users affected: 1 Third parties involved or affected (e.g., vendors, contractors, partners): 0 Additional Information: Mr. Johnson was working with Dr. Evil and released IP addresses as well as account access to an FTP secured network in order to steal company information. Systems Affected by the Incident Define the following: Attack sources (e.g., IP address, port), attack destinations (e.g., IP address, port), IP addresses of the affected systems, primary functions of the affected systems (e.g., web server, domain controller). Attack sources (e.g., IP address, port): IP address: 157.165.0.25 Attack destinations (e.g., IP address, port): IP address: 172.31.0.20, 172.31.0.1, 172.30.0.2, 172.40.0.1 IP addresses of the affected systems: 172.31.0.20, 172.31.0.1, 172.30.0.2, 172.40.0.1 Primary functions of the affected systems (e.g., web server, domain controller): domain controller Users Affected by the Incident Define the following: Names and job titles of the affected users. Names and job titles of the affected users: Marvin Johnson-Project Manager Page 4 of 11
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help