Wk3 Findings Assignment Mitchell K

.pdf

School

American Military University *

*We aren’t endorsed by this school

Course

455

Subject

Information Systems

Date

Apr 3, 2024

Type

pdf

Pages

7

Uploaded by SuperHumanMoonGoldfish41

3.3 Email 2: Sabre Project - - hours On , at hours, identified HIS mistake and replied to HIS original email at hours to explain HE wrote in error. Within the email, HE mentioned that wrote to SCOTT and the account is being set up to wire to JD (Forensic Comment: APUS believes is a typo for for ). Analyzing the raw email message information, the email was delivered to (Figure 4). T he message originated (“x -originating- ip” located in the raw email header) from , an , United Arab Emirates (Figure 5 and 6). The timestamp on the message in Figure 4 is Tuesday, , 3:38:14 AM, indicated that SCOTT’s local client is operating in the +0800 (UTC+8) time zone, which corresponds with local time and HIS signature block location. SCOTT sent the message to cover up the mistake made in Email 1. In this second message, SCOTT changed HIS IP address, which indicates a VPN or Proxy; however, Figure 5 below reported the IP was not a proxy or VPN. Figure 1 - jimhalpert@jlaenterprise.com auto-forwards to officeman1987a@gmail.com and SCOTT ’s IPv4 address Figure 2 - IP Address Lookup Details - 83.110.250.231
Figure 3 - IPv4 Geographical Location - 83.110.250.231 Figure 4 - Email 2 - Michael SCOTT to Jim Halpert (Covering Mistake)
3.4 Domain Created - - hours On , at hours, the counterfeit domain (Forensic Comment: Switching the to ) was registered and set up to use Microsoft Office 365/online Outlook mail according to an (Mail eXchange) query that shows was registered as “ .” It is very significant since Outlook 365 includes “x -originating- ip” headers on all sent messages, which include the IP address sending the messages. According to WHOIS (Figure 9), the domain was registered with and a creation date of at hours. Figure 10 displays the geographical location as , coinciding with headquarters. Figure 5 - MX Query - JLAENTREPRISE.COM Figure 6 - Whois Information (jlaentreprise.com)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help