Computer Science Describe how to investigate an intrusion incident such as a redirect attack on a Windows laptop, with malware upload, what would you likely find going through the laptop and network information (hint: going through pcap files, system logs, security logs, and registry hive (ntuser.dat, etc...), and the file looking for artifacts)? In your opinion, how would you likely validate findings (artifacts), to confirm their accuracy and significance, found on the system and network?

Computer Science Describe how to investigate an intrusion incident such as a redirect attack on a Windows laptop, with malware upload, what would you likely find going through the laptop and network information (hint: going through pcap files, system logs, security logs, and registry hive (ntuser.dat, etc...), and the file looking for artifacts)? In your opinion, how would you likely validate findings (artifacts), to confirm their accuracy and significance, found on the system and network?

Management Of Information Security

6th Edition

ISBN:9781337405713

Author:WHITMAN, Michael.

Publisher:WHITMAN, Michael.

Chapter12: Protection Mechanisms

Section: Chapter Questions

Problem 2E

See similar textbooks

Similar questions

How susceptible is your computer to the many kind of security holes that exist today? How may these dangers be reduced? Briefly go through the plans of action. The best way to determine whether a virus has infected your computer is to have a look at the symptoms it displays.
A. Suppose that while trying to access a collection of short videos on a Web site, you see a popup window stating that you need to install custom codec in order to view the videos. What threat might be posed to your computer system if you accept the installation request? B. Name five X.800 security services. Provide a brief description for each service.
Let's say your company's email server sends you a message informing you that someone has attempted to change your password and requests that you confirm the change. But you know you haven't changed the password, right? Why do you think the password was altered? What kind of malware may have been present, and on what computers, that would have allowed an attacker to successfully reset the password?
1. Give your explanation of the differences in authentication procedures that are owned by the Windows, Linux and Mac operating systems
Given the list of possible active attacks; os exploits, virus, trojan, syn scan, Ack Scan, and web Attacks and given a firewall between the Internet (represented by a cloud) and your network router. which of these types of attacks are not able to be prevented through the firewall? why are these types of attacks not able to be prevented through the firewall? How can these attacks be prevented from taking place?
What steps would you use as a Malware Expert to analyse a portable executable (PE) and determine if it is malicious or benign? Mention the names of the tools used in the distinct techniques as well.
For the sake of argument, let's say your company's email server sent you a message asking you to verify a password change. However, you haven't changed the password recently. What happened that necessitated a new code? In what ways may an attacker have gained access to the password, and on what systems, using what malware?
Assume you get a message that seems to be from your company's mail server informing you that the password for your account has been changed and that you must take action to confirm this. However, you have not, as far as you are aware, changed the password! What might have happened to cause the password to be changed? What kind of malware, and whose computer systems, might have supplied an attacker with the knowledge they needed to effectively reset the password?
What is Windows Defender, and how does it function as an antivirus and antimalware tool in Windows 10 and later versions?
Let's pretend you receive a notification from the company's email server saying that your password has been changed and you need to take some action to verify this. To your knowledge, you have not, however, altered the password. When may the password have been changed, and why? What machines were infected with what sort of malware, and how did the attacker get the information they required to change the password?
What steps would you use as a Malware Expert to evaluate a portable executable (PE) and determine if it is malicious or benign? Mention the names of the tools used in the distinct techniques as well.
Assume that the mail server at your employer sends you a message alerting you that the password for your account has been changed and that you need to take some action in order to confirm this. Nevertheless, it appears that you have not modified the password in any way, shape, or form! What may have possibly occurred to prompt the need to change the password? Whose systems were infected with what sort of malware, and how did the attacker get the information they required to successfully reset the password?