Week_8_Lab_10_Performing_Incident_Response_and_Forensic_Analysis_4e_-_Jose_Peraza_Jr

.pdf

School

American Public University *

*We aren’t endorsed by this school

Course

422

Subject

Information Systems

Date

Apr 29, 2024

Type

pdf

Pages

9

Uploaded by Rico21CMB on coursehero.com

Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Student: Email: Jose Peraza Jr jose.perazajr@mycampus.apus.edu Time on Task: Progress: 1 hour, 45 minutes 100% Report Generated: Saturday, April 27, 2024 at 9:09 PM Section 1: Hands-On Demonstration Part 1: Analyze a PCAP File for Forensic Evidence 10. Make a screen capture showing the Time Graph . Page 1 of 9
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 16. Make a screen capture showing the details of the 2021-Jul-13 15:33:00 session . Part 2: Analyze a Disk Image for Forensic Evidence 6. Make a screen capture showing the email message containing FTP credentials and the associated timestamps . Part 3: Prepare an Incident Response Report Date Insert current date here. Incident Report 2024-04-27 17:45 Page 2 of 9
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Name Insert your name here. Jose A Peraza Jr Incident Priority Define this incident as High, Medium, Low, or Other. High Incident Type Include all that apply: Compromised System, Compromised User Credentials, Network Attack (e.g., DoS), Malware (e.g. virus, worm, trojan), Reconnaissance (e.g. scanning, sniffing), Lost Equipment/Theft, Physical Break-in, Social Engineering, Law Enforcement Request, Policy Violation, Unknown/Other. Compromised System/Compromised User Credentials Incident Timeline Define the following: Date and time when the incident was discovered, Date and time when the incident was reported, and Date and time when the incident occurred, as well as any other relevant timeline details. Incident occurred 2021-07-01 16:05:00 MDT Incident Scope Define the following: Estimated quantity of systems affected, estimated quantity of users affected, third parties involved or affected, as well as any other relevant scoping information. Marvin’s email account is involved in the data theft incident. An email was sent from marvin.johnson@outlook.com to evildr683 disclosing FTP server and credetials. Systems Affected by the Incident Define the following: Attack sources (e.g., IP address, port), attack destinations (e.g., IP address, port), IP addresses of the affected systems, primary functions of the affected systems (e.g., web server, domain controller). FTP server’s publicly facing IP address (157.165.0.45) and valid credentials Page 3 of 9
Performing Incident Response and Forensic Analysis (4e) Fundamentals of Information Systems Security, Fourth Edition - Lab 10 Users Affected by the Incident Define the following: Names and job titles of the affected users. Marvin Jonson - Project Manager Page 4 of 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help