Digital Forensics Lab 4

In: Other Topics

Submitted By sromero188
Words 579
Pages 3
CCSI 410 Forensic Lab Report

1) Investigator’s Name:

2) Date of Investigation: August 2, 2014

3) Lab Number and Title: Lab 4 Keyword Searches

4) Summary of Findings:

I did the steps required to fulfill my report. I found there is enough evidence to continue the investigation due to the search results.

5) Details of Investigation

1. 11.45 pm – Turned on suspect computer 2. 11: 47 pm – Entered lab environment 3. 11: 49 pm – Determined keyword list 4. 11:59 pm – Added the floppy image 5. Augest 3rd 12:05 am – Added keywords to the search utility 6. 12:09 am – Initial look at .emi files and addressbook.csv complete 7. 12:11 am – Search using keywords 8. 12:15 am – Completed report 6) Please type the answers to the questions found throughout the lab here. 1. Bid rigging is well rigging a bid so that a certain firm will win the bid. Bid Rotation is when bidding is predetermined which firm is going to win and the other firms involved in the process get something out of it as well so basically a win-win situation for all involved parties. Bid suppression is where firms can enter the bid but choose to not do so in order to let another firm win. Bid cover is when the firms making the bid knows their bid will be rejected so that another firm will the bid. 2. There are many words and phrases you would search for when looking when it comes to bid rigging which include bid, cover up, fraud, lie, cheat, agreement First off the language barrier can be a problem, even with a translator things can still be complicated. On top of that, different countries have different laws. Those different laws can make trying to stop bid rigging much harder because they may have softer laws or…...

Similar Documents

Lab 4

...In this lab, you explored all five phases of hacking using Zenmap GUI for Nmap, Nessus®, BackTrack4, and the Metasploit Framework application. Lab Assessment Questions & Answers 1. What are the five steps of a hacking attack? Footprinting- acquiring information about target Scanning - use acquired information from footprinting to gain more detailed information Enumeration- Extracting more-detailed and useful information System hacking- attack a system using a method that deems useful Covering Tracks – Covering tracks to avoid detection 2. During the reconnaissance step of the attack, describe what task Zenmap GUI performs to do passive OS fingerprinting. sends commands to the platform-specific nmap executable and pipes the output back 3. What step in the hacking attack process uses Zenmap GUI? System Hacking 4. What step in the hacking attack process identifies known vulnerabilities and exploits? enumeration 5. During the scanning step of the hacking attack process, you identified known software vulnerabilities in a Windows XP Professional Workstation. List the name and number of the critical Microsoft® vulnerabilities identified. What is vulnerability “MS08-067”? MS08-067: Vulnerability in Server service could allow remote code execution. 6. Which tool and application were used to exploit the identified vulnerability on the targeted Microsoft® Windows 2003 XP server? Microsoft Server Service Relative Path Stack Corruption and Metasploit 7. If......

Words: 357 - Pages: 2

Lab 4

...Willie Harris ------------------------------------------------- is3230 lab 4.2 Implement Organizational-Wide Network and WLAN Access Controls 1. Each time you open a port or allow a program to communicate through a firewall, your computer becomes a bit less secure. The more allowed programs or open ports your firewall has, the more opportunities there are for hackers or malicious software to use one of those openings to spread a worm, access your files, or use your computer to spread malicious software to othersEach time you open a port or allow a program to communicate through a firewall, your computer becomes a bit less secure. The more allowed programs or open ports your firewall has, the more opportunities there are for hackers or malicious software to use one of those openings to spread a worm, access your files, or use your computer to spread malicious software to others. 2. 2. By going to start -> control Panel -> Select firewall there it gives you the options that are on Windows Firewall. 3. First if you’re sitting in a coffee shop and decide you want to check your Facebook page and your email to kill some time. You scan the available networks and see one that’s open and unsecured. You connect and start surfing. Coffee and free WiFi, what could be better, right? Wrong! A hacker is also fond of coffee shops and he is located within range of the router you connected to. He’s waiting for one or more people to connect to the network so he can start......

Words: 628 - Pages: 3

Digital Forensic

...NAME OF GROUP MEMBERS: HON HAO KONG TP027895 THOR LIH YIN TP024383 YUVARAJ MURALITHARAN TP028059 GROUP : GROUP C2I INTAKE CODE : UC3F1402IT{FC} MODULE CODE : CT040-3.5-3-LEAFC MODULE TITLE : LEGAL EVIDENTRARY ASPECTS OF FORENSIC COMPUTING, LEAFC PROJECT TITLE : LEAFC 2nd Group Assignment HAND-OUT DATE : 27th MAY 2014 HAND-IN DATE : 16TH JUNE 2014 LECTURER : MR. ALI JAVAN Table of Contents 1.0 Workload Matrix 3 2.0 Executive Summary 4 3.0 Case Detail and Assumptions 5 4.0 First Responder 7 4.1 Overview 7 4.2 First Responder Procedures 7 4.2.1 Securing and evaluating electronic crime scene 7 4.2.2 Documenting electronic crime scene 10 4.2.3 Collecting and preserving electronic evidence 15 4.2.4 Packaging electronic evidence 21 4.2.5 Transporting electronic evidence 22 4.3 Chain of Custody 23 5.0 Critical Analysis 24 5.1 Forensic Analysis 29 6.0 Case Reconstruction 40 6.1 Functional Analysis 40 6.2 Timeline Analysis 42 6.3 Relational Analysis 43 7.0 Apply and Result of Subpoena 44 8.0 Legal Discussion and Implication 45 8.1 Legal Discussion Perspectives 47 9.0 Conclusion and recommendations 51 9.1 Conclusion 51 9.2 Recommendations 51 10.0 References 52 Appendix A– Affadavit 54 Appendix B- Subpoena 59 1.0 Workload Matrix | Thor Lih Yin......

Words: 11150 - Pages: 45

Digital Forensics - Uganda’s Preparedness

... Digital Forensics: Uganda’s Preparedness Dennis Tusiime Rwatooro 2014-M142-2002 Dept of Computer Science Abstract — The more our lives continue to depend on digital communication networks and media to perform daily activities such as communication, access to information and critical services such as health, financial transactions, entertainment, and public utilities like electricity, the more we get exposed to security risks. These security risks include breach of confidentiality of communication and transactions, violation of personal privacy, crime and fraud, disruption of services, and distribution of inappropriate content, among others. The goal of digital security is to research into and develop mechanisms to address these security risks. In this paper we briefly survey some of the emerging issues in digital security. The literature shows that while some domains in digital security have remained unchanged over a long time, for example cryptography, new areas have emerged including steganography. Keywords – digital forensic techniques, volatitle data extraction, digital image forensics, malware investigations, email security, symmetric key cryptography, asymmetric key cryptography, public key cryptography. Introduction Forensic science is defined as the application of the sciences as it pertains to legal matters or problems (Gialamas, 2000). One of the branches/fields of forensic science, namely criminalistics, is the profession and scientific discipline......

Words: 7291 - Pages: 30

Lab 4

...Sandra Guzman 01/22/2015 Lab 4 Deliverables Note: Screenshots will be provided at the end. Q: From your local computer, use your favorite Internet browser to research the threat identified on this screen and the possible remediation steps and document your findings in your Lab Report file. Viruses found: 1. Win32/DH{eR4UTxVzG3U} 2. Win32/DH{eR4UTxVzG3U} 3. Win32/DH{HhMXFE8Vcxt1} 4. Trojan horse Dropper.Generic4.BVMA 5. Trojan horse Hider.BNG 6. Trojan horse PSW.Generic11.NYJ 7. Potentially harmful program Logger.IAC 8. Potentially harmful program RemoteAdmin.IH 9. Potentially harmful program Tool.IT Assessment: 1. It seems that the first three are all the same type of virus. A “Win/DH is a malicious software that once it is executed has the capability of replicating itself and infect other files and programs”( Win/DH). They “can steal hard disk space and memory that slows down or completely halts your PC, corrupt or delete data, erase your hard drive, steal personal information, hijack your screen and spam your contacts to spread itself to other users” (Win/DH). To avoid the possibility of one, you should be careful of e-mail attachments especially if they are from an outside source, as well as download links on websites. Having a virus removing application such as AVG is essential to being able to remove these viruses before they spread. AVG is capable of detecting this virus while surfing the web and...

Words: 1494 - Pages: 6

Digital Forensic

...Laboratory Notes Laboratory Number: 1 Examiner Name: Date & Time Activity 2-2-2015 1:03pm 1:19pm 1:21pm 1:22pm 1:23pm 1:24pm 1:25pm 1:26pm 1:28 All steps performed on linux mint-17 32-bit, kernel 3.13.0-37 generic Tools used: dd (coreutils) 8.21, sha1sum (GNU coreutils) 8.21, xxd version 1.10, Eye of mate Image Viewer 1.8.1, Script version 2.20.1 Received the USB device from officer Linda Mood of the USSS Cyber forensics Team in an antistatic bag with tamper resistant tape. Her initials were written over the tape. I removed the USB flash drive from the bag. It was a 2GB black and green retractable Sony flash drive with the serial number of D33021. Using the mount command I confirmed that the USB had not mounted. Command: mount Using the date command I showed when I began the forensic work on the USB device. Sun Feb 1 13:21:34 EST 2015 Command: date Using the command fdisk I looked to see what the size of the device was and how much data was on the USB. It was shown to have 1MB or 1474560 bytes of information. Command: sudo fdisk -l Using the hash command sha1sum on the device I obtained the hash for the USB. 32b9fcb741aab43a4f80393d3df67c32c726924f /dev/sdb Command: sudo sha1sum /dev/sdb Using dd I was able to image the information from the USB device to another file named Ailes.case01.dd. Command: Sudo dd if=/dev/sdb of=Ailes/case01.dd......

Words: 1068 - Pages: 5

Lab 4

...Leando Henderson Jr NT1210 Lab Exercise 4.1.1 On page 107 the book explains that standards exist for the NIC and the cabling so that all networks and equipment would match up if not then you might buy a computer and it not fit your cabling on your network or vice versa. These standards exist so that all equipment would match up and networks could be simplified. Exercise 4.1.3 Shielded copper cable is currently best known for POE equipment. Security systems, Microphones, and other high end audio cables would be my best examples for a clear visual. This super expensive cabling is used for these types of applications because the shielding help to prevent the Electro Magnetic Interference to be more specific on a security system this shielding and braiding eliminates the false alarms that would occur if not for the shielding. Exercise 4.1.10 Multimeter : The purpose of a multimeter is to measure how much voltage or electrical signal that is currently being transmitted thru a cable or medium. A basic tool for any electrician or IT personnel Tone Generator: This equipment generates audio pulses to components. In the case of audio equipment testing, frequency response and sound evaluation are recorded. Pair Scanner: A Pair Scanner is used to find faults on cabling in a network. Time domain reflector (TDR): Used to locate faults in metallic cables (for example, twisted pair wire or coaxial cable). It can also be used to locate discontinuities in a connector,......

Words: 320 - Pages: 2

Cis 417 Week 4 Assignment 2 Forensic Lab Design

...WEEK 4 ASSIGNMENT 2 FORENSIC LAB DESIGN To purchase this visit here: Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 417 WEEK 4 ASSIGNMENT 2 FORENSIC LAB DESIGN Imagine the university that employs you as an information security professional has recently identified the need to design and build a digital forensic laboratory. You have been tasked with designing the lab for the organization. Write a four to five (4-5) page paper in which you: 1. Explicate the steps you would take to plan a budget for the lab, keeping in mind the general business objective to avoid unneeded costs. 2. Recommend the physical requirements and controls that you would consider implementing in order to keep the lab safe and secure. 3. Identify at least three (3) hardware and software tools that you would include in the design of the lab and explain your reasons behind your choices. 4. Identify the high-level criteria that would be considered when selecting the forensic workstations to be utilized. More Details hidden… Activity mode aims to provide quality study notes and tutorials to the students of CIS 417 Week 4 Assignment 2 Forensic Lab Design in order to ace their studies. CIS 417 WEEK 4 ASSIGNMENT 2 FORENSIC LAB DESIGN To purchase this visit here: Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 417 WEEK 4......

Words: 640 - Pages: 3

How Dennis Was Identified Using Digital Forensic

...HOW DIGITAL FORENSICS WAS USED TO IDENTIFY RADER (Student’s Name) (Professor’s Name) (Course Title) (Date of Submission) Introduction Dennis Lynn Rader’s case remains the longest case to be handled ever taking almost 30 years. His case was opened when he handed in a computer floppy to the police. Careful forensics carried out on the floppy revealed a document that had been edited by someone by the name Dennis in computers at the Christ Lutheran Church. This led to physical location of the suspect. To nail down the suspect as the BTN killer, DNA tests were carried out on Rader’s daughter, Kerri Rader and it was found to be matching. Comparing this to the DNA tests from the murder cases BTN killer emerged to be Rader. This was enough evidence to convict Rader for 10 murder cases. Digital evidence uncovered from the floppy disk Immediately Rader sent a floppy to the police containing Microsoft word document, the floppy was handed over to the computer forensic experts at the FBI for examinations. Inside the floppy was a file called “Test A.RTF.” The contents of the file read “This is a test. See 3x5 Card for details on communication with me in the newspaper.” The message referred to the card that was inside the same box that had the floppy. The officers further recovered a word document that had been deleted on the drive. Careful examination on the properties of the retrieved document showed that the document which had been modified on February 10th 2005 and......

Words: 724 - Pages: 3

Lab 4

...Lab 4 Daniel Torres NT1410 Mr. Kay 1/28/2016 Virtual Lab Tour The first difference I did take notice was the entirely different look that it brought up. With Windows 10, we have the start menu, which in my case, is a reason I love Windows and its OS. Ubuntu doesn’t have one, but it is still manageable. The office applications it comes with is pre-installed and works just as fine as it would with Windows. Spreadsheets to Word, it is all in there with no hassle. The office suite that really makes the difference in both configurations is the look and feel. With icons being changed and a different feel about it. The windows landscape of it changing the closing current window bugs me because it is on the left rather than the normal right I am used to. Although Ubuntu office software is limited and only most used applications for that suite would be used on everyday uses, it doesn’t compare to that of Windows 10. The dash home environment from Ubuntu brings up limited content that you would use immediately, but not the essentials in Windows 10. I would like to implement the Start Menu to Ubuntu as many users in the Windows 8 community did not like the fact that Microsoft took the number one feature out. The installation of Ubuntu differed on the fact that it took quite some time to install and the student next to me had a problem himself though. It sent him into terminal rather than the GUI interface of the desktop. I had no issues on my part, other than......

Words: 278 - Pages: 2

Project 1 - Ccjs 321 Digital Forensics

...INCIDENT rEPORT CCJS 321 – Digital Forensics | Stan Vos Date of submission: FEB 5, 2016 | INCIDENT rEPORT CCJS 321 – Digital Forensics | Stan Vos Date of submission: FEB 5, 2016 | Project 1 - CCJS 321 Digital Forensics For the purposes of this project, imagine you are an Information Security (InfoSec) Specialist, an employee of the Makestuff Company, assigned to the company’s Incident Response Team. In this case, you have been notified by Mr. Hirum Andfirum, Human Resources Director for the Makestuff Company, that the company has just terminated Mr. Got Yourprop, a former engineer in the company’s New Products Division, for cause.  Mr. Andfirum tells you that at Mr. Yourprop’s exit interview earlier that day, the terminated employee made several statements to the effect of “it is okay because I have a new job already and they were VERY happy to have me come from Makestuff, with ALL I have to offer.”  Mr. Yourprop’s statements made Mr. Andfirum fear he might be taking Makestuff’s intellectual property with him to his new employer (undoubtedly a Makestuff competitor).  In particular, Mr. Andfirum is worried about the loss of the source code for “Product X,” which the company is counting on to earn millions in revenue over the next three years.  Mr. Andfirum provides you a copy of the source code to use in your investigation.  Lastly, Mr. Andfirum tells you to remember that the Company wants to retain the option to refer the investigation to law enforcement in...

Words: 1700 - Pages: 7

Project 2 - Ccjs 321 Digital Forensics

...Project 2 CCJS 321 – Digital Forensics | Name Date of submission: FEB 14, 2016 | Project 2 - CCJS 321 Digital Forensics For the purpose of this Project, you are still the InfoSec Specialist for the Makestuff Company. Consider this project a continuation of the work you performed in Project 1. With the scenario in mind, thoroughly answer the following questions (in paragraph format, properly citing outside research, where appropriate): 1.      What permissions/authorities should you have before you search Mr. Yourprop’s former Company work area, and how would you document that authority? As the InfoSec Specialist, you wouldn’t be looking for a search warrant before going into his work area. “It is important to note that employers who conduct a search based upon suspected employee misconduct must be able to point to specific, objective facts that support this suspicion. They must also limit their search to areas where they can reasonably expect to find evidence of misconduct and must end their search once this evidence is recovered” (Wilson, 2008). We also have to take note that he is no longer an employee at this company. Before I actually go into his office, I would get a written document that gives me permission to search his former work area. In this document, I would want it to specify what would be looking for during this search. This document would tell me the exact scope of what I am allowed to search and the authority to search all of the......

Words: 1778 - Pages: 8

Assignment 4 Computer Forensics Tools

...Assignment 4 Computer Forensic Tools Derek Jackson Computer Crime Investigation Professor: Dr. Jessica Chisholm 03/06/2016 When purchasing computer forensics tools and resources for a company, you always want to make sure you are doing the necessary research and determining which of these programs are the best options for the company. This is very important job in any company as you are in charge of not only protecting the company’s data with these tools, but also recovering any information that may have been lost or deleted. There are many programs that are available that can be used to recover deleted files. Two of the programs that you could use are the MiniTool Partition Recovery and PC Inspector File Recovery. The MiniTool Partition Recovery is a free program that has a wizard-based interface which makes it very easy and straightforward to use and understand. You can point the MiniTool Partition Recovery at the problem drive, specify the area to be searched, and it will scan for the missing partition. Then a report will generate that will let you know what the program has found, and you can then recover that partition in a few seconds typically. The only downfall is that you won’t get a bootable recovery disk, so if the partition is damaged then the MiniTool Recovery program won’t be able to recover the deleted partition. The PC Inspector File Recovery allows you to be able to recover a full set of missing files on both FAT and NTFS drives. They are......

Words: 1005 - Pages: 5

Lab 4

...Lab 1 – Introduction to Science Exercise 1: The Scientific Method Dissolved oxygen is oxygen that is trapped in a fluid, such as water. Since many living organisms require oxygen to survive, it is a necessary component of water systems such as streams, lakes, and rivers in order to support aquatic life. The dissolved oxygen is measured in units of parts per million (ppm). Examine the data in Table 4 showing the amount of dissolved oxygen present and the number of fish observed in the body of water the sample was taken from and then answer the questions below. QUESTIONS 1. Make an observation – Based on the data in Table 4, describe the relationship between dissolved oxygen content and fish populations in the body of water. Discuss the pattern observed in the data set. Answer = as the Dissolved Oxygen goes up the greater the survival rate is for the fishes. The pattern for the Dissolved Oxygen goes up by two’s and the number of fish has a unique pattern when matched with the dissolved oxygen. Pattern (2, 4 ppm)…..the fishes decrease by one. (6, 8 ppm)……the fishes increase by 4 (10, 12 ppm)…the fishes increase by 3 (14, 16 ppm)….the fishes decreases by 4 18 ppm…..the fishes decreases by 5 2. Do background research – Utilizing at least one scholarly source, describe how variations in dissolved oxygen content in a body of water can affect fish populations. Answer = According to research the dissolved...

Words: 888 - Pages: 4

Digital Forensic Investigation Bsc Submission

...table must be placed on a single page, located as either the second or third page of your final assignment documentation.   Contents EXECUTIVE SUMMARY 2 AUTHORIZATION 3 IDENTIFICATION 4 COLLECTION AND PRESERVATION 5 Mr. Mike’s Work-Station 5 TTBANK Server 5 CHAIN OF CUSTODY FORM 7 EXAMINATION AND ANALYSIS 8 EVIDENCES RECOVERED 8 RECONSTRUCTION 11 RELATIONAL ANALYSIS 12 CONCLUSION & RECOMMENDATION 13   EXECUTIVE SUMMARY This is the case involving the staff of TTBANK that was suspected of misuse of company property due to that staff bragging about gaining access to privileged information to his colleagues that he should have otherwise not have gotten access to. The issue first came to the attention of Mr. Ali, the Enterprise Systems Administrator of TT Bank who had investigated silently to discover the identity of the staff and that the person was a member of the Loans Department and his name was Mr. Mike. What became particularly disturbing was that Mike worked in the Loans Department and should not have any access whatsoever to any Human Resources (HR) department files. The Enterprise System Administrator decided that the case should be investigated properly and hired a computer forensic expert from the APIIT FORENSIC LABOROTARY. Upon arrival, the forensic investigator was issued full authority to conduct the search and began conducting the investigation on site at TTBANK’s own work-station that was used by Mr. Mike immediately. The......

Words: 1635 - Pages: 7

Ricochet Rabbit Droop-a-Long | 2018 CJ Korea Express Superrace Championship | 微笑回应