Week_8_Lab_10_Performing_Incident_Response_and_Forensic_Analysis_4e_-_Jose_Peraza_Jr
.pdf
keyboard_arrow_up
School
American Public University *
*We aren’t endorsed by this school
Course
422
Subject
Information Systems
Date
Apr 29, 2024
Type
Pages
9
Uploaded by Rico21CMB on coursehero.com
Performing Incident Response and Forensic Analysis (4e)
Fundamentals of Information Systems Security, Fourth Edition - Lab 10
Student:
Email:
Jose Peraza Jr
jose.perazajr@mycampus.apus.edu
Time on Task:
Progress:
1 hour, 45 minutes
100%
Report Generated:
Saturday, April 27, 2024 at 9:09 PM
Section 1: Hands-On Demonstration
Part 1: Analyze a PCAP File for Forensic Evidence
10.
Make a screen capture
showing the Time Graph
.
Page 1 of 9
Performing Incident Response and Forensic Analysis (4e)
Fundamentals of Information Systems Security, Fourth Edition - Lab 10
16.
Make a screen capture
showing the details of the 2021-Jul-13 15:33:00 session
.
Part 2: Analyze a Disk Image for Forensic Evidence
6.
Make a screen capture
showing the email message containing FTP credentials and the
associated timestamps
.
Part 3: Prepare an Incident Response Report
Date
Insert current date here.
Incident Report 2024-04-27 17:45
Page 2 of 9
Performing Incident Response and Forensic Analysis (4e)
Fundamentals of Information Systems Security, Fourth Edition - Lab 10
Name
Insert your name here.
Jose A Peraza Jr
Incident Priority
Define this incident as High, Medium, Low, or Other.
High
Incident Type
Include all that apply: Compromised System, Compromised User Credentials, Network Attack (e.g.,
DoS), Malware (e.g. virus, worm, trojan), Reconnaissance (e.g. scanning, sniffing), Lost
Equipment/Theft, Physical Break-in, Social Engineering, Law Enforcement Request, Policy Violation,
Unknown/Other.
Compromised System/Compromised User Credentials
Incident Timeline
Define the following: Date and time when the incident was discovered, Date and time when the
incident was reported, and Date and time when the incident occurred, as well as any other relevant
timeline details.
Incident occurred 2021-07-01 16:05:00 MDT
Incident Scope
Define the following: Estimated quantity of systems affected, estimated quantity of users affected, third
parties involved or affected, as well as any other relevant scoping information.
Marvin’s email account is involved in the data theft incident. An email was sent from
marvin.johnson@outlook.com to evildr683 disclosing FTP server and credetials.
Systems Affected by the Incident
Define the following: Attack sources (e.g., IP address, port), attack destinations (e.g., IP address,
port), IP addresses of the affected systems, primary functions of the affected systems (e.g., web
server, domain controller).
FTP server’s publicly facing IP address (157.165.0.45) and valid credentials
Page 3 of 9
Performing Incident Response and Forensic Analysis (4e)
Fundamentals of Information Systems Security, Fourth Edition - Lab 10
Users Affected by the Incident
Define the following: Names and job titles of the affected users.
Marvin Jonson - Project Manager
Page 4 of 9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help