You are hired by JLA Enterprise to conduct a Forensic Examination after a network intrusion occurs at their corporate office. Your job is to determine the source of the network intrusion
Case Study (10%): You are hired by JLA Enterprise to conduct a Forensic Examination after a network intrusion occurs at their corporate office. Your job is to determine the source of the network intrusion and provide as much information regarding the attack as possible. Here are some things to consider when explaining what happened during the network intrusion:
What time did the attack happen?
How did the hacker get into the network?
What computers were compromised?
What computers were accessed?
What data was extracted from the network?
What type of attack was conducted?
How long did the attacker have access to the network?
Is there any persistence on the network for future attacks?
You are asked to conduct a forensics examination of the network and provide a forensic report explaining what happened during the attack and what corporate data was compromised. The report should cover the above information, as well as create a timeline that shows the attack from the initial stages of the attack to when the data was extracted from the network.
Your submission should be about 3 to 5 pages (not including the title page and the references page) long in APA format with proper citations and references if you are using them. It will be subjected to checking against plagiarism. The final product must follow acceptable originality criteria (no more than 15% max total, and 2% per individual source match are allowed).
ISSC455-20-000X Forensic Report
JLA Phishing Attack
ISSC455 Digital Forensics:
Investigation Procedures and Response
<Temeika Williams>
<Professor Tawalbeh>
<October 23, 2022>
<Case Number: ISSC455-20-000X>
Documents Properties
|
Title |
ISSC455-20-000X Forensic Report |
|
Version |
1.0 |
|
Authors |
<Temeika Williams> |
|
Reviewed By |
<Professor Tawalbeh> |
|
Approved By |
<Professor Tawalbeh> |
|
Classification |
Confidential: For Educational Purposes Only |
Version Control
|
Version |
Date |
Authors |
Description |
|
1.0 |
<October 2022> |
<Temeika Williams> |
Final Draft |
Disclaimer
The information contained in this report, APUS ISSC455 Report JLA Phishing Attack, is intended for training and learning purposes only and is not for the purpose of providing digital forensic investigation recommendations. The scenario leading to this report is provided by Shanken Security Solutions and has been approved for use as Education Purposes Only. If this report is found, please delete, shred (if hardcopy) or report to [email protected] for further instructions if delete or shred are not available.
APUS AND PROFESSOR JOHNNY JUSTICE DISCLAIM ALL LIABILITY AND RESPONSIBILITY FOR ANY ERRORS OR OMISSIONS IN THE CONTENT CONTAINED IN THIS REPORT.
Contents Table of Figures 4 1.0 Scope 6 1.1 Purpose 6 1.2 Team Overview 6 1.3 Executive Summary 6 2.0 Narrative 7 3.0 Findings 9 3.1 Quick View 9 3.2 Email 1: Sabre Project – October 15, 2019 – 1938 hours 10 3.3 Email 2: Sabre Project – October 15, 2019 – 1947 hours 12 3.4 JLAENTREPRISE.com Domain Created – October 15, 2019 – 2054 hours 14 3.5 Email 3: Sabre Project – October 15, 2019 – 2258 hours 16 3.6 Email 4: Sabre Project – October 16, 2019 – 0653 hours 19 3.7 Email 5: Sabre Project – October 17, 2019 – 1123 hours 21 3.8 Email 6: JLA Enterprise and Sabre Project – October 17, 2019 – 1209 hours 23 3.9 Email 7: Sabre Project – October 17, 2019 – 1325 hours 25 3.10 Email 8: Sabre Project – October 17, 2019 – 1337 hours 27 3.11 Email 9: JLA Enterprise and Sabre Project – October 17, 2019 – 1431 hours 29 3.12 Email 10: Sabre Project Wiring Instruction – October 17, 2019 – 1443 hours 30 3.13 Email 11: Sabre Project Wire Transfer – October 17, 2019 – 1445 hours 31 3.14 Email 12: Sabre Project Wire Transfer – October 17, 2019 – 1459 hours 32 3.15 Email 13: Sabre Project Wiring Instruction – October 17, 2019 – 1506 hours 35 3.16 Email 14: Sabre Project Wire Transfer – October 17, 2019 – 1542 hours 36 3.17 Email 15: Sabre Project Wiring Instruction – October 19, 2019 – 1202 hours 38 3.18 Phishing Scam Sent to JLA Enterprise Consultant – October 19, 2019 – 2233 hours 41 4.0 Conclusion 42 4.1 Email 1: – June 01, 2019 – 0710 hours 42 4.2 Email 2: – August 02, 2019 – 1808 hours 43 5.0 Recommendations 44 Appendix A: Wiring Instructions (Fraudulent EAST HUN CHIU Account) 45
Table of Figures
Figure 1 – Email 1 – Michael SCOTT to Jim Halpert (Start of Phishing Attempt) 10
Figure 2 – [email protected] auto-forwards to [email protected] and SCOTT’s IPv6 address 10
Figure 3 – IPv6 Geographical Location – 2601:98a:100:57b:206f:26a1:323a:fb5c 11
Figure 4 – [email protected] auto-forwards to [email protected] and SCOTT’s IPv4 address 12
Figure 5 – IP Address Lookup Details – 83.110.250.231 12
Figure 6 – IPv4 Geographical Location – 83.110.250.231 13
Figure 7 – Email 2 – Michael SCOTT to Jim Halpert (Covering Mistake) 13
Figure 8 – MX Query – JLAENTREPRISE.COM 14
Figure 9 – Whois Information (jlaentreprise.com) 14
Figure 10 – IP Geographical Location – 50.63.202.52 (jlaentreprise.com) 15
Figure 11 – [email protected] email to [email protected]com and SCOTT’s IPv6 address 16
Figure 12 – Email 3 – Michael SCOTT to Dwight Schrute (Phishing Employee) 17
Figure 13 – Email 3 – Michael SCOTT to Dwight Schrute (Phishing Employee) (continued) 18
Figure 14 – IP Address Lookup Details – 23.239.21.243 19
Figure 15 – IPv4 Geographical Location – 23.239.21.243 19
Figure 16 – Email 4 – Jim Halpert (Counterfeit Account) to Dwight Schrute (Phishing Attempt) 20
Figure 17 – [email protected] used an IPv4 address from a location previously used by SCOTT’s email account 21
Figure 18 – IPv4 Geographical Location – 83.110.250.20 21
Figure 19 – Email 5 – Jim Halpert (Counterfeit Account) to Michael SCOTT and Dwight Schrute (Confirm Payment) 22
Figure 20 – [email protected] auto-forwards to [email protected] 23
Figure 21 – IPv4 Geographical Location – 192.155.90.47 23
Figure 22 – Email 6 – Dwight Schrute (Counterfeit Account) to Andy Bernard and Jim Halpert (Legitimacy) 24
Figure 23 – [email protected] to [email protected] 25
Figure 24 – Email 7 – Jim Halpert (Counterfeit Account) to Dwight Schrute (Correspondence over Email) 25
Figure 25 – Email 7 – Jim Halpert (Counterfeit Account) to Dwight Schrute (Correspondence over Email) (continued) 26
Figure 26 – [email protected] to [email protected] and [email protected] 27
Figure 27 – Email 8 – Andy Bernard (Counterfeit Account) to Dwight Schrute and Pam Beesly 28
Figure 28 – Email 9 – Dwight Schrute (Counterfeit Account) to Andy Bernard (Establishing Legitimacy) 29
Figure 29 – [email protected] auto-forwards to [email protected] 30
Figure 30 – IPv4 Geographical Location – 173.230.128.135 <a rel='nofollow' target='_blank' href='#_T
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
