Late one night, a system administrator troubleshoots a network problem. He/she captures several minutes’ worth of network traffic to review with the protocol analyzer. While conducting the review, she notices some odd traffic. A user’s desktop has sent a well-formed packet to an obscure port on an unfamiliar IP address outside the company’s firewall. Shortly thereafter, one of the company’s research and development database servers transmits a packet that does not conform to any of the formats the company uses to the same IP address. Upon investigation, the administrator finds out that the IP address is associated with one of their competitors. Upon calling his/her supervisor, they are told to “just block the port”, however there is much more that can be done. Explain how you would have handled the situation.
2. You believe that your laptop has been used to make purchases of illegal drugs via the dark web. You live with 2 roommates and often leave your laptop lying around the apartment. What would you do– how would you use Digital Forensics to gather more information?
3.A customer at a bank in Chicago deposits a check. The bank video camera captures an image of the customer entering the bank branch and matches it against its database of customers. The image is time and date stamped. Later that day, the customer’s savings account is accessed via the Internet banking from an IP address in Italy. During a routine correlation of data, the apparent discrepancy is detected by the bank’s forensics system. How would you, as a computer forensics specialist, go about investigating the incident?
4.An accounting firm was conducting an audit of a publicly owned company when they came upon some accounting irregularities. The irregularities were serious enough to potentially necessitate a re-stating of earnings. Considering the many scandals currently blighting the corporate sector, the accounting firm wishes to confirm their findings before sounding any public alarms. The have hired you to conduct a large-scale data mining to get to the bottom of the irregularities. How would you, and your team, go about conducting a forensics data mining operation?
5. When the CEO of a major company opened his email one morning, he was shocked to see that overseas hackers were sending him confidential files from his own desktop hard drive. The hacker demanded hundreds of thousands of dollars as a “consulting fee,” and threatened to disclose the information and the weaknesses in the company’s security if the money (ransom) wan not paid. A professional computer forensics expert was hired to work with the client’s networking team, and they were able to preserve the evidence of the attack and assist in determining how the attack occurred. How do you think they went about doing that?