You are working for a very small company, Chester Digital Forensic n’ Stuff (CDFnS), which advertises itself as providing Digital Forensics to organisations amongst other things. The company has just set up, and the director has employed you as its sole Cyber Security Specialist who has training across the field of cyber security. CDFnS, being new, has no formal procedures yet laid out for anything. CDFnS has just been contracted by a company, Thornton Delivery Services (TDS), to provide them support in identifying a suspected data breach at TDS.
About Thornton Delivery Services (TDS)
TDS is a national delivery company based at Thornton Science Park. They employ 50 staff including administration, drivers, and warehouse workers. Their system is reliant on IT systems. Their Business Systems comprise of the following:
• 1 Windows Server 2019 server running: o Active Directory o Roles: DNS, DHCP, File Server o Default logging o Financial software for tracking and accounting o Asset software for tracking parcels
• 1 Debian 8 (Jessie) Linux Server for backup of files off the Windows Server
• 20 in-house client computers which are used primarily by the administration staff, who underpin the day-to-day operations. These are a variety of different Operating Systems in use. To date this comprises of the following deployment: o 15x Windows 10 o 2x Windows 7 o 3x macOS Big Sur
TDS Data Breach
The Administrator occasionally looks at internal traffic stats for fun in the odd month he is not overworked, and this time, on looking at stats over the previous months, he had noticed something suspect: The Administrator at TDS noticed that there had been a lot of traffic from the Windows Server 2019 firstly to one of the internal Windows 7 client machines, and then by the next day out directly from the Server to the Internet. When the data went to the Windows 7 client machine, and out from the Server, it went late in the evening. The Windows 7 client’s user was at home at both times.
The Administrator is not experienced in analysis of logs or in digital forensics.
You need to act swiftly to preserve as much evidence as you need to uncover what is going on. TDS is not expecting any downtime at the moment. Describe and critically analyse the approach you will take from a technical perspective to develop an understanding of what has happened. What will you request access to, and how will you use that data or information provided? Consider multiple possibilities without coming to early conclusions. Establish some sort of process and express it possibly with the help of a diagram, flow chart, or other. Identify any tools you may use, including built-in tools. Remark upon the impact on the business of the approach(es) you decide to take.
CDFnS Makes Progress
Following Task 1, you find out that: Some logs have been deleted on the Server (the security logs that are normally viewable in Event Viewer). Thousands of logon attempts were made from the Windows 7 client to the Windows Server before successfully getting access to the admin account. These attempts were made from the client machine on the same evening that it was also downloading files from the file server under the user’s account, with access to limited number of files. Some logs have been deleted on the Windows 7 client. Once the attacker had gained access to the Server admin account, he could access any files on the file server, and more confidential files were accessed. Neither the Windows 7 client nor the Windows Server 2019 have been rebooted since the event. You propose to take a memory dump and copy of the hard disks for each machine. TDS would like to get to the bottom of this, and accepts, even if they have to take the server offline overnight (for not more than 12 hours).
Click Here To Download
The post gg appeared first on AssignmentHub.
Save your time - order a paper!
Get your paper written from scratch within the tight deadline. Our service is a reliable solution to all your troubles. Place an order on any task and we will take care of it. You won’t have to worry about the quality and deadlinesOrder Paper Now