How can you tell what information an attacker has infiltrated from a network? Performing a forensic analysis of the compromised system will provide the cybersecurity professional with a road map of the attacker’s goals and compromises.
Using one of the exploited VMs that you compromised earlier in the class, perform a host forensic analysis on the specified virtual system that was compromised in the exploit topic of the course. At a minimum, include system logs and file system changes.
Respond to the following questions:
- What did the attacker do?
- What traces did they leave?
- Could you use your findings in legal proceeding? Why or why not?
Keep in mind that you exploited this virtual machine using Metasploit and a well-known vulnerability exploit tool. Ensure that you understand the evidence that these tools leave behind.
Document the analysis in a 500- to 750-word paper, taking screenshots as you go.
In addition, within the analysis, address the following questions. Refer to the required readings prior to addressing these questions.
- How could the “Kill-Chain Methodology” be used to prevent this type of attack in the future?
- Would the Diamond Model of Intrusion Analysis influence your analysis?
While APA style is not required for the body of this assignment, solid academic writing is expected, and documentation of sources should be presented using APA formatting guidelines, which can be found in the APA Style Guide, located in the Student Success Center.
0 comments