The
incident response center has been contacted by the President of the company. .
He has one simple request. He needs you to do some data recovery and recover some
data from a simple file. He also wants to know what happened to the file, in case
he is being “hacked”.
The
President has a personal USB flash device that contains a series of directories
with information that did not pertain to the company and he wanted to keep
separate from the information on the company’s servers.. One directory of
special interest is called SAINTBNK and includes an important file. The file
contains the account number. This number is required for him to access his
off-shore bank online. The bank is on the Island of Guernsey and is not readily
accessible. To minimize money laundering, the bank rules require an in-person
visit to obtain details of a specific account, including the account number. The President is unable to travel to the
island at this time but needs to access his account to make payments on his
private plane. The files are not encrypted as the USB rarely leaves the
President’s office and does not contain any official company confidential
information..
The
President had given the USB to the company accountant to work on another issue,
but the accountant accidently reformatted the USB drive. Now the files are no
longer readable. He did not want to use the company resources initially, so he
had a private forensic expert came in and they made an image of the file.
However, the President did not trust him to retrieve the data as he believes
the account number to be very sensitive and the expert was boasting about his
knowledge of bank hacking. The image is attached.
The
President states that he needs that 18 digit account number (3 sets of 6 digits
separated by hyphens). The file is
*very* important and he would like to recover the file exactly as it was.
Your assignment is to look at the file image and recover the file using ant
forensic tools. You will also prepare a detailed report for the President that
includes the following:
-
The
account number ; -
A
description of your hypothesis as to what happened to make the file
“disappear”; -
A
description of how you recovered the data; and -
A
recommendation on how he should protect his account number that would prevent
this problem from happening again.
If you cannot find the
account number describe the steps that you went through to find the data.
Note: I will function as the
“President” who lost the data and has contacted the incident response
center. Feel free to “interview me” and ask any further information
that you feel necessary, via email.
0 comments