Assignment DetailsYour individual project for this unit has you responding to management as the IT Team Lead concerning the malware scenario below.Scenario: LMJ-Ad corporate management has been informed by the network administrative team that there was a malware attack and infection overnight at the system level, now spreading to the network enterprise level, requiring the incident response team to take immediate action. The infection came from a malware attachment on a phishing email and was reported by a user with a priority trouble ticket. Initial interviews suggest the incident may have come from an internal employee.Provide the following for your investigative report:General Incident InformationCover Page (Page 1 – not counted in total page count):Date: Incident POC NameTime: Incident POC PhoneTime Zone: Incident POC EmailInitial IdentificationSection 1.0 (Page 1): Date, time, and time zone for first detectionExample: Threat identified 8/6/20; 11:34am; ETSection 2.0 Impacted Personnel (Page 1): List names and contact information for all persons involved in detection and initial investigationExample: Mr. John Doe; Incident Response Lead; 555-555-5656; Mrs. Jane Doe; Network Engineer; 556-557-5678Section 3.0 Incident Detection Specifics (Page 1; 2 paragraphs): How was the incident detected?Example: IDS/IPS/HIDS/NIDS alerts; Violation of user behavior baseline; security event threat detection; suspicious network traffic patterns; ransomware, or malware alerts from anti-virus/malware softwareSection 4.0 Threat Identification (Page 2; 2 paragraphs): What do you think the threat is?Example: Classification of threat is based on type of behavior analyzed either live or via logs, and recovered digital forensics dataSection 5.0 Infected Resources (Page 3-4; 2-3 paragraphs): List of systems and network components involved both at the system and network levels: System 1, 2, 3; Network component A, etc., and infections foundExample: Lenovo 20L5000; Serial #; IP Address x; infectionSection 6.0 Digital Evidence (Page 4-5; 2-3 paragraphs): Where can supporting evidence be found?Example: Location of log file, log file types, time stamps, screen shots, IDS reportsSection 7.0 Tools and Procedures (Page 5-6; 2-3 paragraphs): Describe the tools and procedures used for acquiring the media (ex., disk-to-disk, disk to image, sparse copy), thus creating the forensic image of the media for examination.
Are you looking for a similar assignment? Order now for an Amazing Discount! Use Discount Code “Newclient” for a 15% Discount!
INTRO to Cyber crime week 2 5-6 pages .