wireshark investigation forensic group report

Online tutoring services

Need help with this question or any other Cyber Security assignment help task? Click on the button below to to hire an expert cheap.

answer the question on the assingment and write a report as a third person and writing report with title, introduction, APA referencing, conclution and explaning all the section include all screen shot from wireshark you have done it. in addition, I coudnt sent the wireshark data with assingment sheet so when you are going to start let me know I will send the file for you as well.

Get Help With a similar task to - wireshark investigation forensic group report

Login to view and/or buy answers.. or post an answer
Additional Instructions:
Network Intrusion Detection 55-502811 Assignment Specification 2019-20 GROUP FORENSIC REPORT Overview An organisation set up a honey pot in the hope of catching persistent hackers on their network. The honey pot was compromised several times. The traffic into and out of the honey pot was captured as a packet capture file (pcap). You will be provided with this file. In short, your assignment is to analyse and interpret this traffic and to identify malicious activity. To do this you will be using the distribution Security Onion. You must use Wireshark as the mail tool but, it’s likely you will want to use others too, but that is optional. By using Wireshark, you will to apply different features and comment on the following using Traffic Analysis Tools:- · Anatomy of the attack · Honeypot Environment and setting · Different display filters · How you read packets · How you identify metadata · Comment on packet headers · Identify and explain ARP requests, Responses · Any other artefacts You should specifically be looking for 2 main disparate attacks, from separate IP addresses. You may find others; if so, feel free to document those too. It is suggested you adopt the following approach. You should attempt to answer all the questions specified. 1. Identify Important Alerts Analyse the assignment.pcap file using Wireshark. Identify the main attack alerts and record your findings. Document and analyse the packet metadata using Wireshark. In summary, why did they fire? What are the crucial components in packet headers? What is the vulnerability the syntax is trying to protect and what is the compromise? 2. Track the attacker’s activities 2.1 Recommendation: Use a session analysis tool which creates a time ordered list useful for session reconstruction. Document everything that looks suspicious and try to explain why it occurred. Make a note of empirical and destination port numbers and relevant IP addresses. These will be useful when creating filters in Wireshark. Hint – what is port 443 used for? Is there anything unusual here? If so what? 2.2 Recommendation: Create a table with headings as shown in the following example and multiple entries related to your investigation. This can help focus the investigation. The table shown here is an example only and is NOT RELATED to your investigation. Date/Time IP address Ports Summary of attackers successful activity 09-12 10:10:18 220.180.44.190 192.168.1.2 1500 80 One of several failed buffer overflow attempt of Webserver 09-12 10:20:22 220.180.44.190 192.168.1.2 2822 80 Successful buffer overflow of webserver with ISS_USR privileges The following questions may help form you report:- · Most attacks aren’t successful first time; can you find any evidence of unsuccessful as well as successful ones? · Remember most attackers try and get shell access to a system, do you notice anything interesting in your examination? If a user gets access to a system they can perform numerous malicious activities, can you find evidence of any? · Do the attackers get access? If so what is the userid? How did you determine this? · What do the attackers do once in control? Evidence your theories. Hint: Hackers often want to elevate their user status once they get access. They also have a plan for the compromise, to make the server offer new services. They also want to give themselves easy future access using rootkits. It’s worth looking for this activity and documenting any you find. · Can you see any reconnaissance attempts? Hint – look for inbound SYN’s from the two attacking hosts. By definition these will occur before the attacks. 3. Write the report The syntax of the commands you use should be included in the report. Only the relevant sections of the tools output (with the most significant sections highlighted) need to be included in the report, in other words large bulky log dumps should NOT be included in you report. You may use screenshots, but their use should not be excessive and only used when demonstrating something highly relevant to the investigation. Your work should include an introduction discussing the direction and flow that your investigation will take and a summary highlighting the main findings of your work. REPORT STRUCTURE You should write your assignment as two separate reports, one for the group work (approx. 3000 words) and one for individual work. Below is a report structure you may find useful. 1. Title Page – Include course tile, assignment title, and name and student number 2. Introduction - Some background about the report and an introduce to the report (5) 3. The Report Body - to cover your findings on the analysis of sample traffic using different tools (40) 4. Conclusions (5) 5. Individual contribution – Peer Assessment - Reflection of your contribution to different tasks and activities (10) 6. References   Identifying individual Contribution In order to help identify individual efforts within the group all group members must contribute to a shared web log showing all the activities that the group have performed. The mechanism for doing this will be through the shared blogs facility on blackboard. It is essential that it is used frequently and accurately. Individual contribution section will need to include the details of the activities you have undertaken and reflect on them. The final grade received will be a combination of these two. Thus, it’s possible that not all members of the group will receive the same grade. I recommend that after each period of work for the assignment the web blog is updated to reflect your activities. You will also be required to complete a peer assessment form, and this must be submitted along with the report. You need to submit your reports via Blackboard as PDF or MS Word format on 08 April 2021 at 15:00. MARKING SCHEME

Related Questions

Similar orders to wireshark investigation forensic group report
22
Views
0
Answers
EEGR481 Network Security Fall 2021 Final Project

EEGR481 Network Security
Fall 2021
Final Project
Due date: 12/13/2021

The goal of your project is to try something new, and, perhaps, to contribute something to the field of cryptography. Projects should be done by an individual. And of course, you're encouraged to discuss possible topics with me during office hours. Here are some ideas for getting started on projects:

Select a paper from the cybersecurity literature, implement and test the approach described in that paper.

Take some publicly available code, apply it to an interesting dataset, and explore various extensions and modifications. You may also want to compare two or more systems. Merely running existing code on the data provided by the authors is not sufficient.

Design and implement a solution to a problem that interests you. It is OK to pick a problem related to your dissertation research, but be sure to formulate a clear short-term goal and desired outcome for the class project. Ideally, you should use the class project as an opportunity to try new techniques that you might not consider or have a ch...

71
Views
0
Answers
Network Security Final Project
Please read each bulletin carefully! The files are attached below. I have provided an example of a paper and how it should be formatted. Write a report that includes: 1. Title 2. Abstract 3. Introduction 4. Methodology 5. Results 6. Conclusions 7. References This project also includes programming, research, implementing a solution to a problem, etc...
49
Views
0
Answers
Computer Security principle and practice by William stallings 4th edition
Computer Security principle and practice by William stallings 4th edition. need the project done today and it its based mainly on the book mentioned above...
88
Views
0
Answers
Malware Protection Procedure Guide
Create a malware protection procedure guide that includes steps for installing and running anti-malware software. Fill in the following details to develop your procedure guide: 1. Provide a list of approved anti-malware software solutions—include at least three leading antivirus and two anti-spyware products. You may include Microsoft products and third-party products. Instruct users to select one antivirus and one anti-spyware product and install them on their computer. 2. Describe the process of: a. Ensuring anti-malware software and data is up to date. Mandate daily updates. b. Running regular malware scans. Mandate that automatic scans occur whenever the computer is idle. If that setting is unavailable, mandate daily fast scans and biweekly complete scans. 3. Provide steps to follow any time malware is detected. a. Immediate reaction—what to do with current work, leave the computer on or turn it off b. Who to contact c. What information to collect The procedure guide may be used by company security professionals in the future. Hence, all steps listed should be clear and self-explanatory....