Case Study (10%): You are hired by JLA Enterprise to conduct a Forensic Examination after a network intrusion occurs at their corporate office. Your job is to determine the source of the network intrusion and provide as much information regarding the attack as possible. Here are some things to consider when explaining what happened during the network intrusion:
What time did the attack happen?
How did the hacker get into the network?
What computers were compromised?
What computers were accessed?
What data was extracted from the network?
What type of attack was conducted?
How long did the attacker have access to the network?
Is there any persistence on the network for future attacks?
You are asked to conduct a forensics examination of the network and provide a forensic report explaining what happened during the attack and what corporate data was compromised. The report should cover the above information, as well as create a timeline that shows the attack from the initial stages of the attack to when the data was extracted from the network.
Sample Solution
