INFO39207 - Fall 2018 - Assignment 1 - Incident Response Data Collection PDF

Title INFO39207 - Fall 2018 - Assignment 1 - Incident Response Data Collection
Course Advanced Information Systems Forensics and Electronic Discovery
Institution Sheridan College
Pages 3
File Size 54.7 KB
File Type PDF
Total Downloads 80
Total Views 218
Preview
CLICK TO PREVIEW PDF
Summary

INFO39207 - Fall 2018 - Assignment 1 - Incident Response Data Collection...

Description

Sheridan College

INFO39207 Assignment 1 

Incident Response Data Collection

Description For this assignment you will collect data from live Windows and Linux hosts to mimic the type of collection performed during an incident response exercise. You will use industry standard tools to collect data from the two hosts and combine the data into a spreadsheet for later analysis.

Part 1 - Windows Host 1. Create a MS Windows virtual machine a. https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ b. https://developer.microsoft.com/en-us/windows/downloads/virtual-machines OR  1. Use a MS Windows host that you already have access to. THEN 2. Install Redline a. https://www.fireeye.com/services/freeware/redline.html 3. Using Redline, export to CSV a report containing system (OS) information, running processes, file system information, and network information. You may export additional information if you choose. 4. Take a screenshot of redline running on the host.

Part 2 - Linux Host 1. Create a Linux virtual machine 2. Install Google Rapid Response (GRR)

a. https://grr-doc.readthedocs.io/en/latest/ b. https://github.com/google/grr 3. Use the Linux virtual machine as both the “server” and “client” for GRR. 4. Create a GRR “flow” to collect the same data as you did in the previous section using Redline. You may need to create multiple flows to collect all the required information. 5. Export your flow data as a CSV containing system (OS) information, running processes, file system information, and network information. You may export additional information if you choose. 6. Take a screenshot of the GRR server window.

Part 3 - Reporting Combine the two CSV files into a single spreadsheet (Excel, Google Sheets, LibreOffice Calc). Use at least one sheet per host. You can split the data into additional sheets if you desire.

Evaluation 1. Windows data collection a. System info - 1 mark b. Process list - 1 mark c. File system info - 1 mark d. Network info - 1 mark 2. Windows screenshot - 1 mark 3. GRR data collection a. System info - 1 mark b. Process list - 1 mark c. File system info - 1 mark d. Network info - 1 mark 4. GRR screenshot - 1 mark 5. Spreadsheet - 5 marks Total - 15 marks



Submission Combine your screenshots, CSV files and spreadsheet into a single zip file and name it like this: lastname_firstname_assignment1.zip (.tar.gz is fine too). Upload your zipped archive to the SLATE dropbox for this assignment.

Due Date See the SLATE dropbox for due date....

Similar Free PDFs
INFO39207 - Fall 2018 - Assignment 1 - Incident Response Data Collection
  • 3 Pages
Incident Response, NIST - Summaries
  • 3 Pages
Traffic data collection methods
  • 56 Pages
Data collection planning
  • 1 Pages
Brac University Data collection
  • 5 Pages
Social Media Data Collection
  • 11 Pages
Response 1 - Weekly assignment.
  • 1 Pages
Data Collection - Lecture notes 1-2
  • 3 Pages
Q3-M6 3Is Data-Collection-Procedure-1
  • 34 Pages
NUR 3130 - Data Collection Tool
  • 27 Pages
7 Measurement AND DATA Collection
  • 10 Pages
Action Response Case - MOP Assignment 2018
  • 5 Pages
6 methods of data collection
  • 30 Pages
Patient Assessment Data collection sheet
  • 3 Pages
Fees fall 2018 fixed tuition fall 2018
  • 1 Pages
05-Polynomials- assignment FALL TERM 2018
  • 2 Pages
Popular Institutions