Title | INFO39207 - Fall 2018 - Assignment 1 - Incident Response Data Collection |
---|---|
Course | Advanced Information Systems Forensics and Electronic Discovery |
Institution | Sheridan College |
Pages | 3 |
File Size | 54.7 KB |
File Type | |
Total Downloads | 80 |
Total Views | 218 |
INFO39207 - Fall 2018 - Assignment 1 - Incident Response Data Collection...
Sheridan College
INFO39207 Assignment 1
Incident Response Data Collection
Description For this assignment you will collect data from live Windows and Linux hosts to mimic the type of collection performed during an incident response exercise. You will use industry standard tools to collect data from the two hosts and combine the data into a spreadsheet for later analysis.
Part 1 - Windows Host 1. Create a MS Windows virtual machine a. https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ b. https://developer.microsoft.com/en-us/windows/downloads/virtual-machines OR 1. Use a MS Windows host that you already have access to. THEN 2. Install Redline a. https://www.fireeye.com/services/freeware/redline.html 3. Using Redline, export to CSV a report containing system (OS) information, running processes, file system information, and network information. You may export additional information if you choose. 4. Take a screenshot of redline running on the host.
Part 2 - Linux Host 1. Create a Linux virtual machine 2. Install Google Rapid Response (GRR)
a. https://grr-doc.readthedocs.io/en/latest/ b. https://github.com/google/grr 3. Use the Linux virtual machine as both the “server” and “client” for GRR. 4. Create a GRR “flow” to collect the same data as you did in the previous section using Redline. You may need to create multiple flows to collect all the required information. 5. Export your flow data as a CSV containing system (OS) information, running processes, file system information, and network information. You may export additional information if you choose. 6. Take a screenshot of the GRR server window.
Part 3 - Reporting Combine the two CSV files into a single spreadsheet (Excel, Google Sheets, LibreOffice Calc). Use at least one sheet per host. You can split the data into additional sheets if you desire.
Evaluation 1. Windows data collection a. System info - 1 mark b. Process list - 1 mark c. File system info - 1 mark d. Network info - 1 mark 2. Windows screenshot - 1 mark 3. GRR data collection a. System info - 1 mark b. Process list - 1 mark c. File system info - 1 mark d. Network info - 1 mark 4. GRR screenshot - 1 mark 5. Spreadsheet - 5 marks Total - 15 marks
Submission Combine your screenshots, CSV files and spreadsheet into a single zip file and name it like this: lastname_firstname_assignment1.zip (.tar.gz is fine too). Upload your zipped archive to the SLATE dropbox for this assignment.
Due Date See the SLATE dropbox for due date....