{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

IRX Exercise 2 - IRX Exercise#2 report Team 1"Mila...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
IRX Exercise #2 - report Team 1: "Mila Gorodetsky" <[email protected]>, "Kiran Kumar Ballal" <[email protected]>, "Anusha Varshney" <[email protected]>, "Frank Wang" <[email protected]>, “Nicholai de Guzman” <[email protected]> Response summary: 1. On November 24th, 2010, at 15:10, Criminal Investigative Division (CID) has received a suspicious email from an anonymous source which has caused an investigation to be opened Our plan is to: -Look for installed programs, especially chat clients - Check the exchange server for other emails - Look for evidences of web- based chat 2. November 24th, 2010, 15:17, we run the trusted First Responders Evidence Disk (FRED) from the Tools CD on the bad guy’s computer to quickly collect as much live digital evidence as possible from our live Windows Server. 3. At 15:23 (same day), we calculate MD5 hashes for all the evidence files on bad guy’s computer (10.0.2.200) 4. At 15:29, On the forensic exam systems, we establish a netcat listener with elevated privilages su - ip addr add 10.0.2.100/24 brd + dev eth1 ip route add default via 10.0.2.1
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}