IRX Exercise 2 - IRX Exercise #2 - report Team 1:...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: IRX Exercise #2 - report Team 1: "Mila Gorodetsky" <[email protected]>, "Kiran Kumar Ballal" <[email protected]>, "Anusha Varshney" <[email protected]>, "Frank Wang" <[email protected]>, “Nicholai de Guzman” <[email protected]> Response summary: 1. On November 24th, 2010, at 15:10, Criminal Investigative Division (CID) has received a suspicious email from an anonymous source which has caused an investigation to be opened Our plan is to:-Look for installed programs, especially chat clients- Check the exchange server for other emails - Look for evidences of web- based chat 2. November 24th, 2010, 15:17, we run the trusted First Responders Evidence Disk (FRED) from the Tools CD on the bad guy’s computer to quickly collect as much live digital evidence as possible from our live Windows Server. 3. At 15:23 (same day), we calculate MD5 hashes for all the evidence files on bad guy’s computer (10.0.2.200) 4. At 15:29, On the forensic exam systems, we establish a netcat listener with elevated privilages4....
View Full Document

This note was uploaded on 01/11/2011 for the course INI 14-761 taught by Professor Chris during the Spring '10 term at Carnegie Mellon.

Page1 / 2

IRX Exercise 2 - IRX Exercise #2 - report Team 1:...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online