This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: IRX Exercise #2 - report Team 1: "Mila Gorodetsky" <[email protected]>, "Kiran Kumar Ballal" <[email protected]>, "Anusha Varshney" <[email protected]>, "Frank Wang" <[email protected]>, “Nicholai de Guzman” <[email protected]> Response summary: 1. On November 24th, 2010, at 15:10, Criminal Investigative Division (CID) has received a suspicious email from an anonymous source which has caused an investigation to be opened Our plan is to:-Look for installed programs, especially chat clients- Check the exchange server for other emails - Look for evidences of web- based chat 2. November 24th, 2010, 15:17, we run the trusted First Responders Evidence Disk (FRED) from the Tools CD on the bad guy’s computer to quickly collect as much live digital evidence as possible from our live Windows Server. 3. At 15:23 (same day), we calculate MD5 hashes for all the evidence files on bad guy’s computer (10.0.2.200) 4. At 15:29, On the forensic exam systems, we establish a netcat listener with elevated privilages4....
View Full Document
This note was uploaded on 01/11/2011 for the course INI 14-761 taught by Professor Chris during the Spring '10 term at Carnegie Mellon.
- Spring '10