Category: Cyber Security

One of your clients at your cybersecurity company believes their personal computer may be infected with some software that is slowing it down significantly and may be a security threat. After not finding anything using antivirus software, they have asked if you could examine the computer. You and your client have agreed that you will review log files to see if you can find anything suspicious.

First, complete the following steps to acquire and analyze the log files and document your process (assume there is a chance your work could end up being used as evidence in a court of law):

1. Identify a Windows or Mac computer where you have administrative privileges (this computer will serve as your clients computer for this assignment).
2. Identify at least 6 different log files you acquired from both the computer and other related networking devices such as routers, switches, firewalls, IDS, and servers.
3. Make copies of the log files.
4. Decide if you will analyze the original log files or the copies and document the reasons for your choice.
5. Identify 2 different free software tools to help manage or acquire log files and download them.
6. Utilize the software to acquire at least 6 log files and analyze the log files to ascertain the security posture of the computer and related hardware.
7. Document the chain of custody of the log files and if the log files meet the standards of evidence.
8. Take notes on any additional conclusions you can draw from your analysis of the log files.

Second, convert all of your documentation into a 1- to 2-page report on the security posture of the computer based on the analysis of the log files that also does the following:

1. Discusses the challenges that forensic investigators face when acquiring and analyzing log files (for example, consider ways the log files could become inadmissible in court).
2. Examines the software you used, if they were successful and helpful in acquiring and analyzing log files, and if you would recommend them to other forensic investigators.

Cite any references to support your assignment.

Format your assignment according to APA guidelines.

Submit your report.

For this assignment, you will provide constructive feedback on three (3) of your classmates’ Insider Threat Training Module Drafts.

Peer Review Template

REVIEWER NAME: [Your Name]
REVIEWEE NAME: [Peer’s Name]

1. LEARNING OBJECTIVES ASSESSMENT (Required – minimum 100 words)
Evaluate how effectively the training module’s learning objectives address
insider threat awareness. Are the objectives clear and appropriate?

2. CONTENT EVALUATION (Required – minimum 100 words)
Assess the training content. Is it engaging, informative, and likely to achieve
the stated learning objectives? Provide specific examples.

3. SCENARIO AUTHENTICITY (Required – minimum 75 words)
Comment on the realism and relevance of any scenarios or case studies included.
Do they effectively illustrate insider threat concepts?

4. IMPROVEMENT SUGGESTIONS (Required – minimum 100 words)
What specific recommendations would you make to strengthen this training module?
Offer at least two concrete suggestions.

5. OVERALL RATING
On a scale of 1-5 (5 being highest), how would you rate this training module? [ ]

Briefly explain your rating: [2-3 sentences]

You have been assigned as part of the Computer Security Incident Response Team (CSIRT) at MedSure Health Systems. The SOC has flagged suspicious outbound connections from a workstation belonging to Dr. Salma Rahman, a clinical data analyst. These connections appear to be directed toward an unknown external IP address (203.0.113.77), raising concerns of unauthorized data exfiltration. In this assignment, your task is to mimic a real-world investigation by preparing professional forensic documentation, analyzing network evidence, and drawing conclusions about the possible attack. You will apply the forensic methodologies covered in In-classes and lab sessions, supported by Guide to Computer Forensics and Investigations, 6th Edition (Nelson & Phillips).

Investigating Unauthorized Data Exfiltration at MedSure Health Systems

Description for Students

You have been assigned as part of the Computer Security Incident Response Team (CSIRT) at MedSureHealth Systems. The SOC has flagged suspicious outbound connections from a workstation belonging to Dr. Aisha Rahman, a clinical data analyst. These connections appear to be directed toward an unknown external IP address (203.0.113.77), raising concerns of unauthorized data exfiltration.

In this assignment, your task is to mimic a real-world investigation by preparing professional forensic documentation, analyzing network evidence, and drawing conclusions about the possible attack. You will apply the forensic methodologies covered in In-classes and lab sessions, supported by Guide to Computer Forensics and Investigations, 6th Edition (Nelson & Phillips).

Incident Timeline

1.Monday, 09:05 am SOC detects an unusual spike in outbound traffic from Dr. Rahmans workstation to 203.0.113.77 over port 443 (HTTPS). 2. Monday, 09:45 am Firewall logs reveal multiple failed login attempts followed by a successful remote login from an IP address registered in South America. 3.Monday, 10:30 am IDS triggers alerts suggesting possible large encrypted file transfers leaving the network. 4. Monday, 12:15 pm Endpoint security detects a suspicious executable running under Dr. Rahmans user profile. 5. Monday, 01:00 pm CSIRT activates full forensic investigation, beginning with containment and evidence preservation.

Assignment Questions

Question 1:

Prepare a Chain of Custody Form for the evidence collected in this investigation. Include the following:

Description of each evidence item (e.g., workstation hard drive, firewall logs, IDS alerts).

Methods used to preserve the evidence (e.g., imaging, hashing).

Documentation steps to maintain integrity.

(Hint refer to: (Nelson & Phillips, Ch. 2 & 4): Review procedures for evidence handling and digital evidence integrity.

Question 2:

Utilize various network forensic tools such as tcpdump, Wireshark, and NetworkMinerto simulate and analyze the captured network traffic.

Note: Document your findings and insights regarding the potential attacks, the behavior of the network during the incident, and any evidence that indicates data exfiltration or malicious activity. Include a detailed Incident Timeline to support your analysis

–> Hint (for students): Complete all steps outlined in Session 11 to effectively analyze the scenario and use the tools (Tcpdump, Wireshark, and NetworkMiner) for the simulation.

Question 3:

a) What network traffic patterns or anomalies would indicate potential data exfiltration? Discuss the key metrics and signs to look for in your analysis.

b) Discuss how attackers may try to disguise these patterns (e.g., tunneling through HTTPS, using legitimate cloud services).

for (b) Hint refer to: (Ch. 8): Look for discussion on covert channels and how abnormal traffic volumes or destinations stand out during analysis.

Question 4:

Reflecting on the MedSure case, write a short essay (approx. 500 words) discussing:

Key lessons learned in detecting and investigating insider or external-driven threats.

Importance of timely containment and responsein healthcare data breaches.

How forensic tools complemented threat intelligence analysis in this case.

Recommendations to prevent recurrence (technical + policy-based).

–> Hint refer to: (Ch. 13 & Case Studies): Consider how lessons learned feed back into strengthening the organizations incident response plan.

Expected Deliverables

Primary Report (PDF) Include Chain of Custody, analysis, answers to all questions, and final reflections. Name file: StudentName_StudentID.pdf.

Evidence Screenshots (ZIP) Contain screenshots from forensic tools (tcpdump, Wireshark, NetworkMiner) with brief captions. Name file: StudentName_StudentID_Screenshots.zip.

You will post one thread of at least 500- 1000 words. Foreach thread, you must support their assertions with at least 2 scholarlycitations in APA format. Each reply must incorporate at least 2 scholarlycitations in APA format. Acceptable sources include the textbook, peer-reviewedjournal articles, government sources, professional association websites, etc.Each original discussion will also require a biblical reference/quote (which isnot a part of the original source count). Each discuusion mush have between oneto two bible reference.

OVERVIEW

For this assignment, you will add a new section to your Risk Assessment: Part 1

Vulnerability Analysis Critical Infrastructure Assignment and label it Part 2. Do not get

rid of Part 1. Add to your existing table of contents and reference page at the end of the paper.

you will complete a Research Paper which will be a Comprehensive Examination of the WMD

(CBRNE) Threat. This paper will be exhaustive. You will provide the following using these

headings: historical reference points in WMD (CBRNE) use as weapons; critical infrastructure

and WMD use from a preparedness as well as mitigation perspective; an examination of each

CBRNE including this sub headings discussions (cover each group in their entirety before

moving on to the next): brief overview of each CBRNE as a group in other words C

Chemical weapons or agents; most common agents or weapons in the Chemical group; most

common delivery systems for this group; lethality and other pertinent facts that are specific for

this group; for each group discuss the impact, likelihood by probability and impact; do this for

each CBRNE group.

you dont need to do all report only this two parts below. Rest part Ill share here with you. Please AI or plagiarism. Thanks

• Any containment and eradication steps that you would have taken. (e.g. would you have requested that the web server be restored from back up?). Document these steps as if you had taken them (e.g. At 12:05pm the security team requested the web server be restored from previous clean back up)
• Lessons learned

Incident Report:

Write an incident report based on this assignment. Use the provided template from additional resources. The audience for this report will be your executive leadership and the affected business unit leadership.

As discussed in the report writing lecture, make sure to include (these are all sections in the template):

• An executive summary
• A detailed timeline of the incident. Include detail of the attack
• Any containment and eradication steps that you would have taken. (e.g. would you have requested that the web server be restored from back up?). Document these steps as if you had taken them (e.g. At 12:05pm the security team requested the web server be restored from previous clean back up)
• Financial impact
  • Include effort estimates for your investigation and the time resources from any other involved teams
  • Anything else you can think of that might have had financial impact
  • The numbers can be completely made up
• Lessons learned

Purpose

To assess learners ability to design a tailored security awareness campaign that addresses a specific security challenge within a healthcare organization. The assignment evaluates learners understanding of audience-specific communication strategies, use of appropriate delivery methods, and application of key security concepts from Chapter 7.

Associated Skills

• Security Awareness Strategy Development
• Audience-Centered Communication
• Critical Thinking and Problem-Solving
• Research and Technical Writing

Instructions

Concept: Security Awareness Campaign Development: You will develop a comprehensive security awareness campaign addressing a specific security challenge (e.g., phishing, password management, data handling). The campaign should include targeted materials for different audience segments (e.g., executives, technical staff, general employees) and utilize various delivery methods for a health care fitness and physical therapy company which has medical professionals present?

Make use of the key terms and concepts from the readings in Chapter 7 in your written responses. Your Campaign paper should be approximately five (5) pages of text with 1.5 line spacing, 10 point font, 1-inch margins, and citations in either APA or MLA style with a table of contents.

• Remember to critically analyze the topic and add substantial thought to the subject area when constructing your responses. Utilizing the resources provided in the mentioned chapters will enhance your understanding and response to the question.
• To illustrate your points, use concrete examples drawn from current events, historical instances, or personal experiences.

Submission Guidelines

• Submit your assignment by Tuesday at 11:59 p.m. ET.
• As you craft your assignment, visit UMGC resources that can help support your ideas and writing. One key point to consider is your . Another useful resource is the UMGC Academic Integrity Tutorial. In particular, you might visit and . Finally, before submitting, make sure you go through the process

After completing the assigned activities, take a screenshot showing that each has been completed. Paste these screenshots into a Microsoft Word document and submit them as evidence of completion.