Walden University FPSY 6135 CYB670 Project 3: Lockdown Digital Forensics Investigation Report

Document Content and Description Below

CYB670 Project 3: Lockdown Digital Forensics Investigation Report Group 5: Andy Croan, Jade Fleming, Christopher Pauling, Taniya Reed And John Washington University of Maryland Global Campus Prep... ared on: November 20, 2019 Prepared for: Dr. Ruth Parker Table of contents Lockdown 2 Introduction 3 Cyber Operations Risk Management 4 Intelligence Debriefing 7 Interim Network Modifications 9 Root Causes 12 SITREP 1 16 Conclusion 24 SITREP 2 28 Business Continuity Plan 28 Software Development Life Cycle 30 Recommendations 37 Lessons Learned Video 40 Forensic Investigation Report 40 Part 1- Basic Cryptography 41 Part 2-Password cracking and interception 42 Part 3- Ransomware and Malware 43 Digital Forensic Investigation 45 Security Assessment and Training 52 Conclusion 54 References 55 Appendix A: SITREP 1 57 Appendix B: SITREP 2 65 Appendix C: Software Development Matrix 68 Appendix D: Digital Forensic Lab 71 Introduction Before the start of the summit, the UK was required to set up a secure network. As the summit began, a response to anomalous network activity that was detected by the server. Following the activity summit, attendees were unable to gain access to the data needed for the Lockdown 3 conference. The computers utilized during the conference all have an error message stating, “Your Computer has been involved in Child Porn Activity, and has been locked down by the FBI and the justice department unless you pay the sum of $500 (FIVE HUNDRED DOLLARS)-in bitcoin or you will be arrested immediately! You have 48 hours to pay via email - [email protected].” After the error message was displayed, an emergency meeting was called to brief the attack. The UK team has put together a series of reports to handle this particular incident. This report consists of Cyber operations and risk management debriefing, Intelligence debriefing, lessons learned video, and a forensic investigation report. A detailed business continuity plan is also provided to establish current standings, reputation or brand damage, system availability problems, and technical support. Furthermore, recommendations regarding incident handling addressed within this report. Lockdown 4 Cyber Operations and Risk Management The degree of cutting edge innovation that is inherently demanded by today's culture for the simplicity to access everyday actions has become a double-edged sword. Indeed, being technically innovative is excellent, but comes with a severe liability, which is a degenerate actor whose technical aptitude is general past cutting edge. With this risk, new challenges arise when developing cybersecurity policies that can mitigate or minimize threats. A significant challenge for any organization will be ensuring quality software assurance. Software assurance is a method of infusing buoyancy that software and services are free from premeditated and unpremeditated vulnerabilities and that the software must also perform as intended. Expectations for the United Kingdom's government's computer network within the FVEY summit can fundamentally be broken down into four policies. Elude installing any software with pre-installed Malware. Ensure that no vulnerabilities or exploitable parts of the source code are in the code before implementing the software for operation. Make sure that imminent detections of any common vulnerabilities and exploits patched. Lastly, certify that the exploitable software that puts the stakeholder most at risk mitigated before its approval for operations. Software assurance is preemptive and plays a vital part in every step of the Software Development Life Cycle. The Software Development Life Cycle is a methodical procedure utilized by the software industry to design, develop, and test quality software, and its primary objective are to produce high-quality software that meets consumer's expectations. The SDLC recognizes the procedure required from the underlying survey to the final maintenance of the developed application or software. It encompasses a thorough plan describing how to cultivate, Lockdown 5 preserve, replace, alter, or enhance specific software. There are some vital elements of SDLC, which guarantees that the process works efficiently and appropriately. Each phase executes a significant role in the development of the overall system. The seven phases are as follows: Planning, System Analysis, System Design, Development, Testing, Deployment/Implementation, and maintenance. The exertion utilized to institute an information system exceeded by the efforts required for the maintenance of the system, which can cost a lot of money and time. The Software supply chain is considered a potentially significant security risk. Each piece of equipment may have several components sourced from various countries around the world. Foreign nations like China are known for manufacturing electronic components; this could pose a potential risk due to their ability to insert physical or software vulnerabilities into their components. There is a sufficient quantity of time from the end of the development cycle to the receiving end when an individual may attempt to tamper with a device. The vulnerabilities and the intrinsic risks of a system are critical to the confidentiality of data and stability. All networks are fundamentally at risk from malevolent nation-state actors, who tend to have a wide variation of motives and what seems to be infinite techniques. A network such as the United Kingdom government, which is known to contain sensitive data, is at a higher risk to face off with highly motivated and determined adversary. Vulnerabilities are the absence or weakness in protections within a network exploited. The discovery of the United Kingdom network during the FVEY's Summit had vulnerabilities that ultimately left it exposed to the possibility of becoming a victim of the following types of attacks. Distributed Denial of Service (DDoS), Man-in-the-Middle attacks, Malware is gaining access to the network, and finally phishing emails or links that work off of the chance of human error. Lockdown 6 Outlining the software options that are going to meet or exceed our organizations' requirements can become an overwhelming task. Mainly when dealing with a technically advanced antagonist, whose cyber-attack capabilities tend to progress faster than our defensive mechanisms, which is a significant factor as to why it is vital to guarantee that our security software remains the most applicable and up-to-date as possible. Therefore, the recommendation that we start utilizing Endpoint security software. This security software is a much broader concept including not just antivirus software, but various security tools embedded within, including Firewalls, HIPS system, White Listing tools, as well as Patching and Logging tools. All of these tools work within one program in order to safeguard the various endpoints of an organization and from numerous other forms of security threats. Before the Implementation of the recommendations, an understanding of the expenses supplementary to these enhancements is a requirement. There are periods within any association when it is suitable to go with the lowest appraised product that poses the capability of meeting marginal viable products; security software is not that period. Presently, that does not mean go out and buy the most inflated software there is and feel that the organization framework is 100% secure. A consistent methodology needs to occur. Furthermore, it is imperative to note there will be licensing fees supplementary to the software, and those fees based upon the total number of devices essential to have the software installed. https://youtu.be/6SakpwMwWpc Intelligence Debriefing Introduction Since the setup of independent FIVE EYE (FVEY) Alliance Summit networks, networks have been attacked and impacted operations. Over the last few days, several interim reports have [Show More]

Last updated: 1 year ago

Preview 1 out of 74 pages