Foundation in Computer Forensics (528) Final Write your name on this question pa

Foundation in Computer Forensics (528) Final
Write your name on this question paper and had over with the answer sheet.
You are investigating an incident in a company that is a startup and is responsible for doing research and find origins of extinct animals and civilizations. Seconaim in order to generate revenue for the company is to extract DNA and possibly recreate some of the species for entertainment and research. The company operates in very remote areas, could also be on different planets. Logistically you will need to possibly check many aspects of the company Keeping this a secret is utmost important. The company has an on-premise system and several movable/deployable labs. There is a fire in one of the deployable labs and before that there was a network intrusion detected in the main office. The possibility of network intrusion starting the fire is not clear. The intrusion could be internal or external. Keeping the above in mind please answer the questions below.
1. Explain each of the following keeping the above situation in mind (20)
a. b. c. d. e.
Vulnerabilityassessment
risk management
Network intrusion detection
Computer investigations
Possibility of sabotage
above incident how will the case flow be. Take a systematic approach. Start from
2. In the
the incident, Maker an initial assessment, Determine approach to the case? What will be the role for an Authorized requester? What are the tools you will use for each step? Do you think there are alternatives for each tool? (20)
The intrusion if internal what will be your steps to acquire the data for investigation from a windows machine that the signal originated? (10)
The intrusion if external what will be your steps to narrow down cause and acquire the data for investigation. How would you apply network forensics seize evidence starting from a search (10)
What equipment/software will you need for the above and how do you plan to use it. (10)
If there was no fire and only an email leak in the above insurance company how you will go about tracking it. A mobile phone is available as evidence (15)
There is a possibility that some blueprints stored as graphic files have been partially destroyed in the fire. They were stored on HDD. what will be your steps to acquire the data for investigation? How are you going to determine what has been lost? (15)