Instructions Outline ~ Network Forensics Assigement Requirements Proje

Instructions

Outline ~ Network Forensics Assigement Requirements
Project Assignment Actions Taken (provide complete documentation of your actions to complete the Project Assignment)
Glossary of Terms (include all relevant technical terminology )
References (APA/MLA format )
* Note: All graphics and illustrations shown in the report will include a figure number (i.e. Figure 1-2. The forensic operations) with a brief statement (i.e. Figure 1-2. The forensic operations) located underneath the illustration and/or graphic shown in the report. Start both the glossary of terms section and the reference section on a “new” page (i.e. page break).
Assignment
For this assignment you will document the sources of network-based digital evidence and the various types of forensic evidence recovered using all the show commands listed in Table 1.1 Sources of Network-Based Evidence [Switch] and Table 1.2 Sources of Network-Based Evidence [Router]
Table 1.1 Sources of Network-Based Evidence [SWITCH]
SWITCH
show mac-address-table
show history

show running-configuration
show hosts

show ip interface brief
show spanning tree

show vlan
show flash

show interface fa0
show users

Table 1.2 Sources of Network-Based Evidence [ROUTER]
ROUTER
show ip route
show startup-configuration

show arp
show version

show access-lists
show ntp

show cdp neighbors
show dhcp

show ip protocols
show clock

show logging
show interface

show ip route
show ip cache flow

Proceed with documenting the sources of network-based digital evidence after completing all of the show commands for selected subnets from your network topology (previously created in lab-1). Provide a complete response and/or include screen captures for each of the items listed below:
Include a screen capture of the completed addressing table in the report
Include a screen capture of the completed network topology in the report
The Network Forensics Investigative Methodological Framework: recovering and analyzing digital evidence from the various network sources will be completed so that the results are both reproducible and accurate. Therefore the network forensic investigator will employ the methodological framework of Obtain, Strategize, Collect, Analyze, and Report (OSCAR).
Document sufficient information about the incident and the environmentdescription, date, time, method of incident discovery, systems, data involved, and action taken
description of the network topology, and available sources of network evidence
Accurately access your resources and plan the investigationservers, end devices, LANs, WANs
consider volatile vs. non-volatile
create an evidence prioritization table and list the source of evidence, likely value, effort to obtain, expected volatility, and priority
prioritize and develop a plan for evidence acquisition based on available resources
Collect evidence from each sourcekeep a log of all systems accessed and all actions taken during evidence collection
record date, time, source, method of acquisition, investigator, and chain of custody
capturing packets, copying logs, or forensic images
track the source, method of acquisition, and the chain of custody to maintain relevance and reliability
action taken to preserver the evidence integrity of the evidence
cryptographically verifiable copies
Analysis processDocument and provide examples for the element of correlation where the data from different sources overlap
multiple data sources to build a timeline.
elements considered as events of interest.
corroboration through multiple sources any data that characterizes many sources of network logs
repeat until events are understood
educated assessments of the meaning of the evidence
Reportdocument and convey the results
understandable by nontechnical laypeople
defensible in detail
factual
detail summaries and high-level descriptions
Document and provide examples of when the data sources are complementary and contain evidence not found elsewhere.
Document the forensic value for each source of network-based digital evidence commonly found in organizations

ORDER A SIMILAR PAPER NOW