project case involving investigation of malicious activity

A new start-up SME (small-medium enterprise) based in Boston with an E-government model has recently begun to notice anomalies in its accounting and product records. It has undertaken an initial check of system log files, and there are a number of suspicious entries and IP addresses with a large amount of data being sent outside the company firewall. They have also recently received a number of customer complaints saying that there is often a strange message displayed during order processing, and they are often re-directed to a payment page that does not look legitimate.

The company makes use of a general purpose eBusiness package (OSCommerce) and has a small team of six IT support professionals, but they do not feel that they have the expertise to carry out a full scale malware/forensic investigation.

Problem

As there is increased competition in the hi-tech domain, the company is anxious to ensure that their systems are not being compromised, and they have employed a digital forensic investigator to determine whether any malicious activity has taken place, and to ensure that there is no malware within their systems.

Your task is to investigate the team’s suspicions and to suggest to the team how they may be able to disinfect any machines affected with malware, and to ensure that no other machines in their premises or across the network have been infected. The team also wants you to carry out a digital forensics investigation to see whether you can trace the cause of the problems, and if necessary, to prepare a case against the perpetrators.

The company uses Windows Server NT for its servers. Patches are applied by the IT support team on a monthly basis, but the team has noticed that a number of machines do not seem to have been patched.

Format: Use Times New Roman 12, 1 inch margin on all sides, and do not add too many bullet points. The report can be single or double spaced. Also minimum of 3 citations are required.

  • Your deliverable in this assignment is a minimum of 5 page report discussing how you would approach the Malware and Digital Forensics Investigation
  • NOTE: Cover page and Title pages, etc. are not included in the 5 page report
  • You should discuss a general overview of the methodology that you will use, and provide a reasoned argument as to why the particular methodology chosen is relevant
  • You should also discuss the process that you will use to collect evidence and discuss the relevant guidelines that need to be followed when collecting digital evidence

Report Format

You can use the following guidelines for the report:

  • Cover Page
  • Executive Summary
  • Purpose of Investigation
  • Methodology for Investigation/Evidence Collection
  • Electronic Media Analyzed
  • Other Investigation Details
  • Conclusion
  • References