Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Sam, a system administrator, is surprised to see critical files missing from his

ID: 3745225 • Letter: S

Question

Sam, a system administrator, is surprised to see critical files missing from his office server. He suspects that the server is compromised, so he reports the incident to Bob, an information security officer employed with the same firm. As a certified forensic investigator, Bob knows exactly how to properly seize Sam's system and follow the basic procedures for investigating the case.

Bob investigates an imaged file of the server's hard disk. His investigation reveals the presence of a rootkit placed in one of the directories on the server. During the investigation process, Sam told Bob that he recalled downloading a patch management tool from a third-party source on the Internet. The rootkit could have been bundled with this tool.

a. What procedures would Bob use to seize and analyze Sam's hard drive?

b. Do you think that Sam might have violated the company's security policy by downloading software from a third-party source?

Explanation / Answer

a) Bob need to seize Sam's system and then seperate out the hard drive from the system. This is necessary to make sure that the malicious program doesn't spread out to other systems.
Bob need to ask Sam if there is any sensitive information which isn't backed up, still there in the hard drive. If there isn't any sensitive information on the hard drive then Bob should go ahead and format the system.
If there is any sensitive information present in hard drive then Bob should connect the hard drive to a secure system with antivirus. This particular system should be isolated from the main system. The required files should be copied and the hard drive should be formatted for safety.
b) Sam might have committed a mistake by downloading a third party source. But if the system allowed him to download a third party source and install the same then its not a mistake from Sam's side. The system should have had a good antivirus software which should have stopped this activity.
If there had been strong guildelines about which kind of softwares could be downloaded and installed and if somebody doesn't follow those rules then thats a security policy violation.

Related Questions

Sam is developing a business plan for starting Pizza business in Waltham. Sam sp
Question #2582385
Sam is developing a business plan for starting Pizza business in Waltham. Sam sp
Question #2610170
Sam is getting nervous about his ability to finish the 26 mile (42.2 km) race. H
Question #3520051
Sam is going to make your startup company selling hybrid three- wheelers. Sam is
Question #2613930
Sam is known to be the fastest worker in the mail room. He has worked in the mai
Question #232107
Sam is on Earth and sees two spaceships. Alpha and Beta, at a distance 30,000,00
Question #1500739
Sam is planning to invest in plantation stock market. His friend recommended thr
Question #3156022
Sam is planning to purchase a large number of DVD\'s from a producer in Clevelan
Question #3397861
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Sam, a single taxpayer, acquired stock in a corporation that qualified as a smal
Next
Sam, a typesetter, tried to organize a union in his nonunion printing shop. A ye

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.