Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

An employee clicked an attachment of a phishing e-mail. Later, she discovered th

ID: 3911090 • Letter: A

Question

An employee clicked an attachment of a phishing e-mail. Later, she discovered that some of the crucial files from her computer were deleted and she cannot recover them from the Recycle bin. You are assigned to investigate the case and recover those files if possible. As the investigator, you may want to check whether the company has security policies regarding e-mail attachments. You may also want to identify a forensic tool for the investigation.explain how you would prepare the investigation and analyze the case. What steps would you take? What information would you need to find out? What tool(s) might you use?

Explanation / Answer

Answer)

When there is a phising attack happened.

The investingation would happen but before that there are ways which should be followed:

1) To activate the IR Procedure

2) To have the copy of the affected email (Phising email) with the header as well as original attachments.

3) For the threat intelligence the sites in web should be minned

4) The end user needs to explain the weird behavior of the system any to the investor.

5) Email box should be filtered for any similar kind of emails.

6) Internal systems should be searched for

7) To analyze the web logs (outbound) and proxy's

8) Reviewing the mail server logs

9) Reviewing the DNS logs

10) Checking the DNS, firewall, proxy and other logs if manipulated

11) Reviewing the activity of the affected user and also if the password is compromised the attacker would come back hence monitoring is a must.

Clean up the system which has the phising informations.

12) Checking the active sessions of the affected user.

13) Provide awareness training to users for being the smart skeptics.

The information one would need to find out are the DNS logs, mail server logs, firewall logs, active session logs, phising email and its attachments and affected user's mail id and details.

The tools and simulators one would use are:

SecurityIQ PhishSim, MSI simple Phish, LUCY, King phisher, Gophish, Duo Insight etc.

Hit like/ upvote if you find the answer useful. Your response is important to us and is much needed.

Hope this answer helps. Happy to help. :)

Related Questions

An elevator of mass m moving upward has two forces acting on it: the upward forc
Question #2205554
An elevator of weight W is initially at rest on the first floor of a building. I
Question #2058243
An elevator operates on a very slow hydraulic jack. Oil is pumped into a cylinde
Question #1816652
An elevator packed with passengers has a mass of 1950 kg. (a) The elevator accel
Question #1395337
An elevator repairman is working at the top of an elevator shaft 60.0 m above th
Question #2129310
An elevator repairman is working at the top of an elevator shaft 60.0 m above th
Question #2130177
An elevator repairman is working at the top of an elevator shaft 60.0 m above th
Question #2131530
An elevator repairman is working at the top of an elevator shaft 60.0 m above th
Question #2132396
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
An employee claims that drinking beer has no effect on the amount of time it tak
Next
An employee complains to a supervisor that a recent promotion violated the union

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.