Question: [9 points] You are working as a Digital Forensics and Incident Response Engineer for an enterprise in the finance sector. Cyber threat intelligence software warned
- [9 points] You are working as a Digital Forensics and Incident Response Engineer for an enterprise in the finance sector. Cyber threat intelligence software warned that hackers began to share your confidential customer data in some social media channels and private forums. The stolen data are supposed to be stored in the company database only. The network topology of the enterprise and the location of the internal database & web server are shown in the figure. Direct connections from the Internet to the database is supposed to be forbidden by firewall rules. There is a web application hosted by the Web server. Everybody can query the phonebook data stored in the database server using the public web application.
note :
It's not clear whether attackers are external entities or insiders. You are designated as the supervisor of the digital investigations group that will manage investigations and conduct forensic analysis of the systems and servers suspected of containing evidence related to the incident. To make an initial assessment about the type of case you're investigating, you are working with one engineer from the Vulnerability/Threat Assessment and Risk Management team, and one engineer from Network Intrusion Detection and Incident Response team. You want to make sure the source of attack firstly, so that you may focus your subsequent efforts to specific areas and points. Which security checks should you expect from the engineers? Please give at least three examples.
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help