Assignment Description You will create this assignment following the Assignment Detail instructions below. Review the tutorial How to Submit an Individual Project. Assignment Details Scenario: LMJ-Ad corporate management has been informed by the network administrative team that there was a malware attack and infection overnight at the system level, now spreading to the network enterprise level, requiring the incident response team to take immediate action. The infection came from a malware attachment on a phishing email and was reported by a user with a priority trouble ticket. Initial interviews suggest the incident may have come from an internal employee. Provide the following for your investigative report: General Incident Information Cover Page (Page 1 - not counted in total page count): Date: Incident POC Name Time: Incident POC Phone Time Zone: Incident POC Email Initial Identification Section 1.0 (Page 1): Date, time, and time zone for first detection Example: Threat identified 8/6/20; 11:34am; ET Section 2.0 Impacted Personnel (Page 1): List names and contact information for all persons involved in detection and initial investigation Example: Mr. John Doe; Incident Response Lead; 555-555-5656; Mrs. Jane Doe; Network Engineer, 556-557-5678 Section 3.0 Incident Detection Specifics (Page 1; 2 paragraphs): How was the incident detected? Example: IDS/IPS/HIDS/NIDS alerts; Violation of user behavior baseline; security event threat detection; suspicious network traffic patterns; ransomware, or malware alerts from anti-virus/malware software Section 4.0 Threat Identification (Page 2; 2 paragraphs): What do you think the threat is? Example: Classification of threat is based on type of behavior analyzed either live or via logs, and recovered digital forensics data Section 5.0 Infected Resources (Page 3-4; 2-3 paragraphs): List of systems and network components involved both at the system and network levels: System 1, 2, 3; Network component A, etc., and infections found Example: Lenovo 20L5000; Serial #; IP Address x; infection Section 6.0 Digital Evidence (Page 4-5; 2-3 paragraphs): Where can supporting evidence be found? Example: Location of log file, log file types, time stamps, screen shots, IDS reports Section 7.0 Tools and Procedures (Page 5-6; 2-3 paragraphs): Describe the tools and procedures used for acquiring the media (ex., disk-to-disk, disk to image, sparse copy), thus creating the forensic image of the media for examination. Provide name for assignment: For example: Pat_Jones_ITDI-372_Unit2.docx Please submit your assignment. Grading Rubric Assignment Description You will create this assignment following the Assignment Detail instructions below. Review the tutorial How to Submit an Individual Project. Assignment Details Scenario: LMJ-Ad corporate management has been informed by the network administrative team that there was a malware attack and infection overnight at the system level, now spreading to the network enterprise level, requiring the incident response team to take immediate action. The infection came from a malware attachment on a phishing email and was reported by a user with a priority trouble ticket. Initial interviews suggest the incident may have come from an internal employee. Provide the following for your investigative report: General Incident Information Cover Page (Page 1 - not counted in total page count): Date: Incident POC Name Time: Incident POC Phone Time Zone: Incident POC Email Initial Identification Section 1.0 (Page 1): Date, time, and time zone for first detection Example: Threat identified 8/6/20; 11:34am; ET Section 2.0 Impacted Personnel (Page 1): List names and contact information for all persons involved in detection and initial investigation Example: Mr. John Doe; Incident Response Lead; 555-555-5656; Mrs. Jane Doe; Network Engineer, 556-557-5678 Section 3.0 Incident Detection Specifics (Page 1; 2 paragraphs): How was the incident detected? Example: IDS/IPS/HIDS/NIDS alerts; Violation of user behavior baseline; security event threat detection; suspicious network traffic patterns; ransomware, or malware alerts from anti-virus/malware software Section 4.0 Threat Identification (Page 2; 2 paragraphs): What do you think the threat is? Example: Classification of threat is based on type of behavior analyzed either live or via logs, and recovered digital forensics data Section 5.0 Infected Resources (Page 3-4; 2-3 paragraphs): List of systems and network components involved both at the system and network levels: System 1, 2, 3; Network component A, etc., and infections found Example: Lenovo 20L5000; Serial #; IP Address x; infection Section 6.0 Digital Evidence (Page 4-5; 2-3 paragraphs): Where can supporting evidence be found? Example: Location of log file, log file types, time stamps, screen shots, IDS reports Section 7.0 Tools and Procedures (Page 5-6; 2-3 paragraphs): Describe the tools and procedures used for acquiring the media (ex., disk-to-disk, disk to image, sparse copy), thus creating the forensic image of the media for examination. Provide name for assignment: For example: Pat_Jones_ITDI-372_Unit2.docx Please submit your assignment. Grading Rubric