Question: Can briefly discuss how I got here. 1. The Cloud provider motioning the IDS noticed there was website scanning activity 2. The Cloud provider saw

Can briefly discuss how I got here.

1. The Cloud provider motioning the IDS noticed there was website scanning activity

2. The Cloud provider saw an IP Address scanning the website making an SSH connection

? SSH traffic is encrypted, so the analyst reviewing the logs was not sure about malicious activity

? Displaying the scanning activity and discussing that in the logs would be helpful

? please help me Explain where I can find these forensic artifacts on the system

> This PC > JESSE-OS (C:) > inetpub logs > LogFiles W3SVC1 (1 u_ex220226.log- Notepad ts File Edit Format View Help dc #Software: Microsoft Internet Information Services 10.0 # Version: 1.0 #Date: 2022-02-26 17:19:32 #Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-take 2022-02-26 17:19:32 127.0.0.1 GET / - 80 - 127.0.0.1 Mozilla/5.0+(Windows+NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0) +like+Gecko 200 0 0 175 2022-02-26 17:19:32 127.0.0.1 GET /favicon.ico - 80 - 127.0.0.1 Mozilla/5.0+(Windows+NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0)+like+Gecko - 404 0 2 21 2022-02-26 17:32:27 127.0.0.1 GET /hidden/admin.txt 80 - 127.0.0.1 Mozilla/5.0+(Windows +NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0)+like+Gecko - 200 0 0 2 (2022-02-26 17:32:27 127.0.0.1 GET /favicon.ico - 80 - 127.0.0.1 Mozilla/5.0+(Windows+NT+10.0; +WOW64; +Trident/7.0;+rv: 11.0)+like+Gecko - 404 0 2 57 2022-02-26 17:33:24 10.138.10.211 GET / - 80 - 10.138.23.18 Mozilla/5.0+(X11; +Linux+x86_64;+rv: 78.0) +Gecko/20100101+Firefox/78.0 - 304 0 0 4 - 2022-02-26 17:33:36 10.138.10.211 GET /hidden/admin.txt - 80 10.138.23.18 Mozilla/5.0+(X11; +Linux+x86_64;+rv: 78.0) +Gecko/20100101+Firefox/78.0 - 200 0 0 0 2022-02-26 17:38:51 10.138.10.211 GET /randomfilel - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) - 404 0 2 4 2022-02-26 17:38:51 10.138.10.211 GET /frand2 - 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows + NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.bash_history - 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows+NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.bashrc - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) 404 0 2 0 M2022-02-26 17:38:51 10.138.10.211 GET /.cache - 80 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.config - 80 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows+NT+5.1) - 404 02 0 2022-02-26 17:38:51 10.138.10.211 GET /.cvs - 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows +NT+5.1) 404 0 2 0 en 2022-02-26 17:38:51 10.138.10.211 GET /.cvsignore - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows+NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /. forward - 80 - 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows +NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.git/HEAD - 80 80 - 10.138.23.18 Mozilla/4.0+(compatible; +MSIE+6.0; +Windows + NT+5.1) - 404 0 2 0 2022-02-26 17:38:51 10.138.10.211 GET /.history 80 10.138.23.18 Mozilla/4.0+(compatible;+MSIE+6.0; +Windows +NT+5.1) - 404 0 2 0 80 e.l 54 - - x

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Computer Network Questions!

Today you want to endow a scholarship that will pay $8 000 per year forever, starting 10 years from now. If the school's endowment discount rate is 4%, what amount must you donate to endow the...

Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...

The following additional information is available for the Dr. Ivan and Irene Incisor family from Chapters 1-5. Ivan's grandfather died and left a portfolio of municipal bonds. In 2012, they pay Ivan...

1. Which of the following principles describes how a security analyst should communicate during an incident? A. The communication should be limited to trusted parties only. B. The communication...

All class members are expected to prepare a typed single-spaced ( 12 point Times New Roman font with 1 inch margins) 1-2-page summary (TWO PAGES ABSOLUTE MAXIMUM-may be bullet pointed) for any FOUR...

Case Study Alphabet Inc.: Reorganizing Google In October 2015, in an unexpected move, global technology giant Google Inc (Google) restructured itself as Alphabet Inc (Alphabet), a new holding company...

Please read the following case and answer the following questions analytically in detail with examples. Case: Alphabet Inc.: Reorganizing Google In October 2015, in an unexpected move, global...

Case: Alphabet Inc.: Reorganizing Google In October 2015, in an unexpected move, global technology giant Google Inc (Google) restructured itself as Alphabet Inc (Alphabet), a new holding company...

1. What are the most important 1-2 general environment factors to be considered for the INDUSTRY and what is their effect (positive-negative-neutral)? 2)What are the most important 1-2 of the five...

A for loop can iterate over a string in order to use one character at a time. Alter the code below to use a for loop and the string "2143" to recreate the same song. The new version should only...

Total number of cis N-Mn-Cl bond angles (that is, Mn-N and Mn - Cl bonds in cis positions) present in a molecule of cis-[Mn(en)Cl] complex is_ (en=NH,CH,CH,NH,)

Translate the following arguments into standard-form categorical syllogisms, then use Venn diagrams or the rules for syllogisms to determine whether each is valid or invalid. See Section 4.7 for help...

II Which of the following operators are linear? (1Mark) > LU = Ux + xUy > (ii) LU = Ux + U? y

Identify the issue under investigation, the population, and the sample in the following scenario. Then determine whether or not this sample is likely to be representative of the population. The...

5. The Fresnel Sine Integral. Use monotonicity, concav- ity, symmetry, singularities, and uniqueness to sketch various solution curves for the differential equation y = /2 sin x?. Then draw the graph...

You are managing a department where employees follow the same process for handling customer complaints every day. This process is likely part of a: Single-use plan Long-term plan Operational plan...

During the 2012 tax year, Irma incurred the following expenses: Union dues..............................................................$275 Tax return preparation...

Mike sells his home to Jane on April 2, 2012. Jane pays the property taxes covering the full calendar year in October, which amount to $2,500. How much may Mike and Jane each deduct for property...

The following additional information is available for the Dr. Ivan and Irene Incisor family. The Incisors own a rental beach house in Hawaii. The beach house was rented for the full year during 2012...

Examine the test statistic used in testing a population proportion. Why is it impossible to test the hypothesis that the population proportion equals zero using such a test statistic? Try to...

Discuss why it is necessary to use an estimate of the standard error for a confidence interval and not for a hypothesis test concerning a population proportion.

In an article in Business Week (Living on the Edge at American Apparel), Dov Chaney, the CEO of American Apparel, indicated that the apparel store industrys average sales were $1,800/7 ( $257.14) a...