ITEC4321 Module 14 Assignment

Computer Science Assignment 14

ITEC 4321 Module 14 Assignment

This assignment should take no longer than 3-6 hours to complete, but I am allowing a week of time for completion. This should account for varying schedules. All work submitted during this class should be of your own creation. “Cut-n-paste answers” are not acceptable and will not receive credit toward the assignments in this class.

Assignment Summary:

? Read Chapter 14 in the textbook

? Check for additional material posted in D2L

? Complete the activities below

Module 14 Assignment:

Instructions: Answers should be contained in either a single Word document or PowerPoint presentation. If using PowerPoint, only one answer per slide. Do not zip file before submission. Number your answers appropriately. If a question has multiple parts, be sure to number those as well (1b, 3c, etc.). If you are skipping an answer, number as usual and note “Question Skipped” or “Not Answered.” Keep answers in the order listed in this handout. For written responses, each answer should typically be around 200-250 words (1-2 nice paragraphs), well-written (proper spelling, punctuation, grammar, etc.), and cover the topic fully. Be sure to cite your sources (including the textbook)! If an answer requires a screenshot, please make sure that your screenshot shows all relevant information and is large enough to be easily legible. Points will be deducted if your submission is not properly formatted as detailed above.

Deliverables:

You are a digital forensics intern at Azorian Computer Forensics, a privately owned forensics investigations and data recovery firm in the Denver, Colorado area. Azorian is going to give a presentation to the local high school robotics and computer club on malware techniques and digital forensics.

You have been asked to prepare a presentation suitable to a high school audience that briefly describes several types of malware and some high profile attacks, and some techniques that forensic specialists use to detect malware.

For this assignment:

1. Create a professional PowerPoint presentation summarizing the following:

• Briefly describe each of the following:

o Viruses, worms, spyware, logic bombs, and Trojan horses

• For each type of malware, describe a recent attack that made the news.

• Describe some techniques used by forensic specialists to detect malware.

 

Use standard (i.e., easy to read) font styles -- no Comic Sans! For slide headings, use 32- point font size. For slide body, try to use 24-28 point but never less than 20-point.

Presentation length should be 8 to 12 slides, including title slide, summary slide, and citations slide. (40 points)

2. Log in to the JBLearning Cloud Labs and complete Lab 10: Conducting Forensic Investigations on System Memory. For deliverables, submit the following:

a) From Section 3: Challenge and Analysis, Part 1: Identify Malicious Connections, identify (list) the three processes that connected to 205.134.253.10:4444. What is the name and purpose of the software you discovered? (15 points)

b) From Section 3: Challenge and Analysis, Part 2: Identify Suspicious Outgoing Connections, take a screenshot showing the fixComputer.exe process, and all of those below it, in the pslist output. (15 points)

c) From Section 3: Challenge and Analysis, Part 2: Identify Suspicious Outgoing Connections, take a screenshot showing the output of the yarascan. (15 points)

d) From Section 3: Challenge and Analysis, Part 3: Identify Privilege Escalation, take a screenshot showing the output of your privilege comparison. (15 points)

NOTE: Upload the PowerPoint presentation for deliverable #1 as a separate file from deliverable #2. Deliverable #2 can be either a Word or PowerPoint file. Do not zip/compress files together before uploading to D2L.