1. Assignment: Tools for Monitoring Changes to Files and Memory
Learning Objectives and Outcomes
• Examine a network and server monitoring solution in detail.
• Identify the solution's capabilities and benefits.
Assignment Requirements
You are a digital forensics intern at Azorian Computer Forensics, a privately owned forensics investigations and data recovery firm in the Denver, Colorado area. An enterprise client's network was recently attacked. Azorian was asked to determine the source of the attack and to suggest a solution for hardening the network, servers, and devices to prevent future attacks. It's important that the solution can detect changes to files and memory, which might indicate an attack, and allow files or memory to be checkpointed and restored to a preattack condition, if necessary.
Your manager needs your help researching various enterprise monitoring tools, and asked you to gather information about Tripwire and CimTrak.
For this assignment use the Internet to research Tripwire and CimTrak and answer the following questions:
1. What are three main features of Tripwire and CimTrak?
2. How do they detect external attacks?
3. Which operating systems do they support?
4. What are three business benefits of Tripwire and CimTrak?
Write a professional report that uses appropriate headings to organize information, and use bullet points to clearly delineate the most important information.
Required Resources
• Course textbook
• Internet access
Submission Requirements
Format: Microsoft Word
Font: Arial, size 12, double-space
Citation Style: Follow your school's preferred style guide
Length: 1 to 2 pages
2. Assignment: Windows Forensics
Learning Objectives and Outcomes
• Outline the proper steps to be performed in examining a laptop computer for evidence of a crime.
Assignment Requirements
You are an experienced digital forensics specialist for DigiFirm Investigation Company. The local police are investigating a man who they suspect is distributing child pornography. They have seized his laptop computer, which runs the Windows 7 operating system. The police are shorthanded and have contracted with DigiFirm to assist with the forensic investigation of the laptop. Chris, your team leader, has asked you to assist with the case.
There are several examinations you can complete on a computer running Windows 7. Before beginning any digital forensics investigation, it's a good idea to plan your approach.
For this assignment, write a report that outlines the steps to be performed in examining the laptop for evidence of the crime, in order of importance. Be sure to explain why certain steps must be performed before others.
Required Resources
• Course textbook
• Internet access
Submission Requirements
Format: Microsoft Word
Font: Arial, size 12, double-space
Citation Style: Follow your school's preferred style guide
Length: 1 to 2 pages