Asia Pacific University of Technology and Innovation DSF AICT006 DeaconBravery725

Document Content and Description Below

Table of Contents 1.0 Workload Matrix.............................................................................................................5 2.0 Abstract......................................... ..........................................................................................6 3.0 Introduction..........................................................................................................................7 4.0 Methodology and Tools Selection........................................................................................8 5.0 Technical Accuracy............................................................................................................17 6.0 Vulnerability Severity Levels.............................................................................................19 6.1 Critical Severity Vulnerabilities.....................................................................................19 6.1.1 Action to Prevent for Critical Severity Vulnerabilities...........................................20 6.2High Severity Vulnerabilities..........................................................................................20 6.2.1 Action to Prevent for High Severity Vulnerabilities...............................................21 6.3 Medium Severity Vulnerabilities...................................................................................21 6.3.1 Action to Prevent Medium Severity Vulnerabilities...............................................21 6.4 Low Severity Vulnerabilities..........................................................................................22 6.4.1 Action to Prevent Low Severity Vulnerabilities......................................................22 6.5 Information Alerts..........................................................................................................22 6.5.1 Action to Prevent Information Alerts......................................................................23 7.0 Vulnerabilities Assessment.................................................................................................23 7.1 MS09-050: Microsoft Window SMB2_Smb2ValidateProviderCallback () Vulnerability 7.1.1 What is SMB2.........................................................................................................23 7.1.2 Why it was there......................................................................................................23 7.1.3 How can it be Exploit?............................................................................................24 7.1.4 How to Patch it........................................................................................................27 7.2 CVE-2019-0708(Remote Desktop Services Remote Code Execution Vulnerability)...28 7.2.1 What is RDS Remote Code Execution Vulnerability..............................................28 7.2.2 Why it was there......................................................................................................28 7.2.3 How can it be Exploit?............................................................................................29 2 UCDF1709ICT Digital Security and Forensics-DSF Group Assignment 7.2.4 How to Patch it........................................................................................................31 7.3 MS17-010: Security update for Windows SMB Server.................................................33 7.3.1 What is Security update for Windows SMB Server?..............................................33 7.3.2 Why it was there?....................................................................................................34 7.3.3 How can It be Exploit?............................................................................................34 7.3.4 How to Patch It........................................................................................................35 8.0 Task 1 Conclusion..............................................................................................................37 9.0 Introduction Task 2.............................................................................................................38 10.0 Volatiles Data...................................................................................................................39 10.1Types of Volatile Data Collected from Ram Images.....................................................39 10.1.1 System Time..........................................................................................................39 10.1.2 Network Connections............................................................................................39 10.1.3 Command History.................................................................................................39 10.1.4 Running Process....................................................................................................40 11.0 Non-Volatile Memory (NVM)..........................................................................................41 11.1 Types of Non-Volatile Data Collected from the Images..............................................41 11.1.1Mechanically Addressed System............................................................................41 11.1.2 Electrically Addressed Systems............................................................................41 12.0 Evidence Gathering Strategy and Method.......................................................................42 12.1 Why Does the Investigator Need More Than One Tools to Create Memory Images?.42 12.2 Aforementioned Tools..................................................................................................42 12.2.1 Magnet RAM Captured.........................................................................................42 12.2.2Belkasoft Evidence Center.....................................................................................42 12.3 Memory Analysis Tools Available on Market..............................................................43 12.4 Comparison memory analysis tools and Justification memory analysis tools.............44 12.2.3 Advantages and Disadvantages.............................................................................45 13.0 Step by Step Data Gathering............................................................................................47 3 UCDF1709ICT Digital Security and Forensics-DSF Group Assignment 13.1 Flash Drive Preparation................................................................................................47 13.2 Preparation for Ram Captured.....................................................................................52 13.2.1 RAM Captured (Magnet Ram Captured)..............................................................58 13.2.2 RAM Captured (Belkasoft Evidence Center).......................................................59 13.2.3 Hash Value After Analyse.....................................................................................71 13.3 Preparation for Disk Image Captured..........................................................................72 13.3.1 Hash Value of the Disk Image...............................................................................79 14.0 Live Data Gathering.........................................................................................................81 14.1 Sysinternal....................................................................................................................92 15.0 Conclusion for Task 2......................................................................................................95 16.0 Self-Reflective..................................................................................................................96 16.1 Lee Sew Fun (Leader)..................................................................................................96 16.2 Soong Chuk Ming (Member).......................................................................................98 16.3 Ng Zheng Jue (Member)............................................................................................100 17.0 Conclusion......................................................................................................................102 18.0 Appendix........................................................................................................................103 19.0 References......................................................................................................................117 [Show More]

Last updated: 2 years ago

Preview 1 out of 128 pages