Identifying Suspicious Software

In this step you access the virtual lab to demonstrate how to find and identify malware on a computer. Your team has extracted three processes from a memory image. It is unclear whether any or all of these processes are malware, so you show trainees how to upload them to an online service that offers multiple virus and malware scanning tools. After the service has scanned the processes, you explain precisely how to describe the results as you would in a formal forensic report. Was there malware? Which process(es) was/were contaminated? What type(s) of malware was/were evident? Again, be sure the results are in terms that a trainee or nonexpert can understand. Review your work carefully for accuracy and completeness. This will be the third section of the sample investigative report to be included in the job aid submitted in the final step of this project. Step 5: Summarize Password and Interception Attacks You have completed your demonstration of strategies for uncovering hidden or encrypted data, and for diagnosing contamination. There is one more subject that you want to address with the trainees, but it is difficult to demonstrate, so you will gather information and include it in the job aid. It is complex, so you are expecting many questions. The subject is password and interception attacks. You will need to describe the various classes of password attacks, including brute-force and dictionary attacks. You also want to explain the methods and benefits of offline password cracking. Finally, you want to explain how Windows authentication exchanges work, and how such exchanges may be sniffed and cracked to enable access to protected data. As you did in Step 1, prepare a 2-page job aid organized in bulleted form (APA format). Refer to in-class readings and outside resources for your content. Proper research and support of your explanations is an important aspect of this assignment. This part of your job aid should be 1 to 2 pages, and APA format should be used. Remember that trainees and other nonexperts are your target audience. Review your summary carefully for accuracy and completeness. You will include it in the job aid to be delivered when you have completed all the step of this project. You’re finally ready to assemble the job aid and send it to your supervisor for review! Step 6: Submit Final Assignment (Job Aid) Your final assignment is a job aid that consists of explanatory material and sample investigative reports. Each investigative report documents the steps and data resulting from a particular analysis. Requirements for the Job Aid (final assignment) The job aid should include four sections: 1. Explanatory material o Part I  Basic cryptography o Part II  Password cracking  Interception attacks b. Investigative report, part I  Analysis of four small partitions extracted from a suspect’s hard drive. Your analysis will assess the nature of each partition—specifically, whether each partition is encrypted, compressed, wiped, or none. c. Investigative report, part II  Analysis of three files extracted from a suspect’s hard drive. Your analysis will identify any information hidden in the files, how you found the hidden data, and where it was hidden. d. Investigative report, part III  Analysis of three executable processes extracted from a snapshot of a suspect’s computer memory. Your analysis will use open source tools to identify known malware in any of the processes. Submit the completed job aid to your supervisor (instructor) for evaluation. FYI: This project will require more than 10 pages with the labs, however actual writing from the writer will be no more than 10 pages. Writer will need my online portal log in information. Once a writer is assigned my information will be provided to that writer. Please use the portal to look over all the resources and labs that are needed. FYI: THIS IS A JOB AID, NOT A RESEARCH PAPER.