Extra Credit Option #1: 4% Understanding the Incident Response…

Extra Credit Option #1: 4% Understanding the Incident Response Mindset

Background Information

Cliff Stoll’s book “The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage” is revered as one of the first cases where forensic analysis was used to identify computer intruders. In the mid-1980s, the were ill-established computer forensic practices and Cliff Stoll’s book exemplifies this point. Through analyzing discrepancies in an accounting system, he then manages to identify anomalous network connectivity on his network. Throughout the book, you’ll learn how he tracked the hackers back to Russia and engaged with several key governmental players.

 

Objective

Gain a thorough understanding of the analytic mindset associated with computer forensics and the incident response process.

 

Assignment

Read and answer the questions below about “The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage” by Cliff Stoll.

A PDF version is on BB.
 

1) What is the book’s premise?

 

2) How did Cliff reconcile the accounting error? How long did the investigation take from start to finish?

 

3) How was the news of the intrusion received by the Lawrence Berkeley National Laboratory? What challenges did Cliff encounter in his hunt to identify the hackers and why is it important to get management buy-in before initializing such a massive incident response effort?

 

4) What computer systems and networks did the hackers break into? What operating system were these computers and networks running? What application did the hackers exploit? What type of files were they looking for?

 

5) What did Cliff do to identify the hacker’s presence on the network?

 

6) What private sector entities did Cliff contact to help in his investigation? How did they support him? What information did he need to provide them with to enable them to do their job?

 

7) What US Government entities were contacted to include other US National Labs? How did Cliff find their contact information? How was Cliff’s findings received by them?

  

8) What award(s) was Cliff given for his work?
 

9) How was the news of the intrusion received after it was made public?

 

10) What insights did this book provide you with as it relates to incident response and computer forensics? What processes are in place today to report such a crime/hack? What parties should be contacted?

 

11) How, if at all, do you think reading this book will help you in the future in both your academic career and post-graduation?

 

 

 

 

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Related Questions

Compensating Controls are alternatives to a countermeasure that are…

Compensating Controls are alternatives to a countermeasure that are used because the original control is too expensive or because of other restraints.Research the topic of compensating controls, and then give examples to the class. Please tell us what is good about the control you mentioned, and how it works, in

What additional information can be added to the comment below and…

What additional information can be added to the comment below and what two questions can i ask this person to keep the conversation going? A form of renewable energy is geothermal energy. The benefits of geothermal energy compared to fossil fuels are it can be accessed anywhere in the world,

 Question 1: Consider Kerckhoff’s principle. Do you agree with…

 Question 1: Consider Kerckhoff’s principle. Do you agree with this? Why or why not? What role does peer review play in the security of cryptographic algorithms?   Question 2: Why do you think AES allows three different key sizes, rather than simply using the longest and strongest? 

The NIST Definition of Cloud Computing Recommendations of the…

The NIST Definition of Cloud Computing Recommendations of the National Institute of Standards and Technology Peter Mell Timothy Grance   Definition  Objective  Standards  Model  Foundational Elements/Factors  Services  Advantages  Challenges   Your conclusion (present and future of Cloud Computing).  References                          

Business Continuity is key in a major organization, discuss the…

Business Continuity is key in a major organization, discuss the differences between Hot sites, Warm sites and Cold sites to include: the benefits and disadvantages of each, what factors must be considered in choosing between each service and which service you would choose for a small manufacturing business?

Using the NIST Cybersecurity Framework and the organizational…

Using the NIST Cybersecurity Framework and the organizational knowledge gained in the prior assignments, apply the Protect function to design a Security Awareness and Training Program. Specifically, the training should educate all staff on the need to secure network components to ensure network security for all hardware, software, and business

A foundational knowledge of the three tiers of cybersecurity…

A foundational knowledge of the three tiers of cybersecurity includes an understanding of hashing and the basic principles of digital integrity within a system. View the “3-2 Hashing Lab” video, located in Class Resources.  Part 1: Provide the following screenshots: MD5 hash SHA256 hash SHA512 hash Part 2: Write a

Research hybrid cryptosystems and discuss what their advantages and…

Research hybrid cryptosystems and discuss what their advantages and disadvantages are compared to symmetric and asymmetric cryptosystems. Discuss the hybrid cryptosystem in detail with a more in-depth analysis of the key encapsulation scheme and data encapsulation scheme. The write-up must be at most 300 words and include references and possible

-Plans of Action and Milestones (POAMS) contain Weaknesses,…

-Plans of Action and Milestones (POAMS) contain Weaknesses, Resources, Completion Date, Changes, Current Status, and _______________. (Fill in the blank). wrong answers: strategies, activities -When conducting an Assessment, the questions that are answered for controls are: Implemented Correctly, __________________, and Producing the Desired Outcome. (Fill in the blank). wrong answers:

Questions for “IPremier Company Denial-of-Service Attack (A)” Case…

Questions for “IPremier Company Denial-of-Service Attack (A)” Case   1. How well did the iPremier Company perform during the seventy-five minute attack? If you were BobTurley, what might you have done differently during the attack? 2. The iPremier Company CEO, Jack Samuelson, had already expressed to Bob Turley his concern

CYBERCRIMES   Explain the difference between cybercrimes and…

CYBERCRIMES   Explain the difference between cybercrimes and cyber-related crimes. On cybercrimes, define cyber trespass, cyber piracy, and cyber vandalism. On cyber-related crimes, explain the difference between cyber-assisted and cyber-enhanced crimes.   Search the media and find a recent event that has drawn the public attention and that can be

1….

1. https://law.justia.com/cases/indiana/court-of-appeals/2019/18a-cr-1714.htm  briefly summarize what impact you  think this case Larry J. Thomas v. State of Indiana  has on technology, as far as digital forensics, and what tools they used to extract evidence?    2. This week, we covered more details about gathering information from IoT and other non-traditional devices.

1) a. Define cloud computing . How does this new model for…

1) a. Define cloud computing. How does this new model for computing benefit users? What are the three basic components of cloud computing? What are the two most critical factors that determine the efficiency of cloud computing?   b. Explain why Apple’s Health App is a Web 3.0 application.   

Compare the NTFS, FAT, and EXT file systems in a cyber forensics…

Compare the NTFS, FAT, and EXT file systems in a cyber forensics point of view. Include points such as differences in these file system’s support, comparable features. Like which could be important to an investigation, different techniques or tools to analyze the associated information.