And date and time when the incident occurred

Conducting an Incident Response Investigation (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 04

Section 1: Hands-On Demonstration

Conducting an Incident Response Investigation (4e)

Digital Forensics, Investigation, and Response, Fourth Edition - Lab 04

timestamps.

03-13-2022

Name
Insert your name here.

Malware

Incident Timeline
Define the following: Date and time when the incident was discovered, Date and time when the incident was reported, and Date and time when the incident occurred, as well as any other relevant timeline details.

Conducting an Incident Response Investigation (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 04

Systems Affected by the Incident
Define the following: Attack sources (e.g., IP address, port), attack destinations (e.g., IP address, port), IP addresses of the affected systems, primary functions of the affected systems (e.g., web server, domain controller).

Conducting an Incident Response Investigation (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 04

Section 2: Applied Learning
Part 1: Identify Additional Email Evidence
10. Make a screen capture showing the email from Dr. Evil demanding Marvin install a keylogger.

Page 5 of 9

Conducting an Incident Response Investigation (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 04

the port use is 2899. from the security department

9. Make a screen capture showing the registry key value associated with the keylogger and

17. Record whether Marvin interacted with or simply opened the keylogger.

Marvin actually interacted with the keylogger

May 2, 2022

Name
Insert your name here.

the incident type remain the same

Incident Timeline
Has the incident timeline changed? If so, define any new events or revisions in the timeline. Otherwise, state that it is unchanged.

Conducting an Incident Response Investigation (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 04

Systems Affected by the Incident
Has the list of systems affected changed? If so, define any new systems or new information. Otherwise, state that it is unchanged.

Conducting an Incident Response Investigation (4e) Digital Forensics, Investigation, and Response, Fourth Edition - Lab 04

Section 3: Challenge and Analysis

Page 9 of 9