Question

In this question, you are investigating a private sector case that involves a possible termination of an employee of a large commercial organisation. You have been given access to the employee computer on which some inappropriate files were discovered. The employee swears that he has never accessed these files. How would you proceed to investigate this case by analysing the computer employee has used, who has access to the computer and what other possible relevant directions that you consider?

Answer 1

Answer)

This could most likely be a malware attack along with a denial of service attack which is mostly a brute force attack that lead to stopping the user from using the system and working properly. The attacker checks for systems where malware programming can be implemented and the attacker would send it some traffic to the website or several requests to that of the database so as to make it unavailable for a temporary basis or permanently.

This involves tracing the machines back that triggered the traffic. Also there could be a high chance of IP spoofing that would have altered the actual IP during the attack.

One can also check the events that had been recorded in personal firewall software. The logs are to also be checked that would show many periods for intense network activity with multiple local hosts.

Tools needed for testing: network software, or the packet monitoring or that of firewalls.

Please comment in case you need any other inputs.
Please share a like if you find the answer helpful.
Thank you.