What uses could honeypots have in Law Enforcement?

or this discussion, find a recent article that involves either malware, a DDOS attack, or an underground economy aimed at providing tools to network attackers.

Give the URL, title, and brief description of the article, then answer the following questions:

What vulnerability did this attack or tool exploit?
Who was responsible for the attack or the tool?
What can be done to defend against the attack or the tool?
After making your initial post, respond to two of your classmates postings.
Journal Question:
What uses could honeypots have in Law Enforcement?
CJST 4524/6604 Network Security Spring 2015

Ann’s bad AIM

Anarchy-R-Us, Inc. suspects that one of their employees, Ann Dercover, is really a secret agent working for their competitor. Ann has access to the company’s prize asset, the secret recipe. Security staff are worried that Ann may try to leak the company’s secret recipe.

Security staff has been monitoring Ann’s activity for some time, but haven’t found anything suspicious– until now. Today an unexpected laptop briefly appeared on the company wireless network. Staff hypothesize it may have been someone in the parking lot, because no strangers were seen in the building. Ann’s computer, (192.168.1.158) sent IMs over the wireless network to this computer. The rogue laptop disappeared shortly thereafter.

“We have a packet capture of the activity,” said security staff, “but we can’t figure out what’s going on. Can you help?”

You are the forensic investigator. Your mission is to figure out who Ann was IM-ing, what she sent, and recover evidence including:

1. What is the name of Ann’s IM buddy?
2. What was the first comment in the captured IM conversation?
3. What is the name of the file Ann transferred?
4. What is the magic number of the file you want to extract (first four bytes)?
5. What was the MD5sum of the file?
6. What is the secret recipe?

Here is your evidence file:
evidence01.pcap
MD5 (evidence.pcap) = d187d77e18c84f6d72f5845edca833f5

This puzzle and others available at: http://forensicscontest.com/2009/09/25/puzzle-1-anns-bad-aim

What uses could honeypots have in Law Enforcement?

or this discussion, find a recent article that involves either malware, a DDOS attack, or an underground economy aimed at providing tools to network attackers.

Give the URL, title, and brief description of the article, then answer the following questions:

What vulnerability did this attack or tool exploit?
Who was responsible for the attack or the tool?
What can be done to defend against the attack or the tool?
After making your initial post, respond to two of your classmates postings.
Journal Question:
What uses could honeypots have in Law Enforcement?
CJST 4524/6604 Network Security Spring 2015

Ann’s bad AIM

Anarchy-R-Us, Inc. suspects that one of their employees, Ann Dercover, is really a secret agent working for their competitor. Ann has access to the company’s prize asset, the secret recipe. Security staff are worried that Ann may try to leak the company’s secret recipe.

Security staff has been monitoring Ann’s activity for some time, but haven’t found anything suspicious– until now. Today an unexpected laptop briefly appeared on the company wireless network. Staff hypothesize it may have been someone in the parking lot, because no strangers were seen in the building. Ann’s computer, (192.168.1.158) sent IMs over the wireless network to this computer. The rogue laptop disappeared shortly thereafter.

“We have a packet capture of the activity,” said security staff, “but we can’t figure out what’s going on. Can you help?”

You are the forensic investigator. Your mission is to figure out who Ann was IM-ing, what she sent, and recover evidence including:

1. What is the name of Ann’s IM buddy?
2. What was the first comment in the captured IM conversation?
3. What is the name of the file Ann transferred?
4. What is the magic number of the file you want to extract (first four bytes)?
5. What was the MD5sum of the file?
6. What is the secret recipe?

Here is your evidence file:
evidence01.pcap
MD5 (evidence.pcap) = d187d77e18c84f6d72f5845edca833f5

This puzzle and others available at: http://forensicscontest.com/2009/09/25/puzzle-1-anns-bad-aim