Posted: December 8th, 2022

Forensic Report for JLA Enterprise

Forensic Report
You are hired by JLA Enterprise to conduct a Forensic Examination after a network intrusion occurs at their corporate office. Your job is to determine the source of the network intrusion and provide as much information regarding the attack as possible. Here are some things to consider when explaining what happened during the network intrusion:

What time did the attack happen?
How did the hacker get into the network?
What computers were compromised?
What computers were accessed?
What data was extracted from the network?
What type of attack was conducted?
How long did the attacker have access to the network?
Is there any persistence on the network for future attacks?

You are asked to conduct a forensic examination of the network and provide a forensic report explaining what happened during the attack and what corporate data was compromised. The report should cover the above information, as well as create a timeline that shows the attack from the initial stages of the attack to when the data was extracted from the network.

The final product must follow acceptable originality criteria (no more than 15% max total, and 2% per individual sourc
Forensic Report for JLA Enterprise
As much as technology has contributed immensely to the business world, it also comes with a great number of risks. The recent network intrusion on JLA Enterprise is an example of the threats that outside attackers pose on the firm. The enterprise’s information network is the biggest target for competitors and rivals alike to attack. On the 1st of September, 2019, at exactly 02:42 am, JLA Enterprise faced an external attack that caused serious damages to the business. In this era of technology, most companies are facing similar challenges in keeping up with information security. Businesses need to study previous attacks to learn protective strategies and strengthen their network.
The hacker got into the network through an unauthorized penetration against the information systems. In some cases, hackers may be located in other countries, and their activities may not violate their country laws (Wilhelm, 2013). At this moment, it is difficult to tell whether the hacker was interested in any particular information or mere curiosity. There was an undetected backdoor into the system that the IT department had not noticed. Possibly, the hacker had logged into the network several times before without detection. It seems that the passwords used by the manufacturer of the network were weak, making it easy for the hacker to crack.
Among the first steps of investigating an intrusion is the identification of the compromised computers. These are the computers whose functions had been compromised intentionally to go against integrity, confidentiality and especially availability. During the attack, most of the computers experienced unexplainable activities that were beyond the help of the IT professions. The performance of the computers was also poor, and upon further investigation, the computer logs displayed unknown entries characterized with several login failure attempts. Such computers were located in the Finance Office and Sales Department Office – almost all computers within those departments were out of service due to unexplainable circumstances.
Determining the computers that were accessed, and the technique used is of great importance when running a forensic exam (Frank, 2013). This is achieved through identification of design flaws, spear-phishing and virus infections. The common room computers portrayed the highest symptoms of access hence it is fair to say that they aided in the intrusion. Computers on the right-wing of the building within the Sales Department and Human Resource also exhibit a high threat due to malware infections. Information on the compromised computers was analyzed to determine the origin and sensitivity. Phishing software’s were several on the computers which means that the hacker was able to keep up with current passwords and usernames. The malware was removed properly to avoid any interference with the usual computer software.
A forensic analysis involves the full understanding and resolution of a breach (Infosec, 2019). First of all, it is important to identify the stolen data. The stolen information could give more insight into the type of attack and the motives of the attacker as well. Data extracted from the JSL Enterprise network involved the company’s start-up data, names of employees, social security numbers of employees, and the company’s credit card transactions. This is quite crucial information that could be used against individual employees for the benefit of the hacker. It could also be used by the hacker to blackmail the enterprise.
A penetration testing attack was conducted within the company network to determine the vulnerability of the network. The attacker had access to the system for 16 hours since penetration tests take a great deal of time to carry out. During that time, the hacker was able to run a thorough analysis of the network system and the information available (Prowell, 2010). Astonishingly, the same penetration test that organizations use to strengthen their network systems is the same one that a hacker would use against a system. Since JSL had not conducted a penetration test within the past two years, the hacker was confident enough that the test would meet the benefits he/she was after. Conducting a regular penetration test helps a network stay updated in terms of software. If JSL enterprise had the latest software, it would have been possible for the IT department to lock out the intruder within minutes. However, it seems that the hacker owned an advanced version that did not give the IT department a chance. It is also because of the capabilities of the software that the hacker was able to hold on to the network for such a long amount of period and extract the required data with ease.
In conclusion, it is fair to say that there is persistence on the network for future attacks starting immediately through the implementation of thorough testing and updates. Just early this year, Britain’s Eurofins was hit by a Ransomware that cost them a lot of money to gain back control of their systems (Delvin, 2019). In a world where technology has become a big deal, it is best to protect the information network since it is one of the biggest assets in a company.

References
Devlin, H. (2019). Hacked forensic firm pays ransom after malware attack. Retrieved 27 September 2019, from https://www.theguardian.com/science/2019/jul/05/eurofins-ransomware-attack-hacked-forensic-provider-pays-ransom
Frank. (2013). Advances in Cyber Security: Technology, Operation, and Experiences (pp. 202). Fordham
Infosec. (2019). Incident Response And Computer Forensics. Retrieved from https://resources.infosecinstitute.com/category/computerforensics/introduction/areas-of-study/computer-forensics-investigations/incident-response-and-forensics/#gref
Prowell, S. (2010). Seven Deadliest Network Attacks (pp.41-45). Elseiver.
Wilhelm, T. (2013). Professional Penetration Testing (pp. 16-18). Newnes.

Order | Check Discount

Tags: Forensic Report for JLA Enterprise