Network forensics and security

Network forensics and security QUESTION 1 1.    Question 1 2.    This data was extracted from an email, it was an attachment - believed to be a word document with the filename "new interfaces.doc". Decode the data and identify the password (pass) present in thething 1.6 GUI. Question 2 1.    Download the firefox profile from here. In terms of the downloaded file gimp-2.6.11-i686-setup-1.exe, complete the following: Item    Value Start Time (DD/MM/YYYY HH:MM:SS)      End Time (DD/MM/YYYY HH:MM:SS)      Source      Saved Location Question 3 1.    Download this .pcap file. How many JPG (JFIF) images are present within the file? Question 4 1.    Looking at the FireFox history here. What was the date and time a user searched for "homemade explosives" (hh:mm:ss dd/mm/yyyy) Question 5 1.    Looking at this .pcap file What is the mac address of the destination machine of all JPG images? Question 6 1.    The following firewall rules are in place for a network. Direction    Source IP Address    Source Port    Destination IP Address    Destination Port    Rule Incoming    Any    <1023    192.168.208.51    80    ALLOW Outgoing    192.168.208.51    Any    Any     80    ALLOW Incoming    Any    Any    192.168.208.51    25    ALLOW Incoming    Any    Any    192.168.208.51    >100    DROP Incoming    Any    Any    192.168.208.51    150    ALLOW Incoming    Any    Any    Any    Any    DROP Outgoing    Any    Any    Any    Any    ALLOW 2.    Based on these rules, determine what will happen to the following packets (If a packet is dropped enter DROP if a packet is allowed enter ALLOW) Source IP Address    Source Port    Destination IP Address    Destination Port    Result 69.51.56.23    1023    192.168.208.51    150      69.51.56.23    965    192.168.208.51    25      69.51.56.23    9865    192.168.202.51    80      192.168.208.51    5666    178.56.5.2    21      192.168.202.51    5666    69.51.56.23    25      69.51.56.23    1024    192.168.208.51    80