Network forensics and security

Network forensics and security

1.    Question 1
2.    This data was extracted from an email, it was an attachment – believed to be a word document with the filename “new interfaces.doc”.

Decode the data and identify the password (pass) present in thething 1.6 GUI.

Question 2
1.    Download the firefox profile from here.

In terms of the downloaded file gimp-2.6.11-i686-setup-1.exe, complete the following:
Item    Value
Start Time (DD/MM/YYYY HH:MM:SS)      End Time (DD/MM/YYYY HH:MM:SS)      Source      Saved Location
Question 3
1.    Download this .pcap file.
How many JPG (JFIF) images are present within the file?

Question 4
1.    Looking at the FireFox history here.

What was the date and time a user searched for “homemade explosives” (hh:mm:ss dd/mm/yyyy)

Question 5

1.    Looking at this .pcap file

What is the mac address of the destination machine of all JPG images?

Question 6

1.    The following firewall rules are in place for a network.
Direction    Source IP Address    Source Port    Destination IP Address    Destination Port    Rule
Incoming    Any    <1023    80    ALLOW
Outgoing    Any    Any     80    ALLOW
Incoming    Any    Any    25    ALLOW
Incoming    Any    Any    >100    DROP
Incoming    Any    Any    150    ALLOW
Incoming    Any    Any    Any    Any    DROP
Outgoing    Any    Any    Any    Any    ALLOW
2.    Based on these rules, determine what will happen to the following packets (If a packet is dropped enter DROP if a packet is allowed enter ALLOW)
Source IP Address    Source Port    Destination IP Address    Destination Port    Result    1023    150    965    25    9865    80    5666    21    5666    25    1024    80