Network forensics and security

Network forensics and security

QUESTION 1
1.    Question 1
2.    This data was extracted from an email, it was an attachment – believed to be a word document with the filename “new interfaces.doc”.

Decode the data and identify the password (pass) present in thething 1.6 GUI.

Question 2
1.    Download the firefox profile from here.

In terms of the downloaded file gimp-2.6.11-i686-setup-1.exe, complete the following:
Item    Value
Start Time (DD/MM/YYYY HH:MM:SS)      End Time (DD/MM/YYYY HH:MM:SS)      Source      Saved Location
Question 3
1.    Download this .pcap file.
How many JPG (JFIF) images are present within the file?

Question 4
1.    Looking at the FireFox history here.

What was the date and time a user searched for “homemade explosives” (hh:mm:ss dd/mm/yyyy)

Question 5

1.    Looking at this .pcap file

What is the mac address of the destination machine of all JPG images?

Question 6

1.    The following firewall rules are in place for a network.
Direction    Source IP Address    Source Port    Destination IP Address    Destination Port    Rule
Incoming    Any    <1023    192.168.208.51    80    ALLOW
Outgoing    192.168.208.51    Any    Any     80    ALLOW
Incoming    Any    Any    192.168.208.51    25    ALLOW
Incoming    Any    Any    192.168.208.51    >100    DROP
Incoming    Any    Any    192.168.208.51    150    ALLOW
Incoming    Any    Any    Any    Any    DROP
Outgoing    Any    Any    Any    Any    ALLOW
2.    Based on these rules, determine what will happen to the following packets (If a packet is dropped enter DROP if a packet is allowed enter ALLOW)
Source IP Address    Source Port    Destination IP Address    Destination Port    Result
69.51.56.23    1023    192.168.208.51    150      69.51.56.23    965    192.168.208.51    25      69.51.56.23    9865    192.168.202.51    80      192.168.208.51    5666    178.56.5.2    21      192.168.202.51    5666    69.51.56.23    25      69.51.56.23    1024    192.168.208.51    80