Posted: May 19th, 2015
Network forensics and security
QUESTION 1
1. Question 1
2. This data was extracted from an email, it was an attachment – believed to be a word document with the filename “new interfaces.doc”.
Decode the data and identify the password (pass) present in thething 1.6 GUI.
Question 2
1. Download the firefox profile from here.
In terms of the downloaded file gimp-2.6.11-i686-setup-1.exe, complete the following:
Item Value
Start Time (DD/MM/YYYY HH:MM:SS) End Time (DD/MM/YYYY HH:MM:SS) Source Saved Location
Question 3
1. Download this .pcap file.
How many JPG (JFIF) images are present within the file?
Question 4
1. Looking at the FireFox history here.
What was the date and time a user searched for “homemade explosives” (hh:mm:ss dd/mm/yyyy)
Question 5
1. Looking at this .pcap file
What is the mac address of the destination machine of all JPG images?
Question 6
1. The following firewall rules are in place for a network.
Direction Source IP Address Source Port Destination IP Address Destination Port Rule
Incoming Any <1023 192.168.208.51 80 ALLOW
Outgoing 192.168.208.51 Any Any 80 ALLOW
Incoming Any Any 192.168.208.51 25 ALLOW
Incoming Any Any 192.168.208.51 >100 DROP
Incoming Any Any 192.168.208.51 150 ALLOW
Incoming Any Any Any Any DROP
Outgoing Any Any Any Any ALLOW
2. Based on these rules, determine what will happen to the following packets (If a packet is dropped enter DROP if a packet is allowed enter ALLOW)
Source IP Address Source Port Destination IP Address Destination Port Result
69.51.56.23 1023 192.168.208.51 150 69.51.56.23 965 192.168.208.51 25 69.51.56.23 9865 192.168.202.51 80 192.168.208.51 5666 178.56.5.2 21 192.168.202.51 5666 69.51.56.23 25 69.51.56.23 1024 192.168.208.51 80
Place an order in 3 easy steps. Takes less than 5 mins.