A threat actor has brute forced a Domain Administrator account via RDP. They did this by running a Meterpreter reverse shell and a RPD proxy via Tor on a Domain Controller. Management wants details as soon as possible. IT needs indicators of compromise (IOCs). Security wants to know the next moves of the bad actors and who they are likely to be. You realize you need to construct a timeline of events to structure your investigation to provide these answers. Based on what you have learned in this class, and research that you gain from credible sources in the Library or online, write a report to management on the following:
Explain the significance of timeline creation and analysis in incident response and forensic analysis.
Answer the following: How does timeline analysis contribute to the analysis of the tactics, techniques, and procedures (TTPs) used in an attack? How do TTPs help identify the bad actors? Your paper should assess the development of timelines and TTPs and draw on key points from your research to justify your views.
Criteria to be met:
●
Submits research into the
development of a timeline for forensic work.
●
Describes the tools used in the
development of a timeline
●
Describes the techniques used in
the development of a timeline
●
Explains the identification of
tools, techniques, and procedures used in an attack.
●
Explains why the technique is
practical.
Explains how the approach would be implemented in an
organization.
●
Explains TTP used in an attack
can be used to identify the threat actor organization.
●
Explains a real-world example of
TTP being used to identify a threat actor
●
Explains why TTP are subject to
errors
Last Completed Projects
| topic title | academic level | Writer | delivered |
|---|