Assignment Details
Information technology professionals typically use cybercrime detection and investigation hardware and software every day. These professionals may use a blend of open source tools such as Wireshark, and/or proprietary tools such as Encase Enterprise to perform investigations across hard wired or wireless networks, stand-alone system hard drives, and various types of devices with multiple OS configurations. The complexity of the current cybercrime environment demands this type of investigative response.
Tools such as intrusion detection systems, configuration checking tools, tripwires, honeypots, anomaly detectors, and operating system commands are used to investigate cybercrime. Select at least 3 of the 6 tools identified above and apply them this to the cybercrime case scenario below:
Scenario: The CEO and CTO have been made aware by the IT Department Lead that there has been a ransomware attack (cyberextortion attack). The corporation and executive management have decided to respond to the ransom demands. Discuss the typical characteristics of a ransomware attack, how it can be identified, and the tools used to detect, trace, and eliminate the threat.