You are hired by JLA Enterprise to conduct a Forensic Examination after a network intrusion occurs at their
corporate office. Your job is to determine the source of the network intrusion and provide as much information
regarding the attack as possible. Here are some things to consider when explaining what happened during the
network intrusion:
¥ What time did the attack happen?
¥ How did the hacker get into the network?
¥ What computers were compromised?
¥ What computers were accessed?
¥ What data was extracted from the network?
¥ What type of attack was conducted?
¥ How long did the attacker have access to the network?
¥ Is there any persistence on the network for future attacks?
You are asked to conduct a forensics examination of the network and provide a forensic report explaining what
happened during the attack and what corporate data was compromised. The report should cover the above
information, as well as create a timeline that shows the attack from the initial stages of the attack to when the
data was extracted from the network.
Sample Solution