A threat actor has brute forced a Domain Administrator account via RDP. They did this by running a Meterpreter reverse shell and a RPD proxy via Tor on a Domain Controller. Management wants details as soon as possible. IT needs indicators of compromise (IOCs). Security wants to know the next moves of the bad actors and who they are likely to be. You realize you need to construct a timeline of events to structure your investigation to provide these answers. Based on what you have learned in this class, and research that you gain from credible sources in the Library or online, write a report to management on the following:
Explain the significance of timeline creation and analysis in incident response and forensic analysis.
Answer the following: How does timeline analysis contribute to the analysis of the tactics, techniques, and procedures (TTPs) used in an attack? How do TTPs help identify the bad actors? Your paper should assess the development of timelines and TTPs and draw on key points from your research to justify your views.
The complete essay should be no less than 3 double-spaced pages, conforming to current APA style guidelines. Be sure to reference at least three sources outside of the course book. Ensure that the paper has a complete introduction, main body, conclusion, and reference page.
- 2 months ago