Data Handling

You have been called into the offices of a mid-sized city. The fire department, police, city offices, and library are all connected in a metropolitan area network and the entire network is being hit with a malware infestation. The IT team from the city is focused on getting all of the systems disinfected and the city back to doing business. You have been asked to perform a forensic analysis, though the objective of the analysis isn’t clear other than they want a “patient zero” and they also want to know if any data has been exfiltrated. What artifacts are you going to be looking at, how are you going to handle evidence (collection, analysis, storage as necessary) and what are you going to consider to be your primary objective? Keep in mind that the team overall is meeting twice a day, there is a lot of panic and anxiety over trying to contain this. 
Note: THIS IS COMPUTER SCIENCE QUESTION UNDER THE TOPIC OF INCIDENT RESPONSE 

Scroll to Top