2015-02-15 - TRAFFIC ANALYSIS EXERCISE: FURTHER INVESTIGATION INTO THE NUCLEAR EK TRAFFIC

NOTICE:

PCAP:

 

FIRST DECISION POINT - YOU FIND THE ALERTS FROM THE HOST'S IP ADDRESS

Here are the associated events for the malicious traffic:

 

SECOND DECISION POINT

1)  Looking through those IDS events confirmed everything!  Time to initiate established procedures and let your UK location handle this situation.

 

2)  Still not 100 percent satisfied, are you?  People at your UK location find the computer (a Dell desktop) and perform some forensics.  They send you a zip archive of some suspicious files they found on the computer.

 

Click here to exit this exercise and return to the main page.