2016-09-20 - TRAFFIC ANALYSIS EXERCISE - HALLOWEEN SUPER COSTUME STORE!

NOTICE:

ASSOCIATED FILES:

 

SCENARIO

It's September, and Halloween is fast approaching.  With our current economy, a wide variety of stores have gone out of business.  All that space is ready to be taken over for the next month or two as temporary Halloween-themed costume stores!


Shown above:  This one's perfect!

 

You've recently been hired as a Security Analyst at a place called "Halloween Super Costume Store!"  One day, only you and one other employee are at work.  You're in the back room monitoring what little network traffic there is.  The other employee is Roger.  His nickname is "Roger Rabid" due to the costume he always wears.  Since working with him, you've never seen Roger without it.


Roger:  May I help with your selection of Halloween costume?
Potential customer:  Aaaaaaaaaaaaaah!

 

It's a school day, and not many people are at the store.  When business is this slow, Roger uses a computer near the front desk to check his mail and browse the web.  It's his personal desktop.  He spends so much time at work that the store manager allowed him to bring it in.

Suddenly, you hear a scream of terror, but the sound didn't come from one of the customers.  That scream came from Roger!

You rush to the front desk to find Roger in a panic.  He tells you his computer started acting crazy and he had to unplug the power cord.  When you ask for details, he only tells you it's hard typing with his over-sized creepy monster hands.


Shown above:  Yep, bad for typing.  It's the only thing you agree with Roger about.

 

You take Roger's computer and conduct some forensics.  You determine his IP address and acquire a copy of the network traffic during the time of the incident.  You also noticed Roger received a few emails, so you collect the messages.

You now have the following:

 

You're ready to write a report to show management what happened.  The report should contain the following:

 

ANSWERS

 

Click here to return to the main page.