ALL I NEED IS INTRODUCTION & CONCLUSION FOR THIS REPORT & PLEASE PROOF READ

I NEED IT IN 18 HOURS

Intro needed.docx 

You have been called into investigate an employee at your company for misusing company computers, stealing other employee's identity's and allegedly running a side-business.  He uses an old Windows 7 system with the user-id of "Anybody".  Using the virtual PC given to you as the suspect's computer and what you've learned in class so far, you should conduct an investigation on the live computer.  You can use any of the tools/applications on the PC, but cannot download any others.  Gather and document as much evidence as you can from the target PC.  Since this is an internal employee issue, you don't need to worry about search warrants or potentially corrupting evidence.  You just need to generate a report for his manager and the HR director

 

 

 

 

 

 

 

 

 

·         I've found a text file called "CCN" on the desktop, contains credit card numbers collected from several people.

·         The employee with this stolen information can trade on illegal trading sites for profit .

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

·         I've found a file called "SSNs" in document folder,  containing employee's Social Security Numbers.

·         With this information, he can file tax returns and get a tax refund.

·         She/he could get a medical treatment, which may affect your medical records.

·         She/he could apply for application for credit  and could get very quick access to money.

·         She/he could apply for unemployment benefits without your knowledge.

 

 

 

·         A file called "nc.exe" is located in a subfolder

·         It  is called NetCat.

·         She/he may use this tool to share files from one computer to another.

·         She/he may use this tool to clone hard drive and partitions over the network.

·         She/he may use this tool to chat from computer to other.

·         She/he may use this tool to fake HTTP Headers.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

·         The employee used Inprivate browsing to not to leave a trace of browsing activity, form data, cookies, usernames and passwords from being retained by the browser.

 

 

 

 

·         Darkcoding.net  has some randomly generated credit card number which are NOT valid credit card numbers.

·         She/he browsed this web page to get random credit numbers.

·         I think the employee might have sold stolen credit card numbers and randomly generated credit card numbers on illegal trading sites to make more money.

 

 

 

 

·         Based on browsing history, the employee spent his time checking www.truecrypt.org.

·         She/he might have visited the webpage to encrypt a partition or an entire storage device.

 

 

 

 

 

·         The employee might have used stolen information to buy and sell stocks online at www.tdameritrade.com.