This assignment focuses on forensics data collection plan to use during a Red Team exercise. Your plan will be in use as part of training exercise for incident response personnel to help them learn to identify and collect evidence.
Your first task is to analyze the Red Team’s report to determine what they attack or what attack vectors to use Next, analyze the environment to determine what types of forensic evidence should be collected after the attack(s) and where that evidence can be collected from.
Before you begin: Read the Project #1 description.(attached to the Project #1a assignment folder) paying special attention to the Red Team’s report.
For this week’s discussion our focus will be upon developing a brief (1-2 page) forensics data collection plan. The plan will use as part of training exercise for incident response personnel.
Your first task is to analyze the Red Team’s report to determine what they attack or what attack vectors to use.The analyzation of the environment to determine what types of forensic evidence should collect after the attack(s) and where that evidence can collect from.The volatile sources such as RAM (memory) and static sources such as disk drives, thumb drives (USB storage devices), etc. You identify the types of evidence and the devices from which evidence to collect document.
At a minimum your plan must document evidence collection for three specific attack vectors . The vector or vulnerability, document what type of evidence could we collect and where the evidence should be collect from.
you critiques this week, you should review and critique the forensic data collection plans write by two of your peers. You must also post at least two follow-ups or response postings (in any thread).