Excel Independent Project 6-5

/in /by

Classic Gardens and Landscapes counts responses to specialty promotions to determine effectiveness. You use SUMIFS and an IFS formula to complete the summary. You also calculate insurance statistics and display full names in one cell.

[Student Learning Outcomes 6.1, 6.2, 6.3, 6.6, 6.7]

File Needed: ClassicGardens-06.xlsx (Available from the Start File link.)

Completed Project File Name: [your name]-ClassicGardens-06.xlsx

Skills Covered in This Project

  • Nest MATCH and INDEX functions.
  • Create DSUM formulas.
  • Build an IFS function.
  • Build SUMIFS formulas.
  • Use TEXTJOIN to join labels.
  1. Open the ClassicGardens-06 start file. The file will be renamed automatically to include your name. Change the project file name if directed to do so by your instructor, and save it.
  2. Create a nested INDEX and MATCH function to display the number of responses from a city.
    1. Click the Mailings sheet tab and select and name cells A3:D28 as Responses.
    2. Click the Mailing Stats sheet tab.
    3. Click cell B21 and type Carthage.
    4. Click cell C21, start an INDEX function, and select the first argument list option.
    5. Choose or type the Responses range name for the Array argument.
    6. Click the Row_num box and nest a MATCH function. Select cell B21 for the Lookup_value and cells A3:A28 on the Mailings sheet for the Lookup_array. Click the Match_type argument box and type 0.
    7. Click INDEX in the Formula bar. Click the Column_num box and nest a second MATCH function to look up cell D3 on the Mailings sheet in the lookup array A3:D3.
    8. Click the Match_type box and type 0 (Figure 6-106) and click OK. The result displays as 343.00.MATCH statements are the row_num and col_num arguments.Figure 6-106 Nested MATCH and INDEX functions
    9. Format the results to show zero decimal places.
    10. Type Smyrna in cell B21.
  3. Use DSUM to summarize mailing data.
    1. Select the Mailings sheet and note that number mailed is located in the third column and response data is in the fourth column.
    2. Click the Criteria sheet tab. Select cell B2 and type lan* to select data for the Landscape Design department.
    3. Type law* in cell B5 for the Lawn & Maintenance department.
    4. Type pat* in cell B8 for the Patio & Furniture department.
    5. Click the Mailing Stats sheet tab and select cell B7.
    6. Use DSUM with the range name Responses as the Database argument. Type 3 for the Field argument (# Mailed column), and enter an absolute reference to cells B1:B2 on the Criteria sheet as the Criteria argument.
    7. Copy the formula to cell C7 and edit the Field argument to use the fourth column (# Responses).
    8. Use DSUM in cells B8:C9 to calculate results for the two remaining departments.
  4. Use SUM in cells B10:C10.
  5. Format all values as Comma Style with no decimal places.
  6. Create an IFS function to display a response rating. Note: If your version of Excel does not include the IFS function, build the following nested IF function =IF(C7/B7>=20%,$C$15,IF(C7/B7>=15%,$C$16,IF(C7/B7>=11%,$C$17,$C$18))) to display the rating.
    1. Click cell D7. The response rate and ratings are shown in rows 14:18.
    2. Start an IFS function and select C7 for the Logical_test1 argument. Type / for division and select cell B7. Type >=20% to complete the test.
    3. Click the Value_if_true1 box, select C15, and press F4 (FN+F4) (Figure 6-107).Each logical_test argument has a corresponding value_if_true argument.Figure 6-107 First Logical_test and Value_if_true arguments
    4. Click the Logical_test2 box, select C7, type /, select cell B7, and type >=15%.
    5. Click the Value_if_true2 box, click cell C16, and press F4 (FN+F4).
    6. Complete the third and fourth logical tests and Value_if_true arguments (Figure 6-108).Several arguments are scrolled out of viewFigure 6-108 Completed IFS function arguments
    7. Copy the formula in cell D7 to cells D8:D10.
  7. Use SUMIFS to total insurance claims and dependents by city and department.
    1. Click the Employee Insurance sheet tab and select cell E25.
    2. Use SUMIFS with an absolute reference to cells F4:F23 as the Sum_range argument.
    3. The Criteria_range1 argument is an absolute reference to cells E4:E23. The Criteria1 argument is bre* to select the city of Brentwood.
    4. The Criteria_range2 argument is an absolute reference to cells D4:D23, the department column, with criteria of lan* to select the Landscape Design department.
    5. Click OK. The result for cell E25 is 10.
    6. Build SUMIFS formulas for cells E26:E28 based on the criteria displayed in cells C26:C28.
    7. Format borders to remove inconsistencies, if any, and adjust column widths to display data.
  8. Use TEXTJOIN to display names. Note: If your version of Excel does not include the TEXTJOIN function, use CONCAT or CONCATENATE to build the function.
    1. Click the Full Names sheet tab and select cell E4.
    2. Start a TEXTJOIN function and press Spacebar for the Delimiter argument.
    3. Click the Text1 box and select cell C4.
    4. Complete the Text2 and Text3 arguments to show middle and last names and click OK (Figure 6-109).The quotation marks display when you move to the next entry box in the list.Figure 6-109 Delimiter is a space
    5. Copy the formula to display full names in column E.
  9. Save and close the ClassicGardens-06 Excel workbook (Figure 6-110).Completed worksheets for Excel 6-5
 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Network Design/ For Martin Writer

/in /by

You will select an organization, and apply your research to the analysis and development of a network design that would be appropriate for the organization and the needs that it has for its network. Additional information and the deliverables for each Individual Project will be provided in the assignment description for the project. This is the course’s Key Assignment that you will make contributions to each week.

Project Selection:

The first step will be to select an organization as the target for your network design and architecture proposal document. This organization will be used as the basis for each of the assignments throughout the course and should conform to the following guidelines:

· Nontrivial: The selected organization should be large enough to allow reasonable exercise of the network design process.

· Domain Knowledge: You should be familiar enough with the organization to allow for focus on the project’s tasks without the significant time required for domain education.

· Accessibility: You should have good access to the people and other information related to the organization because this will be an important part of the process.

The selected organization may already have a distributed network in place, but it can still be used as the basis for the projects in this course.

The selected organization must have a need for some kind of distributed network computing as part of their operations. Therefore, you may identify a hypothetical organization that meets these requirements. Any necessary assumptions may be made to fulfill the requirements of organization selection process.

Select an existing organization, or identify a hypothetical organization that fits these requirements, and submit your proposal to your instructor before proceeding with the assignments in the course. Approval should be sought within the first several days of the course. Your instructor will tell you how to submit this proposal and what notification will be given for project approval.

Assignment:

For the assignments in this course, you will not be implementing a distributed network, but you will be developing a comprehensive network design and architecture proposal document. Your first task in this process will be to select an organization or identify a hypothetical organization to use as the basis of your project. You will also create the shell document for the final project deliverable that you will be working on during each unit. As you proceed through each project phase, you will add content to each section of the final document to gradually complete the final project deliverable. Appropriate research should be conducted to support the development of your proposal document, and assumptions may be made when necessary.

The project deliverables are as follows:

· Submit the organization proposal to your instructor for approval.

· Submit the network design and architecture proposal document shell

· Use Word

· Title page

· Course number and name

· Project name

· Student name

· Date

· Table of contents

· Use autogenerated TOC

· Separate page

· Maximum of 3 levels deep

· Be sure to update the fields of the TOC so it is up-to-date before submitting your project.

· Section headings (create each heading on a new page with TBD as content except for sections listed under new content below)

· Project Outline

· Distributed Network Requirements Analysis

· Communication Protocols Analysis and Recommendations

· Network Traffic Analysis and Recommendations

· Network Design and Architecture

· Future Needs Analysis and Recommendations

 

PART I (4 pages)

Project outline and requirements

· Brief description of the organization (can be hypothetical) where the network will be implemented

· Include company size, location(s), and other pertinent information.

· Summary of the benefits that the company would realize through distributed networking

· Material can be taken from the approved proposal that was submitted to the instructor.

· Ensure that this project is approved by the instructor.

Distributed network requirements analysis

· Describe at least 5 major areas of functionality needed by the organization that can be provided through distributed networking.

· For each area of functionality, include information to identify capacity and performance requirements.

· Identify connectivity and security requirements for the proposed network.

· Include any other requirements that will affect your design and architecture, such as the use of existing network infrastructure, budget limitations, existing applications and operating systems, and so forth.

Name the document yourname_CS635_IP1.doc.

PART II (3 pages)

The Communication Protocols Analysis and Recommendations section should include the following:

Analysis:

· For each of the requirements identified in the Requirements Analysis section of the previously created proposal, list and describe the communication protocol(s) that are necessary to support the requirement.

· Include a description of which parts of the network and network applications would utilize the protocol(s).

Recommendations:

· Based on the analysis that was performed in the previous step, prepare a recommendation for protocol(s) to use with the network.

· Justify the selection of these protocol(s) by using a description of the operational characteristics that best match the analysis results.

Be sure to update your table of contents before submission.

Name the document yourname_CS635_IP2.doc.

PART III (3 pages)

Update the network design and architecture proposal document title page with new date and project name.

Update the previously completed sections based on instructor feedback.

Network Traffic Analysis and Recommendations section:

Analysis:

· Summarize each of the major uses of the distributed network.

· For each use, identify the traffic estimates.

· Include an analysis of peak traffic times and levels.

· Identify any other issues that will produce congestion on the network.

Recommendations:

· Based on the analysis that you performed in the previous step, prepare a recommendation of the software and infrastructure that would be required to handle the projected traffic.

· Offer recommendations for software that can be used to manage potential network congestion, and describe how the software works.

Update your table of contents before submission.

Name the document yourname_CS635_IP3.doc.

PART IV (3 pages)

Update the network design and architecture proposal document’s title page with new date and project name.

Update the previously completed sections based on instructor feedback.

The Network Design and Architecture section should include the following:

Infrastructure:

· Describe the network architecture that is suitable for this distributed network.

· Include at least 1 visual model of the system that identifies the major components.

· Justify the physical design of the system with reference to the requirements established in previous sections of the proposal.

· Summarize the estimated cost of the network infrastructure.

Software:

· Describe the software required for the network.

· Include the operating systems and other software applications that are required to meet the functional and operational requirements established in previous sections of the proposal.

· Summarize the estimated cost of the network software.

Name the document yourname_CS635_IP4.doc.

PART V (3 pages)

Update the network design and architecture proposal title page with new date and project name.

Update the previously completed sections based on instructor feedback.

The Future Needs Analysis and Recommendations section should include the following:

· Research current and future trends in distributed networking.

· Summarize at least three potential changes in distributed networking that might affect your company.

· Provide a modified design and architecture, and discuss the changes from the original design proposal that would be required to support the new requirements.

Network design and architecture proposal

· Review the entire document for any changes and improvements you would like to make.

· Ensure this final version of the plan is sufficiently detailed to allow the organization to confidently move forward with a distributed network implementation that is based on your recommendations.

Any previous instructor feedback should be addressed with appropriate changes.

Update your table of contents before submission.

Name the document “yourname_CS635_IP5.doc.”

Each part at least 2 REFERENCES + Citation, Please don’t use wiki not allow us to use it.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Forensic Report

/in /by

TASK

Task 1: Recovering scrambled bits (5%) (5 marks)

For this task I will upload a text file with scrambled bits on the subject interact2 site closer to the assignment due date. You will be required to restore the scrambled bits to their original order and copy the plain text in your assignment.

Deliverable: Describe the process used in restoring the scrambled bits and insert plain text in the assignment.

Task 2: Digital Forensics Report (20%) (20 marks)

In this major task you are asked to prepare a digital forensic report for the following scenario after carefully reading the scenario and looking at textbook figures as referred below: You are investigating a possible intellectual property theft by a new employee of Superior Bicycles, Inc. This employee, Tom Johnson, is the cousin of Jim Shu, an employee who had been terminated. Bob Aspen is an external contractor and investor who gets a strange e mail from Terry Sadler about Jim Shu’s new project (shown in Figure 8-5 of the textbook on p. 350).

Bob forwards the e-mail to Chris Robinson (the president of Superior Bicycles) to inquire about any special projects that might need capital investments. Chris forwards the e-mail to the general counsel, Ralph Benson, asking him to look into it. He also forwards it to Bob Swartz, asking him to have IT look for any e-mails with attachments. After a little investigation, Bob Swartz forwards an e-mail IT found to Chris Robinson (shown in Figure 8 – 6 of the textbook on p. 350).

Chris also found a USB drive on the desk Tom Johnson was assigned to. Your task is to search for and determine whether the drive contains any proprietary Superior Bicycles, Inc. data in the form of any digital photograph as an evidence. In particular, you may look for graphic files such as JPEG on the USB drive hidden with different format. Note for the USB drive image, you need to download the “C08InChp.exe” file from the download section of Chapter 8 on the student companion site of the textbook (Nelson, Phillips, & Steuart, 6/e, 2019).

Your task is to search all possible places data might be hidden (e-mails and USB drive) and recover and present any digital evidence in the report.

Deliverable: For this forensic examination, you need to provide a report of 1800-2000 words (approximately 5 A4 pages) in the format described in presentation section below.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Exp19_Excel_Ch05_CapAssessment_Travel

/in /by

You are the manager of an information technology (IT) team. Your employees go to training workshops and national conferences to keep up-to-date in the field. You created a list of expenses by category for each employee for the last six months. Now you want to subtotal the data to review total costs by employee and then create a PivotTable to look at the data from different perspectives.

Steps to Perform:

 

Step

Instructions

Points Possible

 

1

Start Excel. Download and open the file named Exp19_Excel_Ch05_CapAssessment_Travel.xlsx.   Grader has automatically added your last name to the beginning of the   filename.

0

 

2

Before using the Subtotal   command, you must first sort the data.
On the Subtotals worksheet, sort the data by Employee and further sort by   Category, both in alphabetical order.

4

 

3

You want to subtotal the data to calculate expenses by   employee.
Use the Subtotals feature to insert subtotal rows by Employee to calculate   the total expense by employee.

6

 

4

Now you want to hide the details   for two employees and focus on details for the remaining employees.
Collapse the Davidson and Miller sections to show only their totals. Leave   the other employees’ individual rows displayed.

5

 

5

For more detailed analysis, you are ready to create a   PivotTable.
Use the Expenses worksheet to create a blank PivotTable on a new worksheet   named Summary.   Name the PivotTable Categories.

8

 

6

You want to include the Category   and Expense fields in the PivotTable.
Use the Category and Expense fields, enabling Excel to determine where the   fields go in the PivotTable.

5

 

7

You want to display average expenses instead of totals.
Modify the Values field to determine the average expense by category. Change   the custom name to Average Expense.

4

 

8

Format the Values field with   Accounting number type.

4

 

9

You want to display a meaningful label and select a   different layout.
Type Category   in cell A3 and change the Grand Totals layout option to On for Rows Only.

5

 

10

Apply Light Blue, Pivot Style   Dark 2 and display banded rows.

5

 

11

To make it easy to filter the PivotTable results, you will   insert and format a slicer.
Insert a slicer for the Employee field, change the slicer height to 2   inches and apply the Light Blue, Slicer Style Dark 5. Move the slicer so that   the upper-left corner is in cell A10.

6

 

12

You want to insert another   PivotTable to analyze the data on the Expenses worksheet.
Use the Expenses worksheet to create another blank PivotTable on a sheet   named Totals.   Name the PivotTable Employees. Add the Employee to the Rows and   add the Expense field to the Values area. Sort the PivotTable from largest to   smallest expense.

10

 

13

Change the name for the Expenses column to Totals   and format the field with Accounting number format.

6

 

14

Insert a calculated field to   subtract 2659.72   from the Totals field. Change the custom name to Above or Below Average and   apply Accounting number format to the field.

10

 

15

Set 10.86 (approximate) as the width for column   B and 13.71   for column C, change the row height of row 3 to 30, and apply word wrap to   cell C3.

4

 

16

Now, you want to create a   PivotChart to depict the data visually.
Create a clustered column PivotChart from the PivotTable. Move the PivotChart   to a new sheet named Chart. Hide all field buttons in the   PivotChart, if necessary.

8

 

17

Add a chart title above the chart and type Expenses by   Employee. Change the chart style to Style 14.

2

 

18

Apply 11 pt font size to the   value axis and display the axis as Accounting with zero decimal places.

4

 

19

Create a footer on all worksheets with your name in the   left section, the sheet name code in the center section, and the file name   code in the right section.

4

 

20

Ensure that the worksheets are   correctly named and placed in the following order in the workbook: Subtotals,   Summary, Chart, Totals, Expenses.

0

 

21

Save and close Exp19_Excel_Ch05_CapAssessment_Travel.xlsx.   Exit Excel. Submit the file as directed.

0

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Forensics Fundamentals Multiple Choice Questions 1-25

/in /by

April 29, 2018

Remember that you must enter the answers to your questions in Canvas. This file has been provided to allow

you to perform the hands-on tasks before starting the Canvas quiz. Also remember that this is a test, and you

are required to do your own work. It’s open book and open note, but you must NOT collaborate with any other

students, or receive outside assistance.

 

1. This is a “real” test, which means you must do your own work. It’s an open book test, so you can use any

resources such as books, your notes, or the computer. However, you must do your own work. This means

that you must not ask other students, instructors, acquaintances, paid consultants, Facebook friend s, etc.

for help. Any violations of the CBC Academic Honesty Policy will result in a failing grade for the course.

(NOTE – There are several question on this test that require looking up data, such as the speed of various

memory types. If you don’t want to memorize this information you can look it up.)

If you use any Internet resources, make sure that you do NOT copy and paste information unless

instructed. You can use the Internet, but you must put all answers in your own words. You will receive no

credit for any answers with copied material.

 

The test must be completed by 11:59 on the due date to receive full credit. Late tests will be accepted, but

only for seven calendar days after the original due date. Late tests will automatically lose 10 points. La te

tests will not be accepted after 7 days and you will fail the class.

A. I agree

B. I disagree

 

2. What is Registry?

A. A hierarchical database used by every computer to store settings and data

B. A hierarchical database used by computers running Windows to store settings and data

C. A relational database used by every computer to store settings and data

D. A relational database used by computers running Windows to store settings and data

 

3. True or False. Any program that runs on Windows will store all of i t’s data in registry.

1. True

2. False

 

4. Which of the following methods can be used to add or change registry data?

1. Use regedit to manually create or edit a registry key

2. Use a program such as any application in Windows Control Panel

3. Write a program that uses one the registry API functions

4. All of the above

 

5. True or False. All of the data in registry is stored in files when Windows shuts down gracefully.

1. True

2. False

 

6. Which registry key holds the list of URLs the currently logged on user typed into Internet Explorer? (Note

– HK is an abbreviation for HKEY)

1. HK_CLASSES_ROOT\Software\Microsoft\Internet Explorer\TypedUrls

2. HK_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\TypedUrls

3. HK_CURRENT_CONFIG\Software\Microsoft\Internet Explorer\TypedUrls

4. HK_ USERs\Software\Microsoft\Internet Explorer\TypedUrls

5. HK_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedUrls

6. None of the above

 

 

 

April 29, 2018

7. Which registry key would you use to discover the SID associated with a particular user? (Note – HK is an

abbreviation for HKEY)

1. HK_LOCAL_MACHINE\SAM\Domains\Users

2. HK_LOCAL_MACHINE\SAM\Domains\Account\Users

3. HK_LOCAL_MACHINE\SAM\Domains\SIDList

4. HK_LOCAL_MACHINE\SAM\Domains\Account\SIDList

5. HK_LOCAL_MACHINE\SAM\Domains\Account\Users\SIDList

6. None of the above

 

8. What of the following web sites contains an easy to use reference of every registry key?

1. MSDN (Microsoft Developer Network)

2. Registrywiki.org

3. Forensicswiki.org

4. Wikipedia.org

5. None of the above

 

9. Which of the following is true regarding the different versions of Microsoft Windows and the registry

hives, keys and values?

1. There have been no changes to the registry hives, keys or values between versions of Windows

2. Each version of Windows uses a completely different set of registry hives , keys and values

3. Each time Microsoft releases a new version of Windows they have tried to maintain the structure

of registry as much as possible. However there have been some situations where changes were

necessary and had to be made

4. Each time Microsoft releases a new version of Windows they kept the main registry hives but a

majority of the keys change in each release.

 

10. Which of the following is true regarding the different versions of Microsoft Windows and the files used to

store registry?

1. There have been no changes to the files between versions of Windows

2. Each version of Windows uses a completely different set of registry files

3. There were major changes introduced with Windows 7. That is, the file names and locations are

significantly different between Windows 7 and Vista.

4. There were major changes introduced with Windows Vista. That is, the file names and locations

are significantly different between XP and Vista.

5. There were major changes introduced with Windows XP. That is, the file names and locations are

significantly different between XP and Windows 98.

 

11. Which of the main registry hives holds information about extensions of all registered file types, OLE

objects and COM servers? Other hives may hold small pieces of this information, however you should

choose the hive whose main purpose is to hold this information.

1. HKEY_CLASSES_ROOT

2. HKEY_CURRENT_USER

3. HKEY_LOCAL_MACHINE

4. HKEY_USERS

5. HKEY_CURRENT_CONFIG

6. None of the above

 

12. Which of the main registry hives stores settings which are specific to the currently logged-in user (Windows

Start menu, desktop, etc.)?

1. HKEY_CLASSES_ROOT

2. HKEY_CURRENT_USER

3. HKEY_LOCAL_MACHINE

 

 

April 29, 2018

4. HKEY_USERS

5. HKEY_CURRENT_CONFIG

6. None of the above

 

13. Which of the main registry hives holds information about installed applications, settings; along with

information about any hardware that has ever been connected to the computer including the type of bus,

total size of available memory, list of currently loaded device drivers and information about Windows

startup?

1. HKEY_CLASSES_ROOT

2. HKEY_CURRENT_USER

3. HKEY_LOCAL_MACHINE

4. HKEY_USERS

5. HKEY_CURRENT_CONFIG

6. None of the above

 

 

14. In Windows XP and later, what is the name of the main registry hive that holds dynamic data such as the

current CPU usage?

1. HKEY_CLASSES_ROOT

2. HKEY_CURRENT_USER

3. HKEY_LOCAL_MACHINE

4. HKEY_USERS

5. HKEY_CURRENT_CONFIG

6. None of the above

 

15. True or False. All of the information in HKEY_LOCAL_MACHINE is stored in the SYSTEM file when

Windows shuts down.

1. True

2. False

 

16. True or False. The information in HKEY_CURRENT_CONFIG is actually part of

HKEY_LOCAL_MACHINE, so it is not stored in a separate file when Windows shuts down.

1. True

2. False

 

17. Which of the following is true regarding the data in HKEY_CURRENT_USER? (You can assume

Windows Vista and later).

1. The information is always stored in %UserProfile%\Users\UserName\NTUser.Dat

2. The information is always stored in %UserProfile%\Users\AppData\UserName\NTUser.Dat

3. The information is stored in %UserProfile%\Users\UserName\NTUser.Dat unless the user account

is an Active Directory (network) account set up for roaming. In this case the information will be

stored in the NTUser.Dat in the user’s home directory on the network.

4. The information is stored in %UserProfile%\Users\UserName\AppData\NTUser.Dat unless the

user account is an Active Directory (network) account set up for roaming. In this case the

information will be stored in the NTUser.Dat in the user’s home directory on the network.

 

18. Which of the following files holds information about all installed programs and their settings? (You can

assume Windows Vista and later)

1. SAM

2. SECURITY

3. SOFTWARE

4. SYSTEM

 

 

April 29, 2018

5. PROGRAMS

 

19. Assume you are using regedit. Which of the following subhives will you be unable to view? (Hint – there

are multiple answers)

1. SAM

2. SECURITY

3. SOFTWARE

4. SYSTEM

5. PROGRAMS

 

20. Which of the main registry hives holds the settings and data for any user that has ever been created on the

computer?

A. HKEY_CLASSES_ROOT

B. HKEY_CURRENT_USER

C. HKEY_LOCAL_MACHINE

D. HKEY_USERS

E. HKEY_CURRENT_CONFIG

F. None of the above

 

 

21. Which of the following files holds the information about user accounts such as usernames, login times,

etc.? (You can assume Windows Vista and later)

A. SAM

B. SECURITY

C. SOFTWARE

D. SYSTEM

E. PROGRAMS

 

22. Why does Windows prevent regedit from displaying the information in the protected subhives?

A. To prevent users from overclocking the CPU or making other unauthorized and potentially

hazardous changes to hardware

B. To prevent users from making changes to their Windows licensing information

C. To prevent users from viewing information about user passwords and encrypted files and folders

D. None of the above

 

23. True or False. If the AccessData Registry Viewer is installed, it can be started from within FTK to read

registry files from the current case, or it can be run separately from FTK to read files external to a case .

A. True

B. False

 

24. Assume you have copies of the registry files, SAM, SECURITY, etc. In other words these files are NOT

in an image. Which program would you use to inspect the files?

A. FTK

B. FTK Imager

C. AccessData Registry Viewer

D. Regedit

E. Any of the above

 

25. Where does Windows store copies of registry made with the System Restore utility?

A. %SystemRoot%\Repair

 

 

April 29, 2018

B. %SystemRoot%\System32\config\RegBack (or %SystemRoot%\Repair for XP and older)

C. %SystemRoot%\RegBack (or %SystemRoot%\Repair for XP and older)

D. %SystemRoot%\$NTRestore

E. %SystemRoot%\$NTSysRestore

 

26. Use the image stringsTest2Image.AD1 to answer this question. What is the MD5 hash value for the image? Hint – use FTK Imager to view the MD5 digest value.

A. e4e732d5cfd795855a31ee74820d09f3 B. 43b34a4edaa34fa23b8a26da2245b45 C. 7c138f146b63416734dc376d8cb7c4a0 D. ead2d7516987edd3413bbbb31c4e333 E. None of the above

27. Use the image stringsTest1Image.AD1 to answer this question. Which file contains a list of stolen credit card numbers? Enter your answer in the same case as the actual file. Hint – search for the credit card pattern.

 

 

28. Use the image stringsTest1Image.AD1 to answer this question. Which file contains a list of usernames and passwords? Enter your answer in the same case as the actual file. Hint – search for the words “username” and

“password”

 

29. Use the image stringsTest1Image.AD1 to answer this question. Which file contains a list of stolen social security numbers? Enter your answer in the same case as the actual file.

 

30. Use the image stringsTest1Image.AD1 to answer this question. What is the correct file extension (or file type) for the file you found in the previous question?

A. .doc (word document) B. .xls (excel speadsheet) C. .rtf (rich text format) D. .txt (plain text document)

31. Use the image nixonSmall.E01 to answer this question . What is the total number of files in the image? Write your answer as a number, not a word. For example, if there are 4 files write 4, not four.

 

32. Use the image nixonSmall.E01 to answer this question . How many files have the wrong extension? Write your answer as a number, not a word. For example, if there are 4 files write 4, not four.

 

33. Use the image nixonSmall.E01 to answer this question. What is the correct file type for the file acceptance test list.mp3?

A. Executable File B. GIF File C. Word Document D. Excel Spreadsheet E. Database File F. Adobe Photoshop File G. JPEG/JFIF File H. ZIP Archive I. Hypertext Document J. Bitmap File K. PowerPoint File L. PDF File M. Plain Text File

 

34. Use the image nixonSmall.E01 to answer this question. What is the correct file type for the file careers1.txt? A. Executable File

 

 

April 29, 2018

B. GIF File C. Word Document D. Excel Spreadsheet E. Database File F. Adobe Photoshop File G. JPEG/JFIF File H. ZIP Archive I. Hypertext Document J. Bitmap File K. PowerPoint File L. PDF File M. Plain Text File

35. Use the image nixonSmall.E01 to answer this question. The files acceptance test list.mp3 and careers1.txt are both in the same user’s home directory. Which user is this?

A. Nixon B. Chucky C. Colonel Palmer D. Sandman E. Marko

 

36. Use the image nixonSmall.E01 to answer this question. Which user has the SID 1005? A. chucky B. nixon C. sandman D. Administrator E. None of the above

 

37. Use the image nixonSmall.E01 to answer this question. When was the last time the user nixon logged onto the system? (You can leave the time in UTC format, you don’t have to convert to local time)

A. 3/19/2014 13:53:47 UTC B. 3/19/2014 13:36:16 UTC C. 3/19/2014 13:53:450 UTC D. 11/12/2013 12:21:03 UTC

 

38. Use the files in the folder domex to answer this question. How many total user accounts are there? (Include all of the accounts including Administrator, Guest etc. but NOT the alias in your answer.)

 

39. Use the files in the folder domex to answer this question. What is the SID for the user domex2?

40. Use the files in the folder domex to answer this question. What is the Login Count for the user Administrator?

41. Use the files in the folder domex to answer this question. What time zone is Windows set to use? A. Eastern B. Central C. Mountain D. Pacific

 

42. Use the files in the folder domex to answer this question. Which of the following URLs did the user domex2 type in Internet Explorer?

A. http://www.google.com B. http://www.hotmail.com C. http://www.gmail.com D. All of the above

 

 

 

 

April 29, 2018

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

A Network Consisting Of M Cities And M-1 Roads Connecting Them Is Given

/in /by

A network consisting of M cities and M-1 roads connecting them is given. Cities are labeled with distinct integers within the range [o. (M-1)] Roads connect cities in such a way that each pair of distinct cities is connected either by a direct road or along a path consisting of direct roads. There is exactly one way to reach any city from any other city. In other words, cities and direct roads form a tree. The number of direct roads that must be traversed is called the distance between these two cities. For example, consider the following network consisting of ten cities and nine roads: 2 0 Cities 2 and 4 are connected directly, so the distance between them is 1. Cities 4 and 7 are connected by a path consisting of the direct roads 4-0,0-9 and 9-7; hence the distance between them is 3. One of the cities is the capital, and the goal is to count the number of cities positioned away from it at each of the distances 1,2,3,.., M -1. If city number 1 is the capital, then the cities positioned at the various distances from the If city number 1 is the capital, then the cities positioned at the various distances from the capital would be as follows: . 9 is at a distance of 1 · 0, 3, 7 are at a distance of 2; 8,4 are at a distance of 3; 2, 5, 6 are at a distance of 4. Write a function: class Solution t public int[] solution(int[] T)h that, given a non-empty array T consisting of M integers describing a network of M cities and M 1 roads, returns an array consisting of M-1 integers, specifying the number of cities positioned at each distance 1, 2,…, M – 1. Array T describes a network of cities as follows: · if T[P] Q and P = Q, then P is the capital; if T[P Q and P Q, then there is a direct road between cities P and Q. For example, given the following array T consisting of ten elements: T[2] 4 T[6]8 T[9] = 1 = 9 T[7] the function should return [1, 3, 2,3,0,0,0,0,01, as explained above. Write an efficient algorithm for the following assumptions: M is an integer within the range [1..100,000]; each element of array T is an integer within the range [0.M-1] there is exactly one (possibly indirect) connection between any two distinct cities.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Forensic Report

/in /by

TASK

Task 1: Recovering scrambled bits (5%) (5 marks)

For this task I will upload a text file with scrambled bits on the subject interact2 site closer to the assignment due date. You will be required to restore the scrambled bits to their original order and copy the plain text in your assignment.

Deliverable: Describe the process used in restoring the scrambled bits and insert plain text in the assignment.

Task 2: Digital Forensics Report (20%) (20 marks)

In this major task you are asked to prepare a digital forensic report for the following scenario after carefully reading the scenario and looking at textbook figures as referred below: You are investigating a possible intellectual property theft by a new employee of Superior Bicycles, Inc. This employee, Tom Johnson, is the cousin of Jim Shu, an employee who had been terminated. Bob Aspen is an external contractor and investor who gets a strange e mail from Terry Sadler about Jim Shu’s new project (shown in Figure 8-5 of the textbook on p. 350).

Bob forwards the e-mail to Chris Robinson (the president of Superior Bicycles) to inquire about any special projects that might need capital investments. Chris forwards the e-mail to the general counsel, Ralph Benson, asking him to look into it. He also forwards it to Bob Swartz, asking him to have IT look for any e-mails with attachments. After a little investigation, Bob Swartz forwards an e-mail IT found to Chris Robinson (shown in Figure 8 – 6 of the textbook on p. 350).

Chris also found a USB drive on the desk Tom Johnson was assigned to. Your task is to search for and determine whether the drive contains any proprietary Superior Bicycles, Inc. data in the form of any digital photograph as an evidence. In particular, you may look for graphic files such as JPEG on the USB drive hidden with different format. Note for the USB drive image, you need to download the “C08InChp.exe” file from the download section of Chapter 8 on the student companion site of the textbook (Nelson, Phillips, & Steuart, 6/e, 2019).

Your task is to search all possible places data might be hidden (e-mails and USB drive) and recover and present any digital evidence in the report.

Deliverable: For this forensic examination, you need to provide a report of 1800-2000 words (approximately 5 A4 pages) in the format described in presentation section below.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Excel Module 9 SAM Project 1

/in /by

Documentation

Illustrated Excel 2016 | Module 9: SAM Project 1a
Five Points Media
AUTOMATING WORKBOOK TASKS
Author: Latrice Reaves
Note: Do not edit this sheet. If your name does not appear in cell B6, please download a new copy of the file from the SAM website.

Week 1

Mon Tue Wed Thu Fri Total
Barstad 4 4 5 6 11
Brownell 1 3 4 7 6
Chong 2 5 3 7 5
Egan 9 2 7 5 6
Fernandez 5 5 4 6 9
Kellerman 5 1 5 6 7
Lapina 4 4 6 7 8
Renz 4 7 10 4 6
Saiki 6 5 9 8 9
Shapiro 4 10 4 6 9

Top 5

Bottom 5

Bonus

Print

Totals

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

Easy Assignment – Corporate Infrastructure Part V: IPv6 – Online

/in /by

ITT-116N Subnetting Worksheet

Use the following tables as references for the remainder of the document.

IP Address Classes
Class A 1-127 Leading bit pattern 0 Network.Host.Host.Host
Class B 128-191 Leading bit pattern 10 Network.Network.Host.Host
Class C 224-239 Leading bit pattern 110 Network.Network.Network.Host
Class D 224-230 Reserved for multicast.
Class E 240-255 Reserved for experimental, used for research.

 

Private Addresses
Class A 10.0.0.0 – 10.255.255.255
Class B 172.16.0.0 – 172.31.255.255
Class C 192.168.0.0 – 192.168.255.255
APIPA 169.254.0.1 – 169.254.255.254

 

 

 

Binary to Decimal Conversion

128 64 32 16 8 4 2 1 Answers
0 0 0 1 1 0 1 1 27
0 0 1 1 1 0 1 1 59
1 1 1 1 0 0 0 0 240
0 0 1 1 0 0 0 1 49
1 0 0 0 1 0 0 0 136
1 0 1 0 1 0 1 0 170
0 1 1 0 1 1 0 1 109
1 0 0 1 1 0 0 1 153
1 1 0 1 0 1 1 0 214

 

Decimal to Binary Conversion

128 64 32 16 8 4 2 1 Problem
1 1 0 0 1 0 0 0 200
1 1 1 1 1 1 1 1 255
0 1 1 0 1 0 1 1 107
1 1 1 0 0 0 0 0 224
1 1 0 0 0 0 0 0 192
0 1 1 0 0 0 1 0 98
1 1 1 1 0 0 1 0 242
1 1 1 0 0 0 0 0 224
1 0 1 0 1 1 0 0 172
0 1 1 0 0 1 0 0 100

 

Address Classes

Address Class
148.17.9.1 B
220.200.23.1 C
177.100.15.4 B
249.241.80.78 E
198.155.72.56 C
10.0.0.1 A
192.168.123.42 C
123.231.132.9 A
42.42.42.42 A
242.81.64.3 E

 

Network Identification

Highlight the Network Portion:

117. 89. 56. 90
33. 0. 0. 2
10. 252 1. 1
150. 15. 16. 3
192. 168. 123. 1
199. 155. 66. 56
242. 200. 23. 1
158. 200. 45. 62
218. 155. 230. 41
100. 25. 1. 1

 

 Highlight the Host Portion:

117. 89. 56. 90
33. 0. 0. 2
10. 252 1. 1
150. 15. 16. 3
192. 168. 123. 1
199. 155. 66. 56
242. 200. 23. 1
158. 200. 45. 62
218. 155. 230. 41
100. 25. 1. 1

 

 

Network Addressing

Write the network addresses for the provided IP address/subnet mask.

10.10.48.80 255.255.255.0 10.10.48.0
10.10.10.10 255.0.0.0 10.0.0.0
27.125.200.151 255.0.0.0 27.0.0.0
199.203.32.91 255.255.255.0 199.203.32.0
186.31.32.110 255.255.0.0 186.31.0.0
192.168.24.19 255.255.0.0 192.168.0.0
15.30.20.20 255.255.255.0 15.30.20.0
27.0.2.1 255.0.0.0 27.0.0.0
164.42.3.4 255.255.255.0 164.42.3.0
25.25.142.8 255.0.0.0 25.0.0.0

 

 

 

Host Addresses

Using the IP address and subnet mask shown, write the host address.

10.10.48.80 255.255.255.0 10.10.48.1-10.10.48.254
10.10.10.10 255.0.0.0 10.0.0.1-10.255.255.254
27.125.200.151 255.0.0.0 27.0.0.1-27.255.255.254
199.203.32.91 255.255.255.0 199.203.32.1-199.203.32.254
186.31.32.110 255.255.0.0 186.31.0.1-186.31.255.254
192.168.24.19 255.255.0.0 192.168.0.1-192.168.255.254
15.30.20.20 255.255.255.0 15.30.20.1-15.30.20.254
27.0.2.1 255.0.0.0 27.0.0.1-27.255.255.254
164.42.3.4 255.255.255.0 164.42.3.1- 164.42.3.254
25.25.142.8 255.0.0.0 25.0.0.1-25.255.255.254

Default Subnet Mask

Write the correct default subnet mask for each.

10.10.48.80 255.255.255.0 255.0.0.0
10.10.10.10 255.0.0.0 255.0.0.0
27.125.200.151 255.0.0.0 255.0.0.0
199.203.32.91 255.255.255.0 255.255.255.0
186.31.32.110 255.255.0.0 255.255.0.0
192.168.24.19 255.255.0.0 255.255.255.0
15.30.20.20 255.255.255.0 255.0.0.0
27.0.2.1 255.0.0.0 255.0.0.0
164.42.3.4 255.255.255.0 255.255.0.0
25.25.142.8 255.0.0.0 255.0.0.0

 

Custom Subnet Masks

Fill in the blanks.

Required Subnets 14
Required Hosts 14
Network Address 192.10.10.0
Address Class c
Default Subnet Mask 255.255.255.0
Custom Subnet Mask 255.255.255.240
Total Number of Subnets 16
Total Number of Host Addresses 16
Number of Usable Addresses 14
Number of Bits Borrowed 4
What is the 10th Subnet Range? 192.10.10.144-192.10.10.159
What is the subnet number for the 2nd Subnet? 192.10.10.32
What is the broadcast address for the 12th Subnet? 192.10.10.191
What are the usable addresses for the 10th Subnet? 192.10.10.145-192.10.10.158

 

Required Subnets 1000
Required Hosts 60
Network Address 156.100.0.0
Address Class B
Default Subnet Mask 255.255.0.0
Custom Subnet Mask 255.255.255.192
Total Number of Subnets 1024
Total Number of Host Addresses 64
Number of Usable Addresses 62
Number of Bits Borrowed 10
What is the 10th Subnet Range? 156.100.2.64-156.100.2.127
What is the subnet number for the 2nd Subnet? 156.100.0.64
What is the broadcast address for the 12th Subnet? 156.100.2.255
What are the usable addresses for the 100th Subnet? 156.100.24.193-156.100.24.254

 

 

 

 

 

Required Subnets 6
Required Hosts 28
Network Address 182.86.7.0
Address Class B
Default Subnet Mask 255.255.255.0
Custom Subnet Mask 255.255.255.224
Total Number of Subnets 2048
Total Number of Host Addresses 32
Number of Usable Addresses 30
Number of Bits Borrowed 11
What is the 3rd Subnet Range? 182.86.7.64-182.86.7.95
What is the subnet number for the 2nd Subnet? 182.86.7.32
What is the broadcast address for the 1st Subnet? 182.86.7.31
What are the usable addresses for the 6th Subnet? 182.86.7.161-182-86-7-190

 

 

Required Subnets 2000
Required Hosts 15
Network Address 187.112.0.0
Address Class B
Default Subnet Mask 255.255.255.0
Custom Subnet Mask 255.255.255.224
Total Number of Subnets 2048
Total Number of Host Addresses 32
Number of Usable Addresses 30
Number of Bits Borrowed 11
What is the 100th Subnet Range? 182.112.12.96-182.112.12.127
What is the subnet number for the 200th Subnet? 182.112.25.0
What is the broadcast address for the 42nd Subnet? 182.112.5.63
What are the usable addresses for the 10th Subnet? 182.112.1.33-182.112.1.62

 

 

 

 

 

 

Required Subnets 412
Required Hosts 1000
Network Address 128.47.0.0
Address Class B
Default Subnet Mask 255.255.255.0
Custom Subnet Mask 255.255.252.128
Total Number of Subnets 512
Total Number of Host Addresses 65,536
Number of Usable Addresses 64,512
Number of Bits Borrowed 9
What is the 10th Subnet Range? 128.47.36.0
What is the subnet number for the 42nd Subnet? 128.47.20.128
What is the broadcast address for the 300th Subnet? 128.47.149.255
What are the usable addresses for the 12th Subnet? 128.47.5.129-128.47.5.254

 

 

Create the subnetting table for each subnet required for your corporate network.

Required Subnets 8
Required Hosts 300
Network Address 10.0.0.0
Address Class A
Default Subnet Mask 255.0.0.0
Custom Subnet Mask 255.255.255.0
Total Number of Subnets 65536
Total Number of Host Addresses 16,777,216
Number of Usable Addresses 16,646,144
Number of Bits Borrowed 16
What are the usable addresses for the 1st Subnet? 10.0.0.1-10.0.0.254
What are the usable addresses for the 2nd Subnet? 10.0.1.1-10.0.1.254
What are the usable addresses for the 3rd Subnet? 10.0.2.1-10.0.2.254
What are the usable addresses for the 4th Subnet? 10.0.3.1-10.0.3.254
What are the usable addresses for the 5th Subnet? 10.0.4.1-10.0.4.254

 

© 2019. Grand Canyon University. All Rights Reserved.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

TCP/IP Attack Lab- SEED Labs Project

/in /by

In this lab, students need to conduct attacks on the TCP/IP protocols. They can use the Netwox tools and/or other tools in the attacks. All the attacks are performed on Linux operating systems. However, instructors can require students to also conduct the same attacks on other operating systems and compare the observations. To simplify the “guess” of TCP sequence numbers and source port numbers, we assume that attackers are on the same physical network as the victims. Therefore, you can use sniffer tools to get that information. The following is the list of attacks that need to be implemented. 3.1 Task 1 : SYN Flooding Attack ` ` User Server SYN SYN+ACK ACK Active TCP Connection ` ` Attacker Server SYN Spoofed Addresses SYN+ACK ` Legitimate User SYN No Reply Normal TCP 3-way handshake between user and server SYN Flood: attacker sends many SYN to server without ACK. The server is not able to process request from legitimate user 1 2 3 4 1 2 3 Figure 2: SYN Flooding Attack SEED Labs – TCP/IP Attack Lab 4 SYN flood is a form of DoS attack in which attackers send many SYN requests to a victim’s TCP port, but the attackers have no intention to finish the 3-way handshake procedure. Attackers either use spoofed IP address or do not continue the procedure. Through this attack, attackers can flood the victim’s queue that is used for half-opened connections, i.e. the connections that has finished SYN, SYN-ACK, but has not yet gotten a final ACK back. When this queue is full, the victim cannot take any more connection. Figure 2 illustrates the attack. The size of the queue has a system-wide setting. In Linux, we can check the setting using the following command: # sysctl -q net.ipv4.tcp_max_syn_backlog We can use command “netstat -na” to check the usage of the queue, i.e., the number of halfopened connection associated with a listening port. The state for such connections is SYN-RECV. If the 3-way handshake is finished, the state of the connections will be ESTABLISHED. In this task, you need to demonstrate the SYN flooding attack. You can use the Netwox tool to conduct the attack, and then use a sniffer tool to capture the attacking packets. While the attack is going on, run the “netstat -na” command on the victim machine, and compare the result with that before the attack. Please also describe how you know whether the attack is successful or not. The corresponding Netwox tool for this task is numbered 76. Here is a simple help screen for this tool. You can also type “netwox 76 –help” to get the help information. Listing 1: The usage of the Netwox Tool 76 Title: Synflood Usage: netwox 76 -i ip -p port [-s spoofip] Parameters: -i|–dst-ip ip destination IP address -p|–dst-port port destination port number -s|–spoofip spoofip IP spoof initialzation type SYN Cookie Countermeasure: If your attack seems unsuccessful, one thing that you can investigate is whether the SYN cookie mechanism is turned on. SYN cookie is a defense mechanism to counter the SYN flooding attack. The mechanism will kick in if the machine detects that it is under the SYN flooding attack. You can use the sysctl command to turn on/off the SYN cookie mechanism: # sysctl -a | grep cookie (Display the SYN cookie flag) # sysctl -w net.ipv4.tcp_syncookies=0 (turn off SYN cookie) # sysctl -w net.ipv4.tcp_syncookies=1 (turn on SYN cookie) Please run your attacks with the SYN cookie mechanism on and off, and compare the results. In your report, please describe why the SYN cookie can effectively protect the machine against the SYN flooding attack. If your instructor does not cover the mechanism in the lecture, you can find out how the SYN cookie mechanism works from the Internet. 3.2 Task 2 : TCP RST Attacks on telnet and ssh Connections The TCP RST Attack can terminate an established TCP connection between two victims. For example, if there is an established telnet connection (TCP) between two users A and B, attackers can spoof a RST packet from A to B, breaking this existing connection. To succeed in this attack, attackers need to correctly construct the TCP RST packet. SEED Labs – TCP/IP Attack Lab 5 In this task, you need to launch an TCP RST attack to break an existing telnet connection between A and B. After that, try the same attack on an ssh connection. Please describe your observations. To simplify the lab, we assume that the attacker and the victim are on the same LAN, i.e., the attacker can observe the TCP traffic between A and B. The corresponding Netwox tool for this task is numbered 78. Here is a simple help screen for this tool. You can also type “netwox 78 –help” to get the help information. Listing 2: The usage of the Netwox Tool 78 Title: Reset every TCP packet Usage: netwox 78 [-d device] [-f filter] [-s spoofip] Parameters: -d|–device device device name {Eth0} -f|–filter filter pcap filter -s|–spoofip spoofip IP spoof initialization type {linkbraw} 3.3 Task 3 : TCP RST Attacks on Video Streaming Applications Let us make the TCP RST attack more interesting by experimenting it on the applications that are widely used in nowadays. We choose the video streaming application in this task. For this task, you can choose a video streaming web site that you are familiar with (we will not name any specific web site here). Most of video sharing websites establish a TCP connection with the client for streaming the video content. The attacker’s goal is to disrupt the TCP session established between the victim and video streaming machine. To simplify the lab, we assume that the attacker and the victim are on the same LAN. In the following, we describe the common interaction between a user (the victim) and some video-streaming web site: • The victim browses for a video content in the video-streaming web site, and selects one of the videos for streaming. • Normally video contents are hosted by a different machine, where all the video contents are located. After the victim selects a video, a TCP session will be established between the victim machine and the content server for the video streaming. The victim can then view the video he/she has selected. Your task is to disrupt the video streaming by breaking the TCP connection between the victim and the content server. You can let the victim user browse the video-streaming site from another (virtual) machine or from the same (virtual) machine as the attacker. Please be noted that, to avoid liability issues, any attacking packets should be targeted at the victim machine (which is the machine run by yourself), not at the content server machine (which does not belong to you). 3.4 Task 4 : TCP Session Hijacking The objective of the TCP Session Hijacking attack is to hijack an existing TCP connection (session) between two victims by injecting malicious contents into this session. If this connection is a telnet session, attackers can inject malicious commands (e.g. deleting an important file) into this session, causing the victims to execute the malicious commands. Figure 3 depicts how the attack works. In this task, you need to demonstrate how you can hijack a telnet session between two computers. Your goal is to get the the telnet server to run a malicious command from you. For the simplicity of the task, we assume that the attacker and the victim are on the same LAN. SEED Labs – TCP/IP Attack Lab 6 Note: If you use Wireshark to observe the network traffic, you should be aware that when Wireshark displays the TCP sequence number, by default, it displays the relative sequence number, which equals to the actual sequence number minus the initial sequence number. If you want to see the actual sequence number in a packet, you need to right click the TCP section of the Wireshark output, and select “Protocol Preference”. In the popup window, uncheck the “Relative Sequence Number and Window Scaling” option. The corresponding Netwox tool for this task is numbered 40. Here is part of the help screen for this tool. You can also type “netwox 40 –help” to get the full help information. You may also need to use Wireshark to find out the correct parameters for building the spoofed TCP packet. Listing 3: Part usage of netwox tool 40 Title: Spoof Ip4Tcp packet Usage: netwox 40 [-l ip] [-m ip] [-o port] [-p port] [-q uint32] [-B] Parameters: -l|–ip4-src ip IP4 src {10.0.2.6} -m|–ip4-dst ip IP4 dst {5.6.7.8} -o|–tcp-src port TCP src {1234} -p|–tcp-dst port TCP dst {80} -q|–tcp-seqnum uint32 TCP seqnum (rand if unset) {0} -H|–tcp-data mixed_data mixed data ` ` User Server ` Attacker Attacker hijacks the TCP session and sends “Z” to server on behalf of client Data: “A” Data: “Z” Seq No.: ? ACK 3-way Handshake Data: “B” ACK Sniffing Figure 3: TCP Session Hijacking Attack SEED Labs – TCP/IP Attack Lab 7 3.5 Task 5 : Creating Reverse Shell using TCP Session Hijacking When attackers are able to inject a command to the victim’s machine using TCP session hijacking, they are not interested in running one simple command on the victim machine; they are interested in running many commands. Obviously, running these commands all through TCP session hijacking is inconvenient. What attackers want to achieve is to use the attack to set up a back door, so they can use this back door to conveniently conduct further damages. A typical way to set up back doors is to run a reverse shell from the victim machine to give the attack the shell access to the victim machine. Reverse shell is a shell process running on a remote machine, connecting back to the attacker’s machine. This gives an attacker a convenient way to access a remote machine once it has been compromised. In the following, we will show how we can set up a reverse shell if we can directly run a command on the victim machine (i.e. the server machine). In the TCP session hijacking attack, attackers cannot directly run a command on the victim machine, so their jobs is to run a reverse-shell command through the session hijacking attack. In this task, students need to demonstrate that they can achieve this goal.

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!