Set Task Electronic Template – Unit 11
Task B - Activity 4 Template: Forensic Incident Analysis
Activity 4: 130 mins
Activity 5: 102 mins
Proofread: 5 mins
Total: 237 mins
Use the section headings below to structure a response for each evidence item.
Evidence item: 1
Method of acquiring the evidence: Documentation from Cyber Security Manager
Evidence detail: Details the types of compromises that have happened recently
Evidence reliability: The evidence has a good amount of reliability because it was
written by Alex the Cyber Security Manager who is a trusted member at Romwebhost.
Conclusions: This evidence shows there have been a substantial increase in the
number of accounts being compromised and details the ways staff should deal with
the types of compromises in different situations.
Evidence item: 2
Method of acquiring the evidence: Email saved by Elana
Evidence detail: A fan of the game describes how bad they think Critically
Endangered security is.
Evidence reliability: The evidence has a fair amount of reliability because comes
across like a customer who’s angry because they’ve had their account breached, but it
could be a hacker taunting the company and hinting at an attack that there planning
on.
Conclusions: This evidence shows Critically Endangered aren’t doing enough to
support their customers after they’ve been breached. They compare them to other
game companies that have had data breaches and what they’re doing for their
compromised customers.
Evidence item: 3
Method of acquiring the evidence: Notes from a meeting
Evidence detail: It describes what members of Critically Endangered and
Romwebhost Legal Department talked about in a meeting.
Evidence reliability: The reliability of this evidence is good because they are nots
made during the meeting which would’ve been written as the meeting went along.
Conclusions: This evidence shows they discussed ways their data could’ve been
breached and describes the circumstances of Critically Endangered’s security. When
the game first launched, they used a separate server to Romwebhost’s servers. They
think theft is unlikely due to there being so little staff.
Evidence item: 4
Method of acquiring the evidence: Flowchart handed out at a meeting
Evidence detail: Details the process for creating an account and logging into
Critically Endangered.
Evidence reliability: The reliability of this evidence is good because it was created
by the Critically Endangered team. However, if it’s not kept up to date with any
changes made to security, it will become an inaccurate reflection on how their security
works.
Conclusions: This evidence shows the hash is generated in a way that it can’t be
replicated anywhere else. Also, the organisation only stores the hash, salt and
username but not the password.
Task B - Activity 4 Template: Forensic Incident Analysis
Activity 4: 130 mins
Activity 5: 102 mins
Proofread: 5 mins
Total: 237 mins
Use the section headings below to structure a response for each evidence item.
Evidence item: 1
Method of acquiring the evidence: Documentation from Cyber Security Manager
Evidence detail: Details the types of compromises that have happened recently
Evidence reliability: The evidence has a good amount of reliability because it was
written by Alex the Cyber Security Manager who is a trusted member at Romwebhost.
Conclusions: This evidence shows there have been a substantial increase in the
number of accounts being compromised and details the ways staff should deal with
the types of compromises in different situations.
Evidence item: 2
Method of acquiring the evidence: Email saved by Elana
Evidence detail: A fan of the game describes how bad they think Critically
Endangered security is.
Evidence reliability: The evidence has a fair amount of reliability because comes
across like a customer who’s angry because they’ve had their account breached, but it
could be a hacker taunting the company and hinting at an attack that there planning
on.
Conclusions: This evidence shows Critically Endangered aren’t doing enough to
support their customers after they’ve been breached. They compare them to other
game companies that have had data breaches and what they’re doing for their
compromised customers.
Evidence item: 3
Method of acquiring the evidence: Notes from a meeting
Evidence detail: It describes what members of Critically Endangered and
Romwebhost Legal Department talked about in a meeting.
Evidence reliability: The reliability of this evidence is good because they are nots
made during the meeting which would’ve been written as the meeting went along.
Conclusions: This evidence shows they discussed ways their data could’ve been
breached and describes the circumstances of Critically Endangered’s security. When
the game first launched, they used a separate server to Romwebhost’s servers. They
think theft is unlikely due to there being so little staff.
Evidence item: 4
Method of acquiring the evidence: Flowchart handed out at a meeting
Evidence detail: Details the process for creating an account and logging into
Critically Endangered.
Evidence reliability: The reliability of this evidence is good because it was created
by the Critically Endangered team. However, if it’s not kept up to date with any
changes made to security, it will become an inaccurate reflection on how their security
works.
Conclusions: This evidence shows the hash is generated in a way that it can’t be
replicated anywhere else. Also, the organisation only stores the hash, salt and
username but not the password.
