You are a Tier 1 SOC Analyst at a fictional company, "SecureCorp." SecureCorp has recently been experiencing a series of suspicious activities, and it is your job to investigate them. You will be provided with a variety of data sources, including network traffic, system logs, and memory dumps. Your goal is to identify the full scope of the attack, from initial compromise to data exfiltration.
You will be provided with the following data sources:
- Network Traffic: A PCAP file containing network traffic from the compromised network segment.
- System Logs: A collection of Windows Event Logs, firewall logs, and web server logs.
- Memory Dumps: Memory dumps from several compromised systems.
Your tasks are to:
- Analyze the network traffic to identify suspicious connections and data transfers.
- Analyze the system logs to identify signs of compromise, such as unauthorized logins and suspicious processes.
- Analyze the memory dumps to identify malware and other malicious artifacts.
- Correlate the findings from all data sources to create a complete timeline of the attack.
- Write a comprehensive report detailing your findings, including:
- A timeline of the attack.
- A list of all compromised systems.
- A list of all malware and tools used by the attacker.
- A list of all data that was exfiltrated.
- Recommendations for remediation and prevention.
- A comprehensive incident response report.
- A presentation summarizing your findings for a non-technical audience.
Your capstone project will be graded on the following criteria:
- Thoroughness of your investigation: Did you identify all of the key artifacts and events?
- Accuracy of your findings: Are your conclusions supported by the evidence?
- Clarity of your report: Is your report well-written and easy to understand?
- Effectiveness of your presentation: Is your presentation clear, concise, and engaging?