Greiblock Credit Union (GCU) has hired your firm to develop an incident response and business continuity plan to help them prepare to handle any future network intrusions.
Yvonne: I’d like you to take the lead on the GCU report.
You: Sure. I’ve really learned a lot about investigating network intrusions and dealing with malware over the past few weeks, so I will apply what I’ve learned to this new project.
Yvonne: Keep me updated on your progress and I’ll pass your recommendations onto the client.
You: Will do.
Yvonne: Thanks! You’ve done a great job.
You have been hired by Greiblock Credit Union (GCU), a $5 billion financial services firm as a cybersecurity consultant. Based on your forensic expertise, they have contracted with you to develop a comprehensive incident response and business continuity plan for their organization.
There are four steps to this project. Your deliverable to GCU will consist of reviewing and synthesizing the analysis described in Steps 1–3 and, in Step 4, concluding by developing techniques that your manager, Yvonne, can share with the organization to ensure preparedness to handle any future network intrusions.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.
The GCU board has reviewed your response readiness plan and heard reports from business managers on the impacts of a network attack.
Based on the information you provided, the managers of the GCU branches identified the consequences from the recent network attack, including the stoppage of workflow and ability to meet customer requests, a stoppage in communications (e-mail and web requests), and the loss of business credibility and public confidence. They are concerned that legal expenses may be incurred as part of the damage mitigation for this incident. Alarmed at the magnitude of these impacts, the board of directors asks you to report on how this attack may have happened, so the organization can do everything within its power to prevent similar attacks in the future.
The use of computers and electronic devices to aid in the commission of crimes has seen explosive year-over-year growth. The risk/reward potential for criminals in this environment is high compared to many other types of crimes. One tool of choice for criminals is malware, whether for theft of personal information, computing resources, or other forms of mischief. Most organizations cease their effort once they have removed a malware threat or removed an infection. The trend in malware is toward memory-resident payloads, often with little or no footprint beyond active memory, creating a complex situation where a minor slip-up can ruin any chance at proper analysis. Obtaining malware artifacts from the wild is an elite skill that very few people possess, particularly when it is memory-based.
Malware forensics uses digital forensic tools and techniques, including using imaging programs to analyze compromised resources, the application of imaging and verification procedures on user accounts, and using e-mail forensics and encryption forensics to answer key questions. Organizations that outsource the storage of large volumes of data may require cloud/GIS forensics and/or analysis of third party applications when bring-your-own-device (BYOD) practices are in effect.
The forensic response and investigation plan should apply best practices in digital forensics to guide the GCU leadership in effectively responding to a future incident. Your goal in constructing this plan is to go much further than your original analysis and explain in detail how to perform a full malware analysis of the incident.
Use the Forensic Response and Investigation Plan template to draft your report, and submit it in the dropbox below so Yvonne (your instructor) can pass it along to the client for review. Then go to the next step: submitting the final incident response and a business continuity plan to the client.