Incident Response Procedures, Forensics, and Forensic Analysis

CompTIA Security+ (SY601) Domain: 
Domain 4.0: Operations and Incident Response

CompTIA Security+ (SY601) Objective Mapping:
Objective 4.1: Summarize the importance of policies, processes, and procedures for incident response

Overview

In this lab, you will exploit a remote system, analyze web logs, and perform incident response on a compromised host.

OUTCOMES:

In this lab, you will learn to:

  1. Scan a network with nmap/zenmap.
  2. Exploit a system using Bruter.
  3. Use remote desktop using the stolen credentials from Bruter.
Courses

Key terms and descriptions

netstat
A command line tool in Windows and terminal tool in Linux that will provide you with connection information.
tasklist
This command, which is built into Windows, will display running processes.
ipconfig
These command line Windows tools will display the IP Address and MAC Address of the system.
path
This internal command will allow you to set a new path or to display the current path.
md5sum
This is a hashing tool that is not native to the Windows operating system.