Project title: Efficiently Perform a Forensic Analysis of an Advanced Persistent Threat

*Winner: Best Experiment Project

Email: juliemillard01@gmail.com

Advanced Persistent Threats are an increasing problem for cyber security experts as hackers use multiple tools and techniques to infiltrate systems and stay undetected.

The project focused on various ways of performing an Advanced Persistent Threat and how understanding them could help with the analysis of such attacks. Through research of what attacks are, how they are carried out, and examining the psychology of who carries out these attacks, knowledge of how to effectively analyse an attack was obtained. The project also researched tools, policies and procedures required to forensically undertake and efficiently perform the analysis of an Advanced Persistent Threat.

Evidence of: A password cracking tool (Ophcrack) being installed, Apache2 being re-installed and overwriting the original programme. Malicious alteration of web browser code and stealing credentials. Ssh-server programme re-installed and a script injected. Auth.log, exposed multiple failed port access attempts, and unsuccessful tries to log into the system using root privileges. The daemon log provided evidence that user 132 gained access to the network and the Main User Target. The dpkg.status.0 logs confirmed evidence of an attack taken place through multiple programmes downloaded and executed.

The Windows drive produced evidence of:

A trojan in the MpAsDesc.doo.mui log and folders deleted from the Windows system.

There was enough evidence to conclude the attack was advanced in nature, persistent and a threat to the security of the network.