Answered You can buy a ready-made answer or pick a professional tutor to order an original one.

QUESTION

Case Study 3: Analyzing Stuxnet Read the article titled, “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History” located at the Wired link below: http://www.wired.com/thr

Case Study 3: Analyzing Stuxnet Read the article titled, “How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History” located at the Wired link below: http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/all/1 Write a three to four (3-4) page paper in which you:

  1. Explain the forensic technique Symantec researchers employed in order to receive the traffic sent by Stuxnet-infected computers and describe what their analysis uncovered.
  2. Identify what researchers were surprised to discover with Stuxnet’s malicious DLL file. Assess this significant function of malware and what potential dangers it could present in the future.
  3. Determine the primary reason that critical infrastructures are open to attacks which did not seem possible just a couple of decades earlier.
  4. Decide whether or not an appropriate case has been made in which Stuxnet was indeed a targeted attack on an Iranian nuclear facility, based on the evidence and conclusions of the researchers. Provide your rationale with your response.
  5. Use at least two (2) quality resources in this assignment other than the article linked above. Note: Wikipedia and similar Websites do not qualify as quality resources. 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

  • Outline system forensics issues, laws, and skills.
  • Analyze and describe the process of reviewing network logs for analysis.
  • Use technology and information resources to research advanced issues in computer forensics.
  • Write clearly and concisely about topics related to computer forensics planning using proper writing mechanics and technical style conventions.
Show more
  • @
  • 165 orders completed
ANSWER

Tutor has posted answer for $40.00. See answer's preview

$40.00

****** ***** # ** ********* ********** *** ******** ******** PlanningMonday 6 ** ** pmProfessor: Dr ****** U Nwatu PhD *** BSBA **** *** **** MCP+I *** *** ********* ********* * ********** TorresTable ** ******** **** ******* Explain *** ******** ********* ******** *********** ******** ** ***** ** receive *** ******* sent by Stuxnet-infected ********* *** describe **** their ******** ************************* * **** ******** **** *********** were ********* ** ******** with *********** ********* DLL **** ****** **** *********** ******** of ******* *** **** ********* dangers ** could present in the ********************************************************************************************************** * **** ********* *** ******* ****** **** ******** *************** *** **** to ******* ***** *** *** seem ******** just * ****** ** ******* earlier…………………………………………page * ***** ****** whether ** *** ** *********** **** *** **** made in ***** Stuxnet was ****** * ******** ****** on an Iranian ******* ******** ***** ** the ******** *** *********** of *** *********** Provide **** rationale **** your response…………………………………page # 14 References………………………………………………………………………………page * ************************************************************************************************************* # ********************************************************** ***** ** ********* ************* the ******* titled ****** ******* Detectives Deciphered ******* the **** ******** Malware ** ********** ******* at *** ***** **** *********************************************************************************************** Explain the ******** ********* ******** *********** ******** ** order to ******* *** ******* sent ** **************** ********* *** ******** **** their analysis *********** * culture we’ve ****** ** ********** ** *** *************************** ** cyber-threats **** ****** ********* ***** after * ****** ********* or *** **** tricky new ****** *********** ****** **** ****** ***** **** **** ***** **** **** ******* Neverthelessapersistentthreatintended ** ****** ******* power ******** ** ** ***** *** **** ***** ******* in **** ** all places ****** ****** *** ******** **** ********* ********* *** **** ofEvery *** and then *** it ***** ** * ****** ***** to ***** *** ***** world to * ****** ** happened ** **** 2010 That *** **** *** ******* computer ***** made headlines for ****** ******* ****** enrichment plants *** ***** ******** the regulator of ********* ********** *** damagedfilters **** for uranium development ** a **** stroke *** ******* ****** *** ********** **** adisturbing ***** Even *************************************** and ******** ************** like ***** ****** *** *********** to ****** ********* ******* *** ***************** ********** ************* ***** ****** *** defendthe ********** ********** against ******* and ****** *** become * ****** ** ******* ******* ** *** nuclear industry ******* was * ******* **** *** the entire ********** ****** ********* David ****** marketing ******* *** Industrial ******** ** ********** he ******** ****** digital ***** wasn’t an ******** **** ** **** ******** experts discovered *** **** ********* The **** **** ******** information ** **** attacks ***** the ***** Trojan ***** spied selectively ** companies ** *** ******** ******** *** *** ****** and ******* search ******* **** ****** *** ******* ********* ******* right ** *** ********** ***** ******** ******* *** ******** ***** date ********* ** ************* *** ******* ********** ******* ******* 14 *** domain ************ information for *** *** **** **** ******* Stuxnet **** ** might **** **** *** ***** ** ****** its ********** ** around ******** 2005 *** *** ******* ******* was develop ** **** the ********* ******** ** * ******** ** **** * ******** ** **** ** days ***** to *** ******** **** ** the version * Therefore ******* ** ** *** ****** ******** ** ******* that have been ************* **** **** *** *********** **** the ******* and control ** & ** serversand stopped ** ******* 11 2009 **** ******************** ******* **** * ****** and **** ***** 2011]Picture * * **** *********** W32Stuxnet ******* Version 14Stuxnet 1101 *** ******** ** **** **** *** ********** ** ** ******* **** ******* ** Stuxnet for ** least *** **** ******* *** ******** **** ****** *** ******** ** ********** were found ** **** Stuxnet enclosescountless structures **** ****************** through removable drives ************ * weakness ********** ******************* ** *** ********* Windows ******** ***** when *** ********* ***** is ********* to *** PC **** spreads ** * *** through *** Windows print ******* service ****** **** ********** *** ********* ******* ****** ******* (RPC) ******** ****** code execution **** copies *** executes itself on ****** ********* ******* network shares ******* ***** ******** servers ****** ***** copies of *** ***** ** **** * *** **** automatically ******** when the step ***** ******* ** ****** then ******* ****** through * ************ ********* within * *** then ******** a command and ******* ****** **** allows *** ****** to ******** *** execute **** to ****** ******** ********* ******* ******** **** contain *** Windows ******* **** hide *** binaries **** *** *** ******** *** bypassing *** ***** ******** ******** ******* ** the ******** *** ******* ************** *** ******* system and ********* the **** **** ***** the Siemens **** *** ** potentially ******** *** ****** and ** *** *** ***** the ******** **** ** the ******* for PLCs[Falliere ******* **** * Murchu and **** ***** ************ * 2 **** *********** W32Stuxnet ******* ******* ********* **** uses ******* ***** ** ******* *** chances **** ** **** ** ******** ******* * * ***** *** the **** run ******** **** off **** **** *** **** add * *** ******* ** the ******* **** The command that is ***** ** found ** ********************************* This ** ******** *** “Open” ****** *** **** viewing the ******* **** *** *** ********* ****** *** **** will actually *** *** ********** ******** One of ***** Open ******** ** *** legitimate *** and one ** *** ******* ***** ** Stuxnet ** * **** ******* to **** *** drive *** **** menu ******* will ******* ***** Stuxnet **** ***** the drive ** **** that anything ********** has ***************** Nicolas Liam O ****** *** **** Chien ************ * * **** Global ********* ******************** substantial ******* ******** ********** ** the US **** ******* * * shows *** the conditions in Europe ** entirely similar ** *** ** **** Global Infection ** ************* ***** *** ** ********* ******** ** ******* ***** Thomas ***** a ****** ********** at *** ARC ******** ******** ***** **** ***** *** *** ****** attacks **** ***** ***** ***** *** **** ***** serious ********* damage *** ***** ******** ******** people *** the environment *** example ** ******* ********** the controls of * drinking ***** purification ********* The **** **** ******** like ***** *** ******** ** *** ** ********** **** *** ********* computer ******* trends ** *** **** few years *********** **** ** be worry [Thabet Amr ******* the ******* virus ****** is ** obvious ******* Israel ********* a nuclear **** to ** * nonstop *********** danger But ***** *** ********* ** **** ******** that ****** who really ****** **** **** This Stuxnet **** ** * dynamic **** library **** loads **** *** ******** *********** *** initiatesimplementing ** ********* *** a ******* ***** “stub” There are some theories ********* **** the ********* ** Israel as *** ********** ********* *** ***** *** ******* that ********** from ****** the malware **** ** the ******** **** *** ********** control ******* ***** Siemens that ******** ***** the rumor **** **** *** **** been *** goal ** ********* ***** target and ****** *** have been involved ** the ******** of ******* ***** ** ******* by the *** York ***** warnedthat Stuxnet *** * ***** ********** *** **** *** ****** ** Israel’s on ********** ******* ******* ** *** ****** ******* complex ****** **** ***** ** *** ******* * **** ***** **** ****** **** **** *** worm ****** ******* ** ****** until * **** later ********** **** *** all *** ******** ************ the **** *** ********* at escaping detection ** compromised ******* *** ***** evidences aren’t **** ********* ** *** ***** *** *** ******** ***** a ******* ***** ******* Amr ************ * * **** *********** W32Stuxnet ******* Version ************* industrial ******* systems ********** *** more *** more *************** networked **** ***** *** **** *** **** of * *********** ** systeminternetIndustrializedspying ** more and **** ***** of ******* ** ***** ********** ********** With * ********** ******************** *** state-of-the-artcomputerization ********* **** ******** IT ******** ********* **** ***** ********** for **** kind ** virus such as ******* ***** **** targets ******** industrial ******* system **** in ******* ********* ** power ****** The ******** **** ** ******* ** to ******** that ******** ** reprogramming logic *********** ******** ***** from * remote area which ******** as *** ******************* ******* *** ******** ** ***** ******* ** *** *********************** Nicolas **** * Murchu and **** ***** ******* of ********* ** **** *** **** *** shown that ***** *** ************* 100000 infected ***** *** ********* *** ******** **** Global Infection byWin32/Stuxnet ***** *** number ** ****** ******** hosts ** country and *** ****** ******** ***** on WAN ** ****************** Nicolas Liam * ****** and **** ***** 2011]Picture * * *** * **** Global ********* byWin32/Stuxnet2 ******** **** *********** were surprised ** discover **** *********** malicious *** **** ****** **** *********** ******** ** ******* and what potential dangers ** ***** ******* ** the ************* ** a ****** **** was ****** ******* ** ****** an industrial control ****** or ******* organizations ********** ******* systems *** **** ** gas ********* *** ***** ****** Its ***** goal was ** reprogram *** machines **** **** *** ********** ******* systems ***** *** ********* the **** ** *** programmable ***** controllers ****** ** **** this ******* **** ** * *** *** ******** intended therefore ****** *** ** ***** ******* from the people **** operate theseequipment ** ***** ** ********** **** ********* the ******************* * **** ********** ** ********** ** ******** their chances ** success **** includes zero-day ******** at *** ******* ********** ** *** ** the first **** *** rootkit ******* antivirus ******* ********** witha ******************** injection ** ******* rootkit **** ** **** *** programing ***** ******* ** **** ******** *** ************ ******* ** *** ************ ********* ** the ********************* ** the ******** *** ************ ******* *** the command ******* ********* intranet ** ********** *** *** ******* ****** ***** only ******* ******** equipment ***** **** ** ****** **** ***** *** ****** *** **** complexity ** the ******** ** **** **** *** *** ** when it *** ******* ********* ******* **** * ****** and Eric ***** *********** ****** *** ***** companies ** ********** to **** network ******** ********* *** *** ******** ** *** ** that *** ******* connectionsfrom employees that are ********* ********* **** ***** **** **** ** ***** ** ****** ******** *** ****** ******** ** **** ******* ** assembly *** ***** ********* * better overview ** *** procedures *** slashes *** **** ** *********** *** production *** ********* * ******** **** ********** ******* *** ******** ****** *** ******* *** *** ****** **** their fragile ****** *** ***** ********* *** ********* **************** for ******* *** espionageCorporationsdepend ** **** ********* ********* **** *** ******** and *** ****** ******** **** ** **** ***** **** the Internet ** **** ** standardized ******** **** ** ******* These ******* enable ********* ** **************** *** stages ** their ************ from ********** ** top ********** ***** ***** **** data can ** *** in * straight **** from ********** ** the *********** ERP *************** ******* Liam * ****** and Eric ***** 2011]Stuxnet ** *** **** a *** ***** ** **** *** ****** * *** *** ** ************* malware **** ***** ******* *** ******* ** ******* and ***** goals *** hear about a ***** ******** ****** or ******** banks or ****** cards but ******** the ***** **** you **** ***** ***** ******* buildings ******** ******** ** kills people *** ******** Stuxnet ******* has ********* a *** ** attention **** ******* investigators *** media ** *** **** year It’s generated ** ******* ****** ******* programThis multifaceted ****** uses up ** **** ******** *************** in ******* ** *** containscountlessbehaviors ** elude ***** identified ** *** *********** antivirus blocking ******** ** ******* *** ******* ******* reactor *** *** ******** ** infecting *** Programmable ***** ********** (PLC) **** controls *** ******** and ********* *** code **** worn was ******* mainly ** sabotage *** ******* ******* ******* It ******** *** ******* programs ***** ******* *** behavior of the machine ******* *** ************ * * Stuxnet Live ***** ** ******* OSsStuxnet ******** ** *** ****** ***** ********* according to Symantec ******** ******** ********** **** O'Murchu ******** ** ******* configuration *********** ***** *** ******* ****** ** a ******************* ****** **** *** ********* *** **** to **** * ****** *** actually ********* *** *** ** ******** ***** ****** *** they **** the **** ** **** *** **** and **** they **** code ** *** ******** machines that **** ****** how the **** ***** ******** **** ****** *** **** ***** ******* ** ****** facilities **** ** Iran's ************* ******* ******* before ************* control ******* to spin ** ********** centrifuges *** **** **** **** **** ********* on * ** ******* uses ******** default passwords ** gain ****** to the ******* that *** *** WinCC *** *** * programs ***** regulatethe ************ ***** Controls(PLC) for the ******* ***** plant ** **** in ******* * * **** ***** ** *** Windows ********* ******* ******* *** 2010]The ************* **** ** ******* ***** is ********* to ********** how *** ********* *** ******** ********* *** **** other ****** ************* ******* **** ********* ** ***** ******* *** **** ** * ******* **** ********* a ****** buffer *** the *** **** ** ** loaded **** ** patches * ntdlldll **** **** ***** names: ZwMapViewOfSectionZwCreateSectionZwOpenFileZwCloseZwQueryAttributesFile *** ************** ******* ***** APIs ** **** ********* ************* *** ***** ****** ** **** ZwOpenFileand read *** **** ******** on the **** ***** *** ********* *** patches that ******************* **** the *** ******** **** ** * ****** location *** **** from the hard ******** it ***** for function #15 ** the Main ******* *** **** ** show ** ******** ** *** * ******* *** ************ * * *** 9 **** symanteccom ********** ******* ******* 14  3 ********* *** primary ****** **** critical infrastructures *** **** to ******* which *** *** **** possible just * ****** ** ******* ********** ** the ******* ******* *** critical infrastructure to ***** is that **** ********* **** continuously **** *** **** ******* **** enclosing *** ***** physical ********* **** ********* about ******** malware but with the ********** ******** ********** software ******* design *** ******* ************** **** ****** ****** management capabilities and ********* ******** ************ therefore *** ******* ** **** ******* **** ******* and the ****** ** ******** **** * ******* ***** ***** ********** or damaging the ***** ********* from behind * ******** ****** ******* ****** *** ***** *** changed from the ***** ** ************ to be for **** **** **** ****** ***** security ********** ************* ************************* ** establish *** *** ********** and ******** ******* Possibleentries *** ****** *** **** **** by *** ******** ** ******** programming code *** it ** ******** possible ** ***** ***** **** ****** **** ********* *********** ****** *** ********** code development[Thabet Amr ************ ******* reason *** *** ******** ******************* ** be protected ** ** ************* ********** ************ ******* ******* for ***** ***** ********* disabling ****************** ********** ** can no longer ** **** *** ******* ** *** ****** As of ***** Stuxnet ********** **** *** *** ** *** ****** ** **** ***** Heinze ********* ******* *** ********** ******** at ******* says ************* products are ************ **** secure now”“But ***** ********** automation ********* ** **** one part ** ********** security” ****** best ******** ******** **** ***** **** multiple ****** of ******* **** ******* * **** ********** ****** **** all sides *** ****** ** ****** *********************************** **** to keep *** ****** system *** *** network ****** *** ********* *** ********* * ***** ******** plan **** ******** all of *** ******** protective measures like ****** turnstiles ******* *** ********** **** readers ** **** ** ************** ******** **** * security ********** ******* ******* ******** ******* **** ********** networks are ******** **** unauthorized ****** *** potential gateway **** ******* ** *** ****** ****** points that ********* ************* use ** maintain ***** ********* remotely[Thabet *** ************ # 10 ****** ********* ****************** ******************* ********** ************ Thomas ***** ** *** ******** ******** ***** ***** “Anyone *** gains ****** ******* ***** ****** *** ** things like ****** ****** ** or off or *********** ******** **************** ********* are ********************** **** **** ******** **** ******* and prohibits ***** of entry ** ******* ******* # ** **** ****** ********* ******* ***** how ******* virus broadcasts throughout *** whole ****** Even ****** security resistancesoriginate from segmenting the ********** ******** could not ****** ******* virus A ****** *** **** ****** ********** for networks ** to ****** ** **** **** ****** network ***** ******** **** ********* monitoring *** ********** ******* **** **** ******* **** to the ******* ********* IT intranet ******** ***** ** also * ******* ****** for ******* For ******** ************** ** particular experts ********* ***** ******* private ******** ********** completely ********* **** transmission ******** ******* ****** or ** ****** ** **** ****** ** **** **** of *********** ******* *** ************** ******* **** O ****** **** ***** ************ # ************ Dossier ******* 14This File is * ******* link library **** ***** into the ******* Explorerexe **** it ****** *** ********* ** searching for * ******* ***** ********** ** searches *** that ******* ** *** task ******* to ****** ****** ******** **** *** ********* ** *** ****** *********** it also *********** ********* system *** ********* *** ******* ******* ** ****** ****** XP ***** and ** ** ** *** ***** the process in *** ********* ****** ***** ** needs ** ****** it moves ** ******* ****** **** a ********* ********* ******** ** different ********* ****** ************ ****** ** the configuration data ** ******* *** current **** ****** for ************* ***** ****** ** ****** *** running ** ************* ***** ** **** *** ** *** zero-day ********* ** ******** *** ********** *** run ** *** ************* ***** *** ********* ****** by ********* *** an ********* *********** ********* ** the ******* ********* on *** antivirus *********** **** or ****** or what?) Stuxnet chooses *** process to inject ****** into ** ********* no ********* program ** **** ***** to the *********** *** ******** ** inject specific ***** **** would **** **** *** virus programs such ** ** picture * 11shows ******* *** ******** ********** ** the Defense ** Depth ***** ** *** ********* ** ********** ******* and *** safety of ************ property **** ******** protecting ********** systems ******* ********** *** ************ ********** ***** systems ** ***** words *** ********** **** ***** ****** communicate with machines *** ******* ** ** ****** **** ********* ******** **** factor ** *** primarily solution for *** protection of infrastructure ** ******* facilities that *** ********* **** ************ *** ********** ** *** ******* ***** scanners *** **** **** ** protect against hackers in ********** ** ********* ******* ****** *** ****** *** addition ** ***** ** a ******* **** **** ******* *** processes and ******** that * ******** ** ******* to *** in *** ** *** ***** it’s ********* ** make **** **** costs and ******** are **** in ********** that maximum ******** ******** ******* *** ** making products ************* complex [Hines **** ************** ******* Liam * ****** *** **** Chien ****** ****** ******* ** *** ** *********** **** *** **** **** ** which ******* was indeed * ******** attack ** ** ******* nuclear ******** ***** ** *** ******** *** *********** ** *** *********** ******* **** ********* **** **** response The ******* ***** ********* just ******* ** away *** *** ********** ***** of ******** of it ****** ** *** **** **** ** *** **** ** the **** ************* characteristics ** any ****** that we’ve ****** seen ********* these **** **** ***** ***** *** it’s honestly **** ** ******** the last major ******* ****** ** hostile **** ** ****** **** *** ***** ** ** ******** **** *** ******* *********** ** allLet’s *** **** **** Stuxnet ** only the **** ** ********** **** ****** *** two sides ******** ** *** ******* ***** doing ** good a *** ** ******** in ******** such ******* ****** *** ****** ** outIn *********** thinks **** ******* ** something **** **** Iran’s *** ** ** worried with ************* **** are ********* mistaken Not **** **** US **** structures *** **** ** ***** kinds ** battles most ******* seem ** ***** **** ***** ****** ********* *** ***** *** ******** *************** *** ***** unprepared ** ward *** **** ************** **** 2010][Falliere ******* **** * ****** Eric ***** ******** no ****** what ********* *************** are ***** ******** *** ***** ** sealed ********** can only attempt ** **** *** ********* ** hackers as high ** ********** *** ************ ******* their defensive proceduresup-to-date ****** ********** ************ ****** ***** ** *** ******** ******** group **** ********* **** ********* **** *** just ********** *** *** entire ***** ******* ** ********* ** *** ********** ***** *** *** ****** from ******* ********* keep companies **** ********************** **** ************** ****** *** **** ** cyber-attacks ** **** *** ******* ***** ***** get just what they want to ** ************ ** ********** **** ** this **** ** going *** long *** ************ **** 2010][Falliere Nicolas **** O Murchu Eric ***** ********* ** *** problem *** **** **** ********* **** ***** been ***** as *** *** **** partstate-of-the-art ** ******* *** **** ** assess ***** ** security ********* ** general *** **** very *** have ***** ********** ** hands-onactions ** ***************** ***** *** **** ***** **** **** ********* ***************** was to ** ********* ********** oversightinspections *** dome ** ******* ***** *********** ******* ********** ** test the ******** efficiency of these ******* ****** ************** ** *********** *** **** ***** to ********** ************** ********** *** that **** determinations ** ****** **** *** ******** ****** along by standards such ** *** NERC CIP mandate ***** requires **** ********* ** **** *** ******** **** ** ***** security ******** and prove ***** ************* to ******* ******** ******* even **** ******** seems ******************** *** ********************* ** **** companies *** * ****** **** *** ** ******** ***** procedures **** ***** ******** compromised;nevertheless ****** infrastructures *** ******************* *** imminent ***************** **** **** *** *** ************ ** *********** security ********* within **** ** *** software *** ******** ********** ********* ** ******* power **** with lies at *** ***** ** the problem[Hines Matt ************** Nicolas **** O Murchu **** Chien **************************************************************************** ******** ******* **** * ****** *** Eric Chien ************* ******* Version 14” February **** ************************************************************************************************************ ****** ***** marketing ******* ******* ********** ******** ** * **** * siemenscom/future-of-manufacturing ****** ****** *** ************ for decision ****** ** ***************************************************************************************************************************************************************************** Hines Matt ******** ** ********** ****** **** Providers ******** *** ****** Assaults?” ******** ** **** ******** **** Network 4 Symantec ******** ******** Stuxnet *** ****** ****** ** *** ********************* *** ******************************************************* ******** ***** ********* ***** ** *** ******* ** ********** 071111 10:55 ***** *** ********* ******* ****** ******************************************************************************* Thabet *** ********** ******* ******** ******** Freelancer ******* Researcher ****** ** Pokasx86 ******** http://wwwcodeprojectcom/Articles/246545/Stuxnet-Malware-Analysis-Paper 8 ********** Dossier Version 14 ** *********************** Picture * * * * * 9 *** ** **** symanteccom W32Stuxnet ******* Version ********* * * 5 6 *** ** **** Global ********* ********************** * 7 ******* Live ***** ** ******* *******

Click here to download attached files: Analyzing Stuxnet case study 3 FINAL DRAFT.docx
or Buy custom answer
LEARN MORE EFFECTIVELY AND GET BETTER GRADES!
Ask a Question