# Network Report

## Network Forensic Analysis Report

### Time Thieves 
You must inspect your traffic capture to answer the following questions:

1. What is the domain name of the users' custom site?
   1. `frank-n-ted.com`
2. What is the IP address of the Domain Controller (DC) of the AD network?
   1. `10.6.12.12`
3. What is the name of the malware downloaded to the 10.6.12.203 machine?
   1. [DesktopExport](/Img/Desktop-Export.png)
4. Upload the file to [VirusTotal.com](https://www.virustotal.com/gui/). 
   1. [MalwareUpload](/Img/Malware-Upload.png)
5. What kind of malware is this classified as?
   1. Trojan

---

### Vulnerable Windows Machine

1. Find the following information about the infected Windows machine:
    - Host name
      - Rotterdam-PC
    - IP address
      - 172.16.4.205
    - MAC address
      - 00:59:07:b0:63:a4
    
2. What is the username of the Windows user whose computer is infected?
   1. [matthijs.devries](/Img/Windows-Username.png)
3. What are the IP addresses used in the actual infection traffic?
   1. 31.7.62.214
4. As a bonus, retrieve the desktop background of the Windows host.

---

### Illegal Downloads

1. Find the following information about the machine with IP address `10.0.0.201`:
    - MAC address
      - 00:16:17:18:66:c8
    - Windows username
      - elmer.blanco
    - OS version
      - Windows 10

2. Which torrent file did the user download?
   1. [Betty_Boop_Rythm_on_the_Reservation.avi.torrent](Img/Betty-Boop.png)