Uplink, Inc. is a local ISP that has contacted you to investigate a case of possible fraud in which someone logged on to the Uplink, Inc. system using multiple user IDs. Current customer accounts have been affected and the main website was defaced. Currently, Uplink, Inc. uses a four-disk RAID array, each disk is 1TB. Uplink has a single Windows domain for 40 users' workstations running Windows 7. This uses redundant Windows Server 2008 Domain Controllers that controls the Group Policy Objects (GPO) for the domain. They also have a two redundant SUSE Linux Enterprise systems acting as a web server (Apache) and database server (My SQL), and a couple of Macintoshes for working with multimedia for the website. There are two systems administrators that also run SUSE Linux on their desktop PCs.
In your report, answer the following: What information do you need in conducting this investigation? Where would you look for that information and how would you acquire it? What are the obstacles to finding out the information you need for this investigation? How will you deal with those obstacles?
Include in your report a response plan listing procedures to follow for this investigation. Provide a short summary of the case in your introduction.