Red Team Penetration Test

Analyze the Red Team's report to determine what they attacked or what attack vectors were
used. Next, analyze the environment to determine what types of forensic evidence should be collected after the
attack(s) and where that evidence can be collected from. You should consider both volatile sources such as
RAM (memory) and static sources such as disk drives, thumb drives (USB storage devices), etc. After you
have identified the types of evidence and the devices from which evidence should be collected, document that
in your short paper (the "plan").
At a minimum your plan must document evidence collection for three specific attack vectors or vulnerabilities
that were exploited by the Red Team as part of its penetration testing. For each vector or vulnerability,
document what type of evidence could be collected and where the evidence should be collected from.
For your critiques this week, you should review and critique the forensic data collection plans written by two of
your peers. You must also post at least two follow-ups or response postings (in any thread)