Get Cheapest Assignment in Australia, UK, US, UAE, Canada and NZ Order Now

ITC597 Digital Forensic CSU

0 Comments

Assessment item 1 – Case Study Project

Value: 10%Due Date: 23-Mar-2020Return Date: 15-Apr-2020Submission method options: EASTS (online)

TASK

A Case Study (10 Marks)

You have recently joined a digital forensics investigation organisation and your manager has assigned you a task. She asked you to research and study current data acquisition tools and prepare a report containing the following information for each tool and stating with reasons which tool you would prefer to use. 

  • Forensics vendor name and URL address
  • Acquisition tool name and latest version
  • Some key features of the vendor’s product
CSU Assignment help
CSU Assignment help

Once this data is collected, she advised you to prepare a spreadsheet, listing vendors in the rows and for the column headings list the following features.

  • Raw format
  • Proprietary format
  • AFF format
  • Other proprietary formats the tool can read
  • Compression of image files
  • Remote network acquisition capabilities
  • Method used for data validation (SHA-3, SHA-1, MD5, CRC-32 and so on)

Deliverable: You are required to provide two deliverables, MS Word report and a spreadsheet. There is no word limit for the report or spreadsheet, however, your submissions should be reasonable and as per the marks assigned to the report and spreadsheet part. There are four marks for the report and six marks for the spreadsheet.

RATIONALE

This assessment task will assess the following learning outcome/s:

  • be able to evaluate the technology in digital forensics to detect, prevent and recover from digital crimes.
  • be able to evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab.
  • be able to prepare and defend reports on the results of an investigation.
MARKING CRITERIA AND STANDARDS

Assessment 1 will be marked as per the following marking criteria. Total marks for this assignment are 10 and the assignment also carries 10% weightage towards the final grade.

CriteriaHD100% – 85% DI84% – 75% CR74% – 65% PS64% – 50% FL49% – 0 
Report (4 marks)An outstanding report with clear and relevant required information on forensic tools is provided. A clear statement of preferred tool with reason(s) is provided.Vendors names and their website address is provided. Acquisition tools names, their versions and key features are clearly listed.An excellent report with clear and relevant required information on forensic tools is provided. A clear statement of preferred tool with reason(s) is provided.Vendors names and their website address is provided. Acquisition tools, file formats supported by the tools, latest versions of the tools and some key features are listed.A very good report with some information about vendors and their products is provided. A statement of the preferred forensic tool is provided, but reason why that tool is selected is not clear. Information about acquisition tools is provided to satisfactory level, but some key features are not listed.A good report with some vendors and their product information provided. A statement of preferred tool but no clear reasoning for the tool preference. Some key features of the tools provided.Either there is no report or report is missing main components such as acquisition tools information, vendors information, reason what is the preferred tool and also no information about the supported format of the tools is provided.
Spreadsheet (6 marks)An accurate and outstanding spreadsheet with all the required information in detail as stated in the assignment is provided. The sheet provides a professional look with proper label, column headings and clear information in each cell.An accurate and outstanding spreadsheet with the required information as stated in the assignment is provided. The sheet provide a good look with proper label, column headings.An accurate spreadsheet with the required information as stated in the assignment is provided. However, the information is missing some of the features from the required list. The sheet appearance needs improvement, but is acceptable.An accurate spreadsheet with some (at least 60%) required information as stated in the assignment is provided. The information is missing some of the key features from the required list. The sheet appearance is acceptable, but needs improvement.Either the sheet is not provided, or the sheet is missing substantial information from the assignment.
Possible marks10.0 – 8.58.4 – 7.57.4 – 6.56.4 – 5.04.9 – 0

Assessment item 2 – Tasks and Research Project

Value: 15%Due Date: 27-Apr-2020Return Date: 19-May-2020

Submission method options: EASTS (online)

TASK

Note:A Study Planner tool has been provided with this subject to support the assessment process. This tool provides information about the submission flexibility of assessment tasks, and a way to organise adjustments to submission dates. A link to the Study Planner can be found on the Interact2 site.

Task 1: Reflection on Hands-on Projects (5 marks)

Complete the following hands-on projects from your textbook:

  1. Hands-on Project 1-1
  2. Hands-on Project 1-2
  3. Hands-on Project 1-4
  4. Hands-on Project 1-5
  5. Hands-on Project 1-6

Deliverable: Write a 500-1000 words (up to two A4 pages) report on lessons learned from these projects. Comment on each project individually within the two page limit. You can write one lesson learned from each of the projects.

Task 2: Case Project (5 marks)

Complete the Hands-on Project 5-2 from your textbook (Nelson, Phillips, & Steuart, 6th edition, 2019, p. 260-261). In this project you will explore the MFT and learn how to locate time and date values in the metadata of a file you create during this project.

Deliverable: Write a 500-1000 words paper after completing this project and report what metadata you have discovered from the file you analysed using WinHex editor. Provide screen shots of the steps completed in the project showing the results of date and time values you have recorded. Briefly describe the main steps that you think are necessary and important to locate date and time values while analysing the file.

Task 3: Research Project (5 marks)You have been assigned a digital forensics case to investigate  involving a potential monetary fraud in an organisation. The CTO of the organisation has given you access to the workstation and other necessary hardware, e.g. USB,  of one of his employees who she thinks is potentially involved in this fraud. Your job as a digital forensics examiner is to conduct this investigation. You are required to create a (investigation) plan and describe the standard practice procedure that is used in such investigations. Your plan must include the procedures for collecting the digital data, securing the evidence that you may collect and then describing the method to validate the collected data, e.g. calculating hash values and specifying the hash algorithm that you intend to use, e.g. SHA-3, MD5 etc. You can make some reasonable assumptions if required when describing your plan / procedures.
Deliverable: Write a 500-1000 word report that outlines the investigation plan, procedures to secure the digital evidence, and data validation methods.

Note: Combine deliverables of all three tasks mentioned above in a single document (only MS Word (preferable) or pdf, please note other formats e.g. *.zip, *.rar etc are NOT allowed) and then submit that one / single document through EASTS.

RATIONALE

This assessment task will assess the following learning outcome/s:

  • be able to determine and explain the legal and ethical considerations for investigating and prosecuting digital crimes.
  • be able to formulate a digital forensics process.
  • be able to evaluate the technology in digital forensics to detect, prevent and recover from digital crimes.
  • be able to analyse data on storage media and various file systems.
  • be able to collect electronic evidence without compromising the original data.
  • be able to prepare and defend reports on the results of an investigation.
MARKING CRITERIA AND STANDARDS

Task 1: Reflection on Hands-on Projects (5 marks)

CriteriaHD100% – 85% DI84% – 75% CR74% – 65% PS64% – 50% FL49% – 0 
Task 1: Reflection on Hands-on Projects (5 marks) An outstanding reflection statement which includes strong analysis and documents completely the experience gained by completing each of the five projects and clearly stating five things learned or discovered supported by evidence e.g., images, screenshots.An excellent reflection statement which includes  analysis and documents most of the experience gained by completing each of the five projects and mentions five things learned or discovered supported by evidence e.g., images, screenshots.A very good reflection statement which includes analysis and describes experience gained by completing each of the five projects and states five things learned or discovered. Some evidence of projects completion is provided.A good reflection statement which includes analysis and describes experience gained by completing five things learned or discovered. Some evidence of projects completion is provided.Reflection provided little or no learning experience.  No evidence of working on projects is provided.

 Task 2: Case Project (5 marks)

CriteriaHD100% – 85%DI84% – 75%CR74% – 65%PS64% – 50%FL49% – 0
Case Project 5-2
(5 marks)
Project is completed, evidence of all steps is provided, paper provides excellent explanation of the importance of files examined and how might they affect the case.Project is completed, evidence of most steps is provided, paper provides very good explanation of the importance of files examined and how might they affect the case.Project is mostly completed, evidence of most steps is provided, paper provides reasonable explanation of the importance of files examined and how might they affect the case.Project is mostly completed but with errors and lack of evidence, some steps are missing, explanation of the importance of files examined is missing some details.Evidence of some steps in the project is provided, report is missing most details.


Task 3: Research Project (5 marks)
 

CriteriaHD100% – 85% DI84% – 75% CR74% – 65% PS64% – 50% FL49% – 0 
Research Project (5 marks)Standard practice for potential fraud case(s) investigation, detailed investigation plan, securing digital evidence and data validation methods. Excellent explanation, justification with examples of MS Word and Excel hashes snapshots provided, explained and references are provided.Standard practice for potential fraud case(s) investigation, reasonable detailed investigation plan and data validation methods. Reasonable explanation and justification with examples of MS Word and Excel hashes snapshots provided, explained and references are provided.Standard practice for potential fraud case(s) investigation, some steps of the investigation plan and data validation methods, some minor errors in explanation, justification with MS Word and Excel hashes snapshots provided, explained and references are provided.Standard practice for potential fraud case(s) investigation and data validation methods provided but it lacks reasoning for the with MS Word and Excel hashes snapshots provided, explained and references are provided.Little or no evidence of research conducted.

Assessment item 3 – Tasks and Forensics Report

back to topValue: 25%Due Date: 25-May-2020Return Date: 17-Jun-2020Submission method options: EASTS (online)

TASK

back to top

Task 1: Recovering scrambled bits (5%) (5 marks)

For this task I will upload a text file with scrambled bits on the suject interact2 site closer to the assignment due date. You will be required to restore the scrambled bits to their original order and copy the plain text in your assignment.

Deliverable: Describe the process used in restoring the scrambled bits and insert plain text in the assignment.

Task 2: Digital Forensics Report (20%) (20 marks)

In this major task you are asked to prepare a digital forensic report for the following scenario after carefully reading the scenario and looking at textbook figures as referred below:

You are investigating a possible intellectual property theft by a new employee of Superior Bicycles, Inc.  This employee, Tom Johnson, is the cousin of Jim Shu, an employee who had been terminated. Bob Aspen is an external contractor and investor who gets a strange e-mail from Terry Sadler about Jim Shu’s new project (shown in Figure 8-5 of the textbook on p. 350). Bob forwards the e-mail to Chris Robinson (the president of Superior Bicycles) to inquire about any special projects that might need capital investments.  Chris forwards the e-mail to the general counsel, Ralph Benson, asking him to look into it. He also forwards it to Bob Swartz, asking him to have IT look for any e-mails with attachments. After a little investigation, Bob Swartz forwards an e-mail IT found to Chris Robinson (shown in Figure 8-6 of the textbook on p. 350).

Chris also found a USB drive on the desk Tom Johnson was assigned to.  Your task is to search for and determine whether the drive contains any proprietary Superior Bicycles, Inc. data in the form of any digital photograph as an evidence.  In particular, you may look for graphic files such as JPEG on the USB drive hidden with different format. Note for the USB drive image, you need to download the “C08InChp.exe” file from the download section of Chapter 8 on the student companion site of the textbook (Nelson, Phillips, & Steuart, 6/e, 2019). 

Your task is to search all possible places data might be hidden (e-mails and USB drive) and recover and present any digital evidence in the report.

Deliverable: For this forensic examination, you need to provide a report of 1800-2000 words (approximately 5 A4 pages) in the format described in presentation section below.

RATIONALE

This assessment task will assess the following learning outcome/s:

  • be able to determine and explain the legal and ethical considerations for investigating and prosecuting digital crimes.
  • be able to formulate a digital forensics process.
  • be able to evaluate the technology in digital forensics to detect, prevent and recover from digital crimes.
  • be able to analyse data on storage media and various file systems.
  • be able to collect electronic evidence without compromising the original data.
  • be able to critique and compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation.
  • be able to prepare and defend reports on the results of an investigation.
MARKING CRITERIA AND STANDARDS

Task 1: Recovering scrambled bits (5 marks)

CriteriaHD100% – 85%DI84% – 75%CR74% – 65%PS64% – 50%FL49% – 0
Successfully recovering the scrambled bits to their original order (5 marks)Scrambled bits are restored to the original text. Tool used to decode the text is mentioned and justification to use the tool is also provided. The process to restore the scrambled bits is clearly described with screenshots inserted of all steps.Scrambled bits are restored to the original text. Tool used to decode the text is mentioned but the justification is not very clear. The process to restore the scrambled bits is described with some screenshots.Scrambled bits are restored to the original text. Tool used to decode the text is mentioned but the justification is not very clear. The process to restore the scrambled bits is described but no screenshots provided.Scrambled bits are restored to the original text. No justification of tool used is provided, process seems to be somewhat vague. Scrambled bits are restored but not matching with the original text. Tool is not mentioned and process is not described.

Task 2: Forensics report (20 marks)

CriteriaHD100% – 85%DI84% – 75%CR74% – 65%PS64% – 50%FL49% – 0
Introduction:Scope of engagement, tools to be used and potential findings(5 marks)Introduction is excellent, all elements required in introduction are present, well expressed, comprehensive and accurate.All elements are present and largely accurate and well expressed.All elements are present with few inaccuracies.Most elements are present possibly with some inaccuracies.
Fails to satisfy minimum requirements of introduction.
Analysis: relevant programs, techniques, graphics(5 marks)Description of analysis is clear and appropriate programs and techniques are selected. Very good graphic image analysis.Description of analysis is clear and mostly appropriate programs and techniques are selected. Good graphic image analysis.Description of analysis is clear and mostly appropriate programs and techniques are selected. Reasonable graphic image analysis.Description of analysis is not completely relevant. Little or no graphics image analysis provided.Fails to satisfy minimum requirements of analysis.
Findings:specific files/images, type of searches, type of evidence, indicators of ownership(5 marks)A greater detail of findings is provided. Keywords and string searches are listed very clearly. Evidence found is very convincing. Indication of ownership is very clear.Findings are provided, keywords and string searchers are listed. Evidence is sound. Ownership is clear.Findings are provided, some keywords are listed. Evidence is reasonable which relates to the ownership.Findings are provided but are somewhat vague. Keywordsand strings are not very clear. Evidence found may be questionable.Fails to satisfy minimum requirements providing findings.
Conclusion:Summary, Results(3 marks)High level summary of results is provided which is consistent with the report.Well summarised results and mostly consistent with the findings. Good summary of results.Able to relate the results with findings. No new material is included.Satisfies the minimum requirements. Results are not really consistent with the findings.Fails to satisfy minimum requirements of summarising the results.
References: Must cite references to all material used as sources for the content(2 marks)APA 6th edition referencing applied to a range of relevant resources. No referencing errors. Direct quotes used sparingly. Sources all documented.APA 6th edition referencing applied to a range of relevant resources. No more than 2 referencing errors.Direct quotes used sparingly. Sources all documented.APA 6th edition referencing applied to a range of relevant resources. No more than three errors. Direct quotes used in-context. All sources are documented.APA 6th edition referencing appliedto a range of relevant resources.No more than 4 errors. Direct quotes used in-context. Some sources documented.Referencing not done to the APA 6th edition standard. Over-use of direct quotes. Range of sources used is not appropriate and/or not documented.
Glossary / Appendices:(Optional – not marked)Glossary of technical terms used in the report is provided which has generally acceptable source of definition of the terms and appropriate references are included. Relevant supporting material is provided in appendices to demonstrate the evidence.Glossary of technical terms used in the report is provided which has mostly acceptable source of definition of the terms and appropriate references are included. Some supporting material is provided in appendices to demonstrate the evidence.Glossary of some technical terms used in the report is provided which has mostly acceptable source of definition of the terms and appropriate references are included. Some supporting material is provided in appendices to demonstrate the evidence.Glossary of some technical termsused in the report is provided however terms are not generally common and some references are missing. Some supporting material is provided in appendices.Most terminologies are missing. Appendices are either not provided or are irrelevant.
PRESENTATION

The following should be included as minimum requirements in the report structure:

Executive Summary or Abstract
This section provides a brief overview of the case, your involvement as an examiner, authorisation, major findings and conclusion
• Table of Contents
• Introduction
Background, scope of engagement, forensics tools used and summary of potential findings
• Analysis Conducted
o Description of relevant programs on the examined items
o Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions etc
o Graphic image analysis
• Findings
This section should describe in greater detail the results of the examinations and may include:
o Specific files related to the request
o Other files, including any deleted files that support the findings
o String searches, keyword searches, and text string searches
o Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news group activity
o Indicators of ownership, which could include program registration data.
• Conclusion
Summary of the report and results obtained
• References
You must cite references to all material you have used as sources for the content of your work
• Glossary (Optional)
A glossary should assist the reader in understanding any technical terms used in the report. Use a generally accepted source for the definition of the terms and include appropriate references.
• Appendices (Optional)
You can attach any supporting material such as printouts of particular items of evidence, digital copies of evidence, and chain of custody documentation.

Follow the referencing guidelines for APA 6 as specified in Referencing Guides.

Submit the assignment in ONE MS Word (preferable) or pdf file on EASTS. Please do not submit *.zip or *.rar or multiple files.

Assessment item 4 – Final Exam

Value: 50%Due Date: To be advised. Your exam timetable will be released via the Student Portal. Check dates for the exam period and your responsibilities.

Duration: 2 Hours

Submission method options: Alternative submission method

REQUIREMENTS

UPDATE to exam based on COVID-19.

Your exam will be a time-limited online exam. The exam will be timetabled as per normal and you will be notified of the time via the exams office. The exam questions will be available from a interact 2 test within your interact 2 site. The test will become active at the time given in your exam timetable. You will then submit your answers in the online test.

The time allocated to complete the exam is 10 minutes reading time + 2 hours writing time + 15 minutes technology allowance. The technology allowance gives you extra time due to dealing with the different medium. You are allowed to give answers for the whole time, however it is your responsibility to submit on time. Late submissions attract heavy late penalties.

Multiple choice questions will be randomised. [Not applicable for all exams]

Text based questions can be typed directly into the test. 

If you need to include a diagram or something else that is difficult to type, then the question will allow a file upload. [Not applicable for all exams]

It is expected that an example version of a test will be available beforehand for you to practice the different question types.

For file upload question types (where they apply): For diagrams you can are encouraged to use online diagram tools like Lucid Chart (https://www.lucidchart.com) or Draw.io (https://app.diagrams.net/) to generate diagrams. Then you can export as an image and upload that file. If you handwrite, you are recommended to use the Genius Scan app on your mobile https://thegrizzlylabs.com/genius-scan to create a file to upload. We recommend that you practice prior to your exam so you are familiar with the process in the exam environment  to avoid unnecessary pressure. Your lecturer will give more information about this during revision.

Academic integrity is important (https://www.csu.edu.au/current-students/learning-resources/build-your-skills/academic-integrity). Thus various checks will be used to look for academic misconduct. Written answers will be processed by turnitin to look for similarities to web sources and other students’ submissions. Uploaded files will be compared for similarities. IP addresses will be recorded to detect collusion and impersonation. You may be interviewed to explain why you answered questions in certain ways. Penalties for academic misconduct are severe. Also, people who make money from academic misconduct do resort to blackmail to make more money from their victims.

The sample exam continues to be a guide to the style of questions used in your exam.

—————

There will be three parts in the final exam. Part A will consist of fifteen multiple choice questions with each question worth one mark. Part B will have seven short answer questions in total, out of which you will be required to attempt ONLY five questions. Each question will be of five marks. Part C will consist of a case study question, where a case study or a scenario will be provided and you will be asked one or two short questions. This part will be of total ten marks. You must pass the final exam in order to pass the subject.

It is your responsibility to ensure that you are aware of the requirements for completing the final exam and that you attend the exam site on the correct date and at the correct time. The School of Computing and Mathematics will not accept misreading the exam time as misadventure.

RATIONALE

This assessment task will assess the following learning outcome/s:

  • be able to determine and explain the legal and ethical considerations for investigating and prosecuting digital crimes.
  • be able to formulate a digital forensics process.
  • be able to evaluate the technology in digital forensics to detect, prevent and recover from digital crimes.
  • be able to analyse data on storage media and various file systems.
  • be able to collect electronic evidence without compromising the original data.
  • be able to evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab.
  • be able to critique and compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation.
  • be able to prepare and defend reports on the results of an investigation.

Sample exam can be found at https://doms.csu.edu.au/csu/items/6f46ee07-67a9-4209-bddf-ad18e2fc3582/1/ and you may need to enter your Interact2 username and password to access to CSU’s Digital Object Management System (DOMS).

MARKING CRITERIA AND STANDARDS

Marking criteria for the final exam (5 x 10 = 50 marks)

CriteriaHD100% – 85%DI84% – 75%CR74% – 65%PS64% – 50%FL49% – 0
Demonstrate an ability to analyse, reason and discuss the concepts learned in the subject. Using the concepts learned to solve case study questions (This includes content from online meetings, textbook chapters, modules, readings and forum discussions)Demonstrate an ability to analyse, reason and discuss the concepts to draw justified conclusions that are logically supported by examples and best practice. Answers succinctly integrate and link information into cohesive and coherent piece of analysis and consistently use correct forensics terminologies and sophisticated language.Demonstrate an ability to analyse, reason and discuss the concepts to draw justified conclusions that are logically supported by examples and best practice. The answers are logically structured to create cohesive and coherent piece of analysis that consistently use correct forensic terminologies.Demonstrate an ability to analyse, reason and discuss the concepts to draw justified conclusions that are generally logically supported by examples and best practice. The answers are generally logically structured to create a comprehensive, mainly descriptive piece of analysis. Some use of correct forensic terminologies.Demonstrate an ability to analyse, reason and discuss most concepts to draw justified conclusions that are generally logically supported by examples and best practice. The answers are partially structured into loosely-linked rudimentary sentences to create a comprehensive, descriptive piece of analysis. Some use of correct forensic terminologies.Demonstrate an ability to analyse, reason and discuss some concepts to draw conclusions that are generally logically supported by examples. The answers are partially structured and may tend to list information. Uses frequent informal language.
MATERIAL PROVIDED BY THE UNIVERSITY

back to top

Answer Booklet (1 X 12 page) for the final exam.

MATERIAL PROVIDED BY THE STUDENT

back to top

Writing implements, including a 2B pencil and an eraser.

Leave a Reply

Your email address will not be published. Required fields are marked *