Unit Details | Name | Computer Forensics and Analysis |
| Code | HI6043 | |
| Year, Trimester | 2024, Trimester 2 |
Assessment Details | Name | Lab Exercises Part A Week 2 – Week 6 |
| Due Date and Week | Week 6 |
Individual Student Details | Student Number | |
| First Name | ||
| Family Name |
Submission Declaration | Integrity Declaration | I have read and understand academic integrity policies and practices and my assessment does not violate these. |
| Full Name | ||
| Submission Date |
Academic Integrity Information | Holmes Institute is committed to ensuring and upholding academic integrity. All assessment must comply with academic integrity guidelines. Important academic integrity breaches include plagiarism, collusion, copying, impersonation, contract cheating, data fabrication and falsification. Please learn about academic integrity and consult your teachers with any questions. Violating academic integrity is serious and punishable by penalties that range from deduction of marks, failure of the assessment task or unit involved, suspension of course enrolment, or cancellation of course enrolment. |
Format Instructions |
|
| Penalties |
|
Assessmentitem1-Lab Exercises Part A
Value: 10%
Due Date:
Return Date:
Group Assessment: No
Submission method options: Alternative submission method
TASK
This assessment has two components, hands-on practical projects and a research report.
AssessmentSubmissionNotes:PrepareanMSWorddocumentforthisassessmentand include both tasks in that document. Make sure that you write subject name and code, assessmentnumber,yourname,SIDandemailaddressatthefrontpage.Starteachtaskfrom anewpage.Fortask1,addressallthreehands-onprojectsseparately.Fortask2,addressall questions asked in the research project along with the information that you think is necessary.
Thereisnowordorpagelimitfortask1,however,yoursubmissionshouldbereasonableand logical.Donotmakeittoolongortooshort.Seespecificdeliverablesundereachhands-on project ortask.
Task # 1: Hands-on Practical Projects (5 Marks)
Completethefollowinghands-onprojectsfromthetextbook(GuidetoComputerForensics andInvestigations,6/e,Nelson,Phillips,&Steuart,2019)
Hands-onProject1-3,ForensicExaminationofDigitalMedia
Deliverables: Include screen shots of the hands-on project in your assessment and insert C1Prj03 in your assignment as well. Also, provide a short summary (up to 1 page) of your findingsfromthisproject.Thissummaryshouldincludeyourreflectiononfindingsaswell.For example,youmaywriteasareflectionthatafteryourinvestigationsyoucouldnotfind(oryou mayhavefound)anyevidencethattheformeremployeewasinvolvedintakingthecompany proprietary photographs withhim.
Withthescreenshotsofyourworking,show/includeyouri2loginand/orusernameatleastin oneofthescreenshotsasaproofofyourownwork.
Deliverables:Inthisprojectyouareexamining'Terry'sworkUSB'tofindifTerryhasbeen involved in anything illicit or against company policy. While your main focus will be investigatingforanyimagesintheUSB,youalsoshouldlookifthereisanyothersuspicious material/activityrecordontheUSB.Writeareportwiththeinvestigationscreenshotsand explainingtheimportanceofthefilesyouexaminedandhowmighttheyaffectthepatent case. While providing screen shots of your working, include a short description about the informationthatisgiveninthescreenshot.Forexample,ifyoudidakeywordsearchtofind
anyimagesintheUSBandyougotresults,describewhatwasyoursearchterm?Whatdidyou findasasearchresult?Withthescreenshotsofyourworking,show/includeyouri2loginand/ orusernameatleastinoneofthescreenshotsasaproofofyourownwork.
Deliverable:WriteanMSWordreportaftercompletingthisprojectdescribingwhatmetadata youhavediscoveredfromthefileyouanalysedusingWinHexeditor.Notethatifyoulike,you can use any other Hex editor as well such as HxD or Neo. Provide screen shots of the steps completedintheprojectshowingtheresultsofdateandtimevaluesyouhaverecorded.
Provide a brief description of each screen shot about the information it contains. Briefly describethemainstepsthatyouthinkarenecessaryandimportanttolocatedateandtime values while analysing thefile.
Task # 2: Research Project and Report (5 Marks)
Youhavebeenassignedadigitalforensicscasetoinvestigateinvolvingapotentialmonetary fraudinanorganisation.TheCTOoftheorganisationhasgivenyouaccesstotheworkstation andothernecessaryhardware,e.g.USB,ofoneofhisemployeeswhoshethinksispotentially involvedinthisfraud.Yourjobasadigitalforensics’examineristoconductthisinvestigation. Youarerequiredtocreatea(investigation)plananddescribethestandardpracticeprocedure that is used in such investigations. Your plan must include the procedures for collecting the digital data, securing the evidence that you may collect and then describing the method to validatethecollecteddata,e.g.calculatinghashvaluesandspecifyingthehashalgorithmthat youintendtouse,e.g.SHA-3,MD5etc.Youcanmakesomereasonableassumptionsifrequired whendescribingyourplan/procedures.
Deliverable: Write a 1000-1500 word report (approximately 2-3 pages) that outlines the investigationplan,procedurestosecurethedigitalevidence,anddatavalidationmethods. Your plan should include steps that you may take to conduct this investigation. There is no needtoprovidedetailedexplanationofeachofthetasksthatyouthinkarenecessaryforthis investigation and are listed in your plan. For example, one of the steps in your plan can be 'Making forensic copy of the digital evidence'. The description of this step could be: 'After acquiringthedigitalevidenceandsecuringitproperly,aforensiccopyofthedigitalevidence willbemadeusingaproperstandardizedforensictoolsuchasAutopsyorOSForensics'.
However,theplanitselfshouldbedetailedandascomprehensiveasyoucanthinkofcovering allpossiblesteps,startingfromcollectingtheevidence,securingit,investigating/analysingit andthenpreparingthereportofyourinvestigation.Ifyouuseanyreferences,makesureyou citethosereferencesattheendofyourplandocument.
RATIONALE
Thisassessmenttaskwillassessthefollowinglearningoutcome/s:
involved in a digital forensics investigation.
MARKING CRITERIA AND STANDARDS
Assessment1willbemarkedasperthefollowingmarkingcriteria.Totalmarksforthisassignmentare20andtheassignmentalsocarries20% weightage towards the finalgrade.
Task # 1: Hands-on Projects (10 Marks) 1: Hands-on Project 1-3 (2marks)
| Criteria | HD (100% - 85%) | DI (84% - 75%) | CR (74% - 65%) | PS (64% - 50%) | FL (49% - 0) |
| Deliverables of hands- on project 1-3 |
Screen shots with clear and concise | Screen shots with clear description is provided after completing the project. C1Prj03 is inserted in the assignment. One of the screen shot shows i2 login / username. An excellent summary including key findings and reflectiononfindings isprovided. | Some screen shots with clear description is provided after completing the project. C1Prj03 is inserted in the assignment. One of the screen shot shows i2 login / username. A good summary including findings and reflectiononfindings isprovided. | Some screen shots without description is provided after completing the project. C1Prj03 is missing in the assignment. A summary including findings and reflectiononfindings isprovided. | Project is not completed. No screen shots are provided. C1Prj03 is missing and no summary is provided. |
| description is | |||||
| provided after | |||||
| completing the | |||||
| project. C1Prj03 is | |||||
| inserted in the | |||||
| assignment. One of | |||||
| the screen shot | |||||
| shows i2 login / | |||||
| username. An | |||||
| outstanding | |||||
| summary including | |||||
| key findings and | |||||
| reflection on | |||||
| findings is provided. |
2: Hands-on Project 4-3 (4marks)
| Criteria | HD (100% - 85%) | DI (84% - 75%) | CR (74% - 65%) | PS (64% - 50%) | FL (49% - 0) |
| Deliverables of hands- on project 4-3 | Project is completed, evidence of all steps taken is provided in the form of screen shots in the report. Clear and concise description of screen shots is provided. A thorough search of digital media is done and evidence shown in the report. A brief summary of the investigation, importance of files examined, how these files affect a patent case and whether person in investigation was involved or not. | Project is completed, evidence of all steps taken is provided in the form of screen shots in the report. Clear and concise description of screen shots is provided. A thorough search of digital media is done and evidence shown in the report. A brief summary of the investigation, importance of files examined, how these files affect a patent case and whether person in investigation was involved or not. | Project is partially completed,evidence of steps taken is providedintheform ofscreenshotsinthe report. Description of screen shots is provided but not clear and enough. A good search of digital media isdone and evidence shown in the report. A brief summary of the investigation, importance of files examined, how these files affect a patent case is provided. | Project is not fully completed, some evidence of the steps taken is provided in the form of screen shots in the report. Descriptionofscreen shots is provided, but notclear. Minimal search of digital media is done. The summary provides some information about the investigation, but misses most of the important aspects. | Project is not complete, but evidence of some steps in the project is provided, report is missing most details. |
3: Hands-on Project 5-2 (4 marks)
| Criteria | HD (100% - 85%) | DI (84% - 75%) | CR (74% - 65%) | PS (64% - 50%) | FL (49% - 0) |
| Hands-on Project 5-2 | Project is completed, | Project is completed, | Project is partially | Project is partially | Project is not |
| (4 marks) | evidence of all steps is provided, report includes screen shots with excellent explanation of the steps taken. Metadata of the file is reported correctly. | evidence of most steps is provided, report provides very good explanation of the screen shots. Metadata is correctly reported. | completed, evidence of most of the steps is provided, but no description of screen shots, and also metadata reported is correct. | completed, evidence of some of the steps is provided, but no description of screen shots, and also metadata reported is correct. | complete, but evidence of some steps in the project is provided, report is missing most details. |
Task 2: Research Project and Report (10 marks)
| Criteria | HD (100% - 85%) | DI (84% - 75%) | CR (74% - 65%) | PS (64% - 50%) | FL (49% - 0) |
| Research Project and Report (10 Marks) | Standard practice for potential fraud case(s) investigation, detailed investigation plan, securing digital evidence and data validation methods. Excellent explanation, justification with examples of MS Word and Excel hashes snapshots provided, explained and references are provided. | Standardpracticefor potential fraud case(s)investigation, reasonable detailed investigation plan and data validation methods. Reasonable explanation and justification with examplesofMSWord and Excel hashes snapshots provided, explained and references are provided. | Standard practice for potential fraud case(s) investigation, some steps of the investigation plan and data validation methods, some minor errors in explanation, justification with MS Word and Excel hashes snapshots provided, explained and references are provided. | Standardpracticefor potential fraud case(s) investigation and data validation methods provided but it lacks reasoning for the with MS Word and Excel hashes snapshots provided, explained and references are provided. | Little or no evidence of research conducted. |
Get original papers written according to your instructions and save time for what matters most.
