2022 T2 BN309 Assignment 1 MEL SYD Prepared by: ABM Russel XXXXXXXXXXModerated by: Dr Sanjeeb Shrestha July, 2022 Assessment Details and Submission Guidelines Unit Code BN309 – T2 2022 Unit Title...

1 answer below »
Could u help me


2022 T2 BN309 Assignment 1 MEL SYD Prepared by: ABM Russel Moderated by: Dr Sanjeeb Shrestha July, 2022 Assessment Details and Submission Guidelines Unit Code BN309 – T2 2022 Unit Title Computer Forensics Assessment Type Formative Assignment-1 (Individual Assessment) Assessment Title Validating and Testing Computer Forensics Tools and Evidence Purpose of the assessment (with ULO Mapping) This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them. a. Document evidence and report on computer forensics findings. b. Implement a number of methodologies for validating and testing computer forensics tools and evidence. Weight 5% Total Marks 60 Word limit 500 – 600 words Due Date Assignment 1 – Week 3, Sunday, 7 August 2022 11:59 pm Submission Guidelines • All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. • The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. • Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style. Extension • If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School's Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at: http://www.mit.edu.au/about-mit/institute-publications/policies- procedures-and-guidelines/specialconsiderationdeferment Academic Misconduct • Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute-publications/policies- procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy- Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description. BN309 Computer Forensics Page 5 of 5 Prepared by: ABM Russel Moderated by: Dr Sanjeeb Shrestha July, 2022 Assignment Questions: Objective: The objective of the assignment is to compare Computer Forensics Tools and Techniques that can acquire data from a drive. In addition, students are required to document all steps in a report, the report should be formal so that it can be used in a legal process. Marks will be awarded based on the sophistication and the difficulties of the techniques explored. Case Study: You have been assigned a child abduction case. A 16GB USB is found from the suspect’s apartment, and it is expected to have very important information related to the case. The USB contains several Doc files, a couple of image files, and some text files. Assignment Specification: Prepare a report on the following sections related to the case study scenario. Install and compare two Computer Forensics Tools required to complete this report. You will report on their uses. You need to address the following requirements: Data Preparation: You need to use your own USB to create/delete files as mentioned in the scenario below and perform the digital forensics investigation: 1. You need to create six files of type pdf, excel and word documents, where you need to name these files as follow: YourMITID_BN309_Assig1.*, where * depends of the file type. In addition, you need to change the attribute of these files to describe the Metadata which holds data such as your name as an author, organization name “MIT”, computer name “based on your terminal name”, date/time created, and comments such as “created for Assignment1 of BN309”. 2. Modify the extension of one of the doc file to .jpeg 3. Then you need to delete 3 files including the file you have modified its extension, one of each type. Provide the list of references using IEEE referencing style at the end of the report. Data Acquisition Prepare a forensic image (bit stream copy) with the record of data deletion. Explain the method and tool you have used in acquiring data. Please submit this image with your assignment. You need to cover the challenges to make a successful acquisition, and what are the relevant formats to use and why. Describe the steps required for search and seizure. (500 - 600 words) BN309 Computer Forensics Page 5 of 5 Prepared by: ABM Russel Moderated by: Dr Sanjeeb Shrestha July, 2022 Marking Guide This assessment requires you write a report. Select and compare two Computer Forensics Tools used in forensic case investigations (the report should discuss similarities and differences with screenshots from the installed tools features and references). You will also perform 2 demonstration tasks along with data preparation and evidence your work. Your final report should include: i. Suitability of Computer Forensics tools for the given case ii. Data Preparation iii. Section 1: Data Acquisition iv. Section 2: Data Recovery For this assignment, download and install Computer Forensics tools assigned to you using Table 1 shown below. Table 1 Computer Forensics tool assignment to students Students with ID ending with Security Tool Serial # 0 to 3 ProDiscover Basic and any other tool of your choice 4 to 6 OS Forensics and any other tool of your choice 7 to 9 Autopsy and any other tool of your choice Note: If you would like to choose other Computer Forensics tools that are not listed in this table, talk to your tutor and get permission to use it. Marking criteria: Marks are allocated as follows: Section to be included in the report Description of the section Marks Computer Forensic Tools installation and comparison Discuss similarities and differences between two tools 10 Computer Forensic Tools analysis Analyse the suitability of specific tool for the given case 10 Data preparation Follow instruction of Data preparation. Note that failed to create the files according to request would reduce your marks. 10 Data Acquisition Acquiring data using a standard tool Explanation of acquisitions and screenshots 5x4 = 20 BN309 Computer Forensics Page 5 of 5 Prepared by: ABM Russel Moderated by: Dr Sanjeeb Shrestha July, 2022 Challenges for successful data acquisition Search and seizure Writing quality, Coherence, Report Structure 5 Follow IEEE reference style (should have both in- text citation and reference list) 5 Total 60 Marking Rubric for Assignment #1: Total Marks 60 Grade Mark HD >=80% D 70%-79% CR 60%-69% P 50%-59% Fail<50% excellent very good good satisfactory unsatisfactory computer forensic tools installation and comparison very professional descriptions and easy to follow professional descriptions and easy to follow clear description and easy to follow clear descriptions description is hard to follow and incorrect computer forensic tools analysis very professional descriptions and easy to follow professional descriptions and easy to follow clear description and easy to follow clear descriptions description is hard to follow and incorrect data preparation data preparation is correct according to requirements requirements for the data preparation is specified, files were created but not delete any file, and all issues identified and listed requirements for the data preparation is specified, files were created but not delete any file, and some issues identified and listed not a complete data preparation with a few requirements, very few files were created but not deleted, and issues did not address sub sections of data preparation data acquisition explained the act and the important key points in relation to data acquisition provided an adequate idea about the act with the key points provided an idea about the act with the key points did not provide a clear picture of the act with the key points included missing explanation and key points writing quality generally good needs minor improvement needs improvement needs significant improvement unsatisfactory references generally good with adequate references needs minor improvement needs improvement needs significant improvement no reference excellent="" very="" good="" good="" satisfactory="" unsatisfactory="" computer="" forensic="" tools="" installation="" and="" comparison="" very="" professional="" descriptions="" and="" easy="" to="" follow="" professional="" descriptions="" and="" easy="" to="" follow="" clear="" description="" and="" easy="" to="" follow="" clear="" descriptions="" description="" is="" hard="" to="" follow="" and="" incorrect="" computer="" forensic="" tools="" analysis="" very="" professional="" descriptions="" and="" easy="" to="" follow="" professional="" descriptions="" and="" easy="" to="" follow="" clear="" description="" and="" easy="" to="" follow="" clear="" descriptions="" description="" is="" hard="" to="" follow="" and="" incorrect="" data="" preparation="" data="" preparation="" is="" correct="" according="" to="" requirements="" requirements="" for="" the="" data="" preparation="" is="" specified,="" files="" were="" created="" but="" not="" delete="" any="" file,="" and="" all="" issues="" identified="" and="" listed="" requirements="" for="" the="" data="" preparation="" is="" specified,="" files="" were="" created="" but="" not="" delete="" any="" file,="" and="" some="" issues="" identified="" and="" listed="" not="" a="" complete="" data="" preparation="" with="" a="" few="" requirements,="" very="" few="" files="" were="" created="" but="" not="" deleted,="" and="" issues="" did="" not="" address="" sub="" sections="" of="" data="" preparation="" data="" acquisition="" explained="" the="" act="" and="" the="" important="" key="" points="" in="" relation="" to="" data="" acquisition="" provided="" an="" adequate="" idea="" about="" the="" act="" with="" the="" key="" points="" provided="" an="" idea="" about="" the="" act="" with="" the="" key="" points="" did="" not="" provide="" a="" clear="" picture="" of="" the="" act="" with="" the="" key="" points="" included="" missing="" explanation="" and="" key="" points="" writing="" quality="" generally="" good="" needs="" minor="" improvement="" needs="" improvement="" needs="" significant="" improvement="" unsatisfactory="" references="" generally="" good="" with="" adequate="" references="" needs="" minor="" improvement="" needs="" improvement="" needs="" significant="" improvement="" no="">
Answered 5 days AfterAug 02, 2022

Answer To: 2022 T2 BN309 Assignment 1 MEL SYD Prepared by: ABM Russel XXXXXXXXXXModerated by: Dr Sanjeeb...

Aditi answered on Aug 02 2022
73 Votes
Contents
Part A    1
INTRODUCTION    1
SIMILARITY OF BOTH TOOLS    2
DIFFERENCES OF THE BOTH TOOLS    2
IMAGE COMPARISON    3
CONCLUSION    4
Part A
IN
TRODUCTION
The following is included in Prodiscover Forensic: -
ProDiscover forensics are used by the investigator in order to uphold the law, and the ProDiscover forensics package may be utilized by corporate internal security investigators in order to handle a broad variety of different cybercrime situations. The software known as ProDiscover is applied rather commonly in the fields of computer forensics and incident response. The diagnostic and evidence collection capabilities are included in the solution package, making it suitable for use in corporate policy adherence investigations as well as electronic discovery.
The operating system's Forensics: -
OS forensics is another kind of forensic instrument that sees widespread usage and is used by investigators and other forensic specialists in order to recover data. OS Forensics assists users in locating potentially malicious files and activities by using techniques such as hash matching, disc signature comparison, email, memory, and binary data. The comprehensive file scan and indexing capabilities of this tool make it possible for users to recover evidence in the case from computers and properly manage the resulting data. Due to the fact that they are free to use, they are able to assist in...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here