Assessment item 1 - Hands-On Practical Projects and Research Report
Value:20%
Due Date: Week 6Return Date: Week 8Group Assessment:No
Submission method options:online
TASK
This assessment has two components, hands-on practical projects and a research report.
Assessment Submission Notes:
Prepare an MS Word document for this assessment and include both tasks in that document. Make sure that you write subject name and code, assessment number, your name, SID and email address at the front page. Start each task from a new page. For task 1, address all three hands-on projects separately. For task 2, address all questions asked in the research project along with the information that you think is necessary.There is no word or page limit for task 1, however, your submission should be reasonable and logical. Do not make it too long or too short. See specific deliverables under each hands-on project or task.
Task # 1: Hands-on Practical Projects (10 Marks)
Complete the following hands-on projects from the textbook (Guide to Computer Forensics and Investigations, 6/e, Nelson, Phillips, & Steuart, 2019)
Hands-on Project 1-3, Forensic Examination of Digital Media (2 Marks)
Deliverables:
Include screen shots of the hands-on project in your assessment and insert C1Prj03 in your assignment as well. Also, provide a short summary (up to 1 page) of your findings from this project. This summary should include your reflection on findings as well. For example, you may write as a reflection that after your investigations you could not find (or you may have found) any evidence that the former employee was involved in taking the company proprietry photographs with him.With the screen shots of your working, show/include your i2 login and/or username at least in one of the screen shots as a proof of your own work.
Hands-on Project 4-3, Examining M57 Patent Case (4 Marks)
Deliverables:
In this project you are examining 'Terry's work USB' to find if Terry has been involved in anything illicit or against company policy. While your main focus will be investigating for any images in the USB, you also should look if there is any other suspecious material / activity record on the USB. Write a report with the investigation screen shots and explaining the importance of the files you examined and how might they affect the patent case. While providing screen shots of your working, include a short description about the information that is given in the screen shot. For example, if you did a key word search to findany images in the USB and you got results, describe what was your search term? What did you find as a search result? With the screen shots of your working, show/include your i2 login and/ or username at least in one of the screen shots as a proof of your own work.
Hands-on Project 5-2, Exploring MFT and Exploring Metadata of File (4 Marks)
Deliverable:
Write an MS Word report after completing this project describing what metadata you have discovered from the file you analysed using WinHex editor. Note that if you like, you can use any other Hex editor as well such as HxD or Neo. Provide screen shots of the steps completed in the project showing the results of date and time values you have recorded.Provide a brief description of each screen shot about the information it contains. Briefly describe the main steps that you think are necessary and important to locate date and time values while analysing the file.
Task # 2: Research Project and Report (10 Marks)
You have been assigned a digital forensics case to investigate involving a potential monetary fraud in an organisation. The CTO of the organisation has given you access to the workstation and other necessary hardware, e.g. USB, of one of his employees who she thinks is potentially involved in this fraud. Your job as a digital forensics examiner is to conduct this investigation. You are required to create a (investigation) plan and describe the standard practice procedure that is used in such investigations. Your plan must include the procedures for collecting the digital data, securing the evidence that you may collect and then describing the method to validate the collected data, e.g. calculating hash values and specifying the hash algorithm that you intend to use, e.g. SHA-3, MD5 etc. You can make some reasonable assumptions if required when describing your plan / procedures.
Deliverable:
Write a 1000-1500 word report (approximately 2-3 pages) that outlines the investigation plan, procedures to secure the digital evidence, and data validation methods. Your plan should include steps that you may take to conduct this investigation. There is no need to provide detailed explanation of each of the tasks that you think are necessary for this investigation and are listed in your plan. For example, one of the steps in your plan can be 'Making forensic copy of the digital evidence'. The descriptiono of this step could be: 'After acquiring the digital evidence and securing it properly, a forensic copy of the digital evidence will be made using a proper standardised forensic tool such as Autopsy or OSForensics'.However, the plan itself should be detailed and as comprehensive as you can think of covering all possible steps, starting from collecting the evidence, securing it, investigating / analysing it and then preparing the report of your investigation. If you use any references, make sure you cite those references at the end of your plan document.
RATIONALE
This assessment task will assess the following learning outcome/s:
- be able to formulate a digital forensics process.
- be able to evaluate the technology in digital forensics to detect, prevent and recover from digital crimes.
- be able to analyse data on storage media and various file systems.
- be able to collect electronic evidence without compromising the original data.
- be able to evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab.
- be able to critique and compose technical tactics in digital crimes and assess the steps
involved in a digital forensics investigation.
- be able to prepare and defend reports on the results of an investigation.
MARKING CRITERIA AND STANDARDS
Assessment 1 will be marked as per the following marking criteria. Total marks for this assignment are 20 and the assignment also carries 20% weightage towards the final grade.
Task # 1: Hands-on Projects (10 Marks) 1: Hands-on Project 1-3 (2 marks)
Criteria
|
HD (100% - 85%)
|
DI (84% - 75%)
|
CR (74% - 65%)
|
PS (64% - 50%)
|
FL (49% - 0)
|
Deliverables of hands- on project 1-3
|
Screen shots with clear and concise |
Screen shots with clear description is provided after completing the project. C1Prj03 is inserted in the assignment. One of the screen shot shows i2 login / username. An excellent summary including key findings and reflection on findings is provided. |
Some screen shots with clear description is provided after completing the project. C1Prj03 is inserted in the assignment. One of the screen shot shows i2 login / username. A good summary including findings and reflection on findings is provided. |
Some screen shots without description is provided after completing the project. C1Prj03 is missing in the assignment. A summary including findings and reflection on findings is provided. |
Project is not completed. No screen shots are provided. C1Prj03 is missing and no summary is provided. |
|
description is |
|
provided after |
|
completing the |
|
project. C1Prj03 is |
|
inserted in the |
|
assignment. One of |
|
the screen shot |
|
shows i2 login / |
|
username. An |
|
outstanding |
|
summary including |
|
key findings and |
|
reflection on |
|
findings is provided. |
2: Hands-on Project 4-3 (4 marks)
Criteria
|
HD (100% - 85%)
|
DI (84% - 75%)
|
CR (74% - 65%)
|
PS (64% - 50%)
|
FL (49% - 0)
|
Deliverables of hands- on project 4-3
|
Project is completed, evidence of all steps taken is provided in the form of screen shots in the report.Clear and concise description of screen shots is provided. A thorough search of digital media is done and evidence shown in the report. A brief summary of the investigation, importance of files examined, how these files affect a patent case and whether person in investigation was involved or not. |
Project is completed, evidence of all steps taken is provided in the form of screen shots in the report.Clear and concise description of screen shots is provided. A thorough search of digital media is done and evidence shown in the report. A brief summary of the investigation, importance of files examined, how these files affect a patent case and whether person in investigation was involved or not. |
Project is partially completed, evidence of steps taken is provided in the form of screen shots in the report. Description of screen shots is provided but not clear and enough. A good search of digital media is done and evidence shown in the report. A brief summary of the investigation, importance of files examined, how these files affect a patent case is provided. |
Project is not fully completed, some evidence of the steps taken is provided in the form of screen shots in the report.Description of screen shots is provided, but not clear.Minimal search of digital media is done. The summary provides some informaiton about the investigation, but misses most of the important aspects. |
Project is not complete, but evidence of some steps in the project is provided, report is missing most details. |
3: Hands-on Project 5-2 (4 marks)
Criteria
|
HD (100% - 85%)
|
DI (84% - 75%)
|
CR (74% - 65%)
|
PS (64% - 50%)
|
FL (49% - 0)
|
Hands-on Project 5-2
|
Project is completed, |
Project is completed, |
Project is partially |
Project is partially |
Project is not |
(4 marks)
|
evidence of all steps is provided, report includes screen shots with excellent explanation of the steps taken.Metadata of the file is reported correctly. |
evidence of most steps is provided, report provides very good explanation of the screen shots.Metadata is correctly reported. |
completed, evidence of most of the steps is provided, but no description of screen shots, and also metadata reported is correct. |
completed, evidence of some of the steps is provided, but no description of screen shots, and also metadata reported is correct. |
complete, but evidence of some steps in the project is provided, report is missing most details. |
Task 2: Research Project and Report (10 marks)
Criteria
|
HD (100% - 85%)
|
DI (84% - 75%)
|
CR (74% - 65%)
|
PS (64% - 50%)
|
FL (49% - 0)
|
Research Project and Report (10 Marks)
|
Standard practice for potential fraud case(s) investigation, detailed investigation plan, securing digital evidence and data validation methods. Excellent explanation, justification with examples of MS Word and Excel hashes snapshots provided, explained and references are provided. |
Standard practice for potential fraud case(s) investigation, reasonable detailed investigation plan and data validation methods.Reasonable explanation and justification with examples of MS Word and Excel hashes snapshots provided, explained and references are provided. |
Standard practice for potential fraud case(s) investigation, some steps of the investigation plan and data validation methods, some minor errors in explanation, justification with MS Word and Excel hashes snapshots provided, explained and references are provided. |
Standard practice for potential fraud case(s) investigation and data validation methods provided but it lacks reasoning for the with MS Word and Excel hashes snapshots provided, explained and references are provided. |
Little or no evidence of research conducted.
|