Assessment item 2 - Tasks and Forensics Report Value: 30% Due Date: Week 10 Return Date: Week 12 Group Assessment: No Submission method options: online TASK Task 1: Recovering scrambled bits (10%) (10...

1 answer below »

Assessment item 2 - Tasks and Forensics Report


Value:30%Due Date: Week 10
Return Date: Week 12
Group Assessment:NoSubmission method options:online

TASK


Task 1: Recovering scrambled bits (10%) (10 marks)Thia task helps you to test your skills in encryption and decryption of some data that you may encounter in the field of digital forensics. For this task I will upload a text file with scrambled bits on the suject interact2 site closer to the assignment due date. You will need to use some DFT (digital forensics tool) to recover the scrambled bits. First, decide what DFT will be suitable for this task and then start your process. Please note you may need to do few iterations and some trial and test to get the goal. Your bit recovery process will be step by step which means you may not see the whole receovered bits just after one step, you may need to use several steps to recover all bits in the given file. You will be required to restore the scrambled bits to their original order and copy the plain text in your assignment.
Deliverable:
Describe the process used in restoring the scrambled bits and insert plain text in the assignment. You can include the screen shots of your working. Include at least in one of the screen shot your i2 site login and username to show it is your work.Task 2: Digital Forensics Report (20%) (20 marks)In this major task you are asked to prepare a digital forensic report for the following scenario after carefully reading the scenario and looking at textbook figures as referred below:In addition, you are also to comment on the ethical issues / implications that may arise during your investigation. See further explanation of this in the deliverables below.You are working in a Digital Forensic Investigation company, ABC Forensics (you can come up with your own company name if you are not fan of this name) and investigating a possible intellectual property theft by a new employee of Superior Bicycles, Inc. This employee, Tom Johnson, is the cousin of Jim Shu, an employee who had been terminated. Bob Aspen is an external contractor and investor who gets a strange e-mail from Terry Sadler about Jim Shu's new project (shown in Figure 8-5 of the textbook on p. 350). Bob forwards the e-mail to Chris Robinson (the president of Superior Bicycles) to inquire about any special projects that might need capital investments. Chris forwards the e-mail to the general counsel, Ralph Benson, asking him to look into it. He also forwards it to Bob Swartz, asking him to have IT look for any e-mails with attachments. After a little investigation, Bob Swartz forwards an e-mail IT found to Chris Robinson (shown in Figure 8-6 of the textbook on p. 350).Chris also found a USB drive on the desk Tom Johnson was assigned to. Your task is to search for and determine whether the drive contains any proprietary Superior Bicycles, Inc. data in the form of any digital photograph and/or in any other form such as emails, text, spreadsheets etc as an evidence. In particular, you may look for graphic files such as JPEG on the USB drivehidden with different format. But during the investigation you also look for other type of data as mentioned above. As a digital forensic specialist, you do not pre-assume that you will (or will not) find what you are looking for. However, you need to make sure that you conduct comprehensive investigation before reaching to any conclusions.Note for the USB drive image, you need to download the "C08InChp.exe" file from the download section of Chapter 8 on the student companion site of the textbook (Nelson, Phillips, & Steuart, 6/e, 2019).In order to conduct a thorough investigation, search all possible places where you think that data might be hidden (e.g. in e-mails and USB drive) and recover and present any digital evidence in the report. You may find that some of the files that you found cannot be opened properly or may be damaged or may be made corrupt intentionally, mention such files in your report. You may look at how to repair these files (hint: look at files headers). If you repair a file, mention your report that you have done so usinga specific DFT. You do not need to write the whole repairing process if it is too long. If your current free version of the DFT cannot save large size files, you may consider searching and using other similar DFT that can save the larger size files. Assume that your company does not have the budget to purchase another DFT for this purpose, so you have to go with the free version.
Deliverables:
First of all in order to visualise and understand this case properly, draw a mind map / chart / flow diagram to show the connection of each person involved and their roles in the company. You may like to mention along the mind map who is asking what request / provding information to whom. Your task is to make the mind map / chart / flow diagram as clearer and presentable to a new person to understand the case as possible. Include this mind map / chart / flow diagram in your report's executive summary.You should also be asking this question while doing investigation, are there any evidence other than images in this case (although you have been specifically asked to look for images)?For this forensic examination, you need to provide a report of approximately 10-12 pages (this is not a hard page limit, take it as a guideline) in the format described in presentation section below. Your report must include screen shots of your work and any images that you may have found during the investigation. Make sure that each screen shot has proper label, e.g. something like Figure 1: Screen shot of opening USB file. etc. You also provide a breif (one or two sentence) description of that screen shot or the image that you inserted in your report.This may increase the number of pages of your report, which is acceptable. But make sure, if this is the case, you only include the screen shots which you think are necessary for the report.In the findings section of your report, please comment on the ethical issues / implications that you may encounter during your investigation. Your comments should be clear, concise and to the point to articulate all the ethical issues and consequences related to the investigation.You may have used various sources for collecting information such as lecture notes, web sources and forums etc. Cite all the sources of information in references that you used to prepare the report.

RATIONALE

This assessment task will assess the following learning outcome/s:

  • be able to determine and explain the legal and ethical considerations for investigating

and prosecuting digital crimes.

  • be able to formulate a digital forensics process.

  • be able to evaluate the technology in digital forensics to detect, prevent and recover from digital crimes.

  • be able to analyse data on storage media and various file systems.

  • be able to collect electronic evidence without compromising the original data.

  • be able to evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab.

  • be able to critique and compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation.

  • be able to prepare and defend reports on the results of an investigation.


MARKING CRITERIA AND STANDARDS


Task 1: Recovering Scrambled bits (10 marks)























Criteria

HD (100% - 85%)

DI (84% - 75%)

CR (74% - 65%)

PS (64% - 50%)

FL (49% - 0)

Successfully recovering the scrambled bits to their original order (10 marks)
Scrambled bits are restored to the original text. DF Tool used to decode the text is mentioned and justification to use the tool is also provided. The process to restore the scrambled bits is clearly described with screenshots inserted of all steps. A brief description of each screen shot is provided.Scrambled bits are restored to the original text. Tool used to decode the text is mentioned but the justification is not very clear. The process to restore the scrambled bits is described with some screenshots. A brief description of each screen shot is provided.Scrambled bits are restored to the original text. Tool used to decode the text is mentioned but the justification is not very clear. The process to restore the scrambled bits is described but no screenshots provided. A brief description of each screen shot is provided.Scrambled bits are restored to the original text. No justification of tool used is provided, process seems to be somewhat vague. A brief description of each screen shot is provided.Scrambled bits are restored but not matching with the original text. Tool is not mentioned and process is not described.







Task 2: Forensics Report (20 marks)













































Criteria

HD (100% - 85%)

DI (84% - 75%)

CR (74% - 65%)

PS (64% - 50%)

FL (49% - 0)

Executive Summary: Brief overview and mind-map of the project
(3 marks)
An excellent summary covering all aspects of the report is included. A clear, correct, simple and understandable mind-map / chart / flow diagram is presented.A very well written summary covering all aspects of the report is included. A clear, correct, simple and understandable mind-map / chart / flow diagram is presented.A well written summary covering most aspects of the report is included. A clear and understandable mind-map / chart / flow diagram is presented.A good summary covering most aspects of the report is included. A clear mind-map / chart / flow diagram is presented.Summary is not clear and does not cover aspects of the report. Mind-map / chart / flow diagram is not presented or is not correct.

Introduction:
Scope of engagement, tools to be used and potential findings
(3 marks)
Introduction is excellent, all elements required in introduction are present, well expressed, comprehensive and accurate.All elements are present and largely accurate and well expressed.All elements are present with few inaccuracies.Most elements are present possibly with some inaccuracies.Fails to satisfy minimum requirements of introduction.

Analysis: relevant programs, techniques, graphics (4 marks)
Description of analysis is clear and appropriate programs and techniques are selected. Very good graphic image analysis.Description of analysis is clear and mostly appropriate programs and techniques are selected. Good graphic image analysis.Description of analysis is clear and mostly appropriate programs and techniques are selected.Reasonable graphic image analysis.Description of analysis is not completely relevant. Little or no graphics image analysis provided.Fails to satisfy minimum requirements of analysis.

Findings:
specific files/images,
A greater detail of findings is provided.Findings are provided, keywordsFindings are provided, someFindings are provided but areFails to satisfy minimum






































type of searches, type of evidence, ethical issues / implications (5 marks)
Keywords and string searches are listed very clearly.Evidences found are very convincing. A clear, concise and articulated explanation of all the ethical issues / implicationsl is provided.and string searchers are listed. Evidence is sound. Ownership is clear. A clear, concise and articulated explanation of all the ethical issues / implicationsl is provided.keywords are listed. Evidence is reasonable which relates to the ownership. A clear and articulated explanation of most of the ethical issues / implicationsl is provided.somewhat vague. Keywords and strings are not very clear.Evidence found may be questionable. An articulated explanation of some of the ethical issues / implicationsl is provided.requirements providing findings.

Conclusion: Summary, Results (3 marks)
High level summary of results is provided which is consistent with the report and the executive summary.Well summarised results and mostly consistent with the findings and the information in executive summary.Good summary of results.Able to relate the results with findings.Satisfies the minimum requirements. Results are not really consistent with the findings.Fails to satisfy minimum requirements of summarising the results.

References:
Must cite references to all material used as sources for the content
(2 marks)
APA 6th edition referencing applied to a range of relevant resources. No referencing errors.Direct quotes used sparingly. Sources all documented.APA 6th edition referencing applied to a range of relevant resources. No more than 2 referencing errors.Direct quotes used sparingly. Sources all documented.APA 6th edition referencing applied to a range of relevant resources. No more than three errors. Direct quotes used in- context. All sources are documented.APA 6th edition referencing applied to a range of relevant resources.No more than 4 errors. Direct quotes used in-context.Some sources documented.Referencing not done to the APA 6th edition standard. Over-use of direct quotes. Range of sources used is not appropriate and/or not documented.

Glossary / Appendices: (Optional - not marked)
Glossary of technical terms used in the report is provided which has generallyGlossary of technical terms used in the report is provided which has mostlyGlossary of some technical terms used in the report is provided which hasGlossary of some technical terms used in the report is provided howeverMost terminologies are missing.Appendices are either not provided













acceptable source of definition of the terms and appropriate references are included. Relevant supporting material is provided in appendices to demonstrate the evidence.acceptable source of definition of the terms and appropriate references are included. Some supporting material is provided in appendices to demonstrate the evidence.mostly acceptable source of definition of the terms and appropriate references are included. Some supporting material is provided in appendices to demonstrate the evidence.terms are not generally common and some references are missing. Some supporting material is provided in appendices.or are irrelevant.


PRESENTATION

The following should be included as minimum requirements in the report structure:

Executive Summary (3 marks)

This section provides a brief overview of the case, your involvement as an examiner, authorisation, major findings and conclusion

•Table of Contents




  • Introduction (3 marks)

Background, scope of engagement, forensics tools used and summary of potential findings

•Analysis Conducted (3 marks)



  • Description of relevant programs on the examined items

  • Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions etc

  • Graphic image analysis


•Findings (5 marks)

This section should describe in greater detail the results of the examinations and may include:

  • Specific files related to the request

  • Other files, including any deleted files that support the findings

  • String searches, keyword searches, and text string searches

  • Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news group activity

  • Indicators of ownership, which could include program registration data.


•Conclusion (3 marks)

Summary of the report and results obtained. Do not introduce new results or new ideas in conclusions. Repeat the information from Executive Summary.

•References (2 marks)

You must cite references to all material you have used as sources for the content of your work

•Glossary (Optional)

A glossary should assist the reader in understanding any technical terms used in the report. Use a generally accepted source for the definition of the terms and include appropriate references.

•Appendices (Optional)

You can attach any supporting material such as printouts of particular items of evidence, digital copies of evidence, and chain of custody documentation.
Answered 47 days AfterAug 09, 2021

Answer To: Assessment item 2 - Tasks and Forensics Report Value: 30% Due Date: Week 10 Return Date: Week 12...

Swapnil answered on Aug 16 2021
138 Votes
Digital Forensics
Executive Summary:
The digital forensics is the collection and the analysis of the digital evidence to get he delayed or the processed with limited forensics capabilities. The most analytical aspect gives us the investigation for the law enforcement to the di
gital forensics. The digital forensics can be deals with the involving investigation and the analysis data for the investigation tools. The medium includes a Digital Forensic Investigation Action Plan. Storage and data are transmitted online. In addition, it explains how data can be retrieved from an unreadable or captured device and helps to identify the probability of a reported crime within a given time log of the data log in the timestamp of the data transmitted online. Some comparisons between the methods to be used for investigative purpose are discussed and presented in this paper.
Table of Contents:
1. Executive Summary ---------------------------------------------------------------------------------2
2. Introduction--------------------------------------------------------------------------------------------4
3. Abstract------------------------------------------------------------------------------------------------5
4. Analysis Conducted----------------------------------------------------------------------------------6
5. Findings------------------------------------------------------------------------------------------------7
I. Selecting the appropriate process of investigation--------------------------------------7
II. Steganography-------------------------------------------------------------------------------7
III. Steganography equipment------------------------------------------------------------------7
IV. Procedure Steps------------------------------------------------------------------------------7
V. Systematic Procedure for trial-------------------------------------------------------------8
6. Summary Conclusion--------------------------------------------------------------------------------9
7. References--------------------------------------------------------------------------------------------10
Introduction
This section sheds light on digital forensics and its scope. The capabilities of computers and digital devices have increased exponentially, providing faster and greater data management capabilities, transferring and storing at faster rates. Being done. Information in a different way. Manipulation of data increases the risk of theft. A person with a basic knowledge of computers and IT with malicious intent can also cause enormous harm to a company or a country where the victim or the victim has limited information to withdraw money or threaten the victim for selfish reason. Can. Evil reason.
Abstract:
The digital forensic has...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here