Prepared by: Dr Nirzhar Saha Moderated by: Dr Ammar Alazab November, 2021 Assessment Details and Submission Guidelines Trimester T3 2021 Unit Code BN309 Unit Title Computer Forensics Assessment Type...

Assignment should be done as per the file given fullfilling all the criteria and marking techniques


Prepared by: Dr Nirzhar Saha Moderated by: Dr Ammar Alazab November, 2021 Assessment Details and Submission Guidelines Trimester T3 2021 Unit Code BN309 Unit Title Computer Forensics Assessment Type Assignment 1 (Individual Assignment) Assessment Title Validating and Testing Computer Forensics Tools and Evidence Purpose of the assessment (with ULO Mapping) This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them. 1. Systematically collect evidence at private-sector incident scenes. 2. Document evidence and report on computer forensics findings. 3. Implement a number of methodologies for validating and testing computer forensics tools and evidence. Weight 25% Total Marks 100 Word limit See the instructions. Due Date Week 11 (28/01/2022) Submission Guidelines • All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. • The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. • Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using IEEE referencing style. Extension • If an extension of time to submit work is required, a Special Consideration Application must be submitted directly on AMS. You must submit this application three working days prior to the due date of the assignment. Further information is available at: http://www.mit.edu.au/about-mit/institute-publications/policies- procedures-and-guidelines/specialconsiderationdeferment Academic Misconduct • Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute-publications/policies- procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy- Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description. http://www.mit.edu.au/about http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure BN309 Cyber Security Principles Page 2 of 5 Prepared by: Dr Nirzhar Saha Moderated by: Dr Ammar Alazab December, 2021 Assignment Questions: Objective: The objectives of this assignment are to gain theoretical and practical knowledge and skills in different computer forensics and anti-forensics techniques such as image acquiring, analysis of email headers, temporary internet files, and low-level text search of entire contents of the computer hard drive. The students should apply appropriate computer forensics tools and techniques and write a report on their findings. Marks will be awarded based on the sophistication and in-depth exploration of the selected techniques. Case Study: A reputed multi-national company from country A was involved in a strategic alliance agreement with a government organization of country B. The multi-national company was interacting with the government organization through its local agent in country B and was a victim of multi-million dollar fraud [1]. Cyber attacker/attack group spoofed emails exchanged between MNC and local independent agent, altered the payment related data exchanged between the parties. Local company engaged with a digital forensic solutions lab (DFSL) to carry out forensics analysis and advise them. Assume that you are working with DFSL as a digital forensic engineer and you are going to lead the team to perform forensic related task such as information gathering, electronic evidence identification, collection & laptop hard disk imaging, email tracing, header analysis, log analysis, computer system forensic analysis, interviews, email contents detailed analysis. Finally, your team will provide a report to the independent local party with a detailed analysis with findings. Assignment Specification: Prepare a report and video demonstration on the following sections related to the case study. You can use your own files for data hiding and analysis. Provide the list of references using IEEE referencing style at the end of the report. Section 1: Forensic imaging and examinations Do an Internet search to list out five tools for the above case study. Choose one of the tools to examine the forensic image and explain with screenshots how the tool can be useful. (250 words) Section 2: Forensic analysis and validation Write a report describing the procedures to retrieve the evidence with your selected forensics tools. Explain how to identify and analyse email message headers, file data and time properties, internet usage, and call information files. Also explain how computers were forensically imaged, identified for de-fragmentation, and low level text search were carried out in this investigation. (500 words) Section 3: Anti-forensics Research on anti-forensics techniques and write a report on your findings on these techniques. Compare the advantages and disadvantages of these techniques in a tabular format. Use one of the anti-forensic techniques on your files and explain how useful it is. Please explain your methods with the help of screenshots. (750 words) BN309 Cyber Security Principles Page 3 of 5 Prepared by: Dr Nirzhar Saha Moderated by: Dr Ammar Alazab December, 2021 Demonstration: Demonstrate your work. You should appear in the video (you can use Zoom) at the first and last 30 secs to introduce yourself and draw a conclusion on your experience with the different computer forensics and anti-forensics techniques. Marks are allocated as described in the following table. Section Description of the section Marks Section 1 • List out effective tools for the above case study and explain briefly • Explain with screenshots how the tool can be useful 20 Section 2 • Digital forensic analysis and validation with procedure and screenshots • Identify and analyse email message headers, file data and time properties, internet usage, call information files, defragmentation, and low level text search of files. 30 Section 3 • Anti-forensic techniques • Pros and Cons • Application of anti-forensic on files 20 Presentation • Writing quality, Coherence, Report Structure 05 Demonstration • Video demonstration 20 References References • Must consider at least five current references from journal/conference papers and books. • Must follow IEEE referencing style 05 Total Marks 100 BN309 Cyber Security Principles Page 4 of 5 Prepared by: Dr Nirzhar Saha Moderated by: Dr Ammar Alazab December, 2021 Marking Rubric for Assignment 2: Total Marks 100 Grade Mark HD 80% + D 70%-79% CR 60%-69% P 50%-59% Excellent Very Good Good Satisfactory Section 1 Appropriate requirements of the plan specified explained and Issues identified and listed Requirements for the plan specified and issues identified and listed Not a complete plan with a few Explanation of procedure and screenshots Did not address sub sections of the section Section 2 Addressed the tools explained briefly as to how they work and the data hiding explained Addressed the tools however with minimum explanation with data hiding Three tools selected but not explained and not provided enough explanation for the justification of data hiding Not a complete list of security tools and missing explanation of data hiding Section 3 Explained the act and the important key points Provided an idea about the act with the key points Did not provide a clear picture of the act with the key points included Did not provide a clear picture of the act with the key points included Presentation The presentation was a concise summary of the topic with all questions answered. Comprehensive and complete coverage of the information. The presentation was a good summary of the topic. Most important information covered; little irrelevant info. The presentation was informative but several elements went unanswered. Much of the information irrelevant; coverage of some of the major points. The presentation was a brief look at the topic but many questions were left unanswered. Majority of information irrelevant and significant points left out Demonstration The demonstration was a concise summary of the topic with all questions answered. Comprehensive and complete coverage of the information. The demonstration was a good summary of the topic. Most important information covered; little irrelevant info. The demonstration was informative but several elements went unanswered. Much of the information irrelevant; coverage of some of the major points. The demonstration was a brief look at the topic but many questions were left unanswered. Majority of information irrelevant and significant points left out. BN309 Cyber Security Principles Page 5 of 5 Prepared by: Dr Nirzhar Saha Moderated by: Dr Ammar Alazab December, 2021 Reference [1] (2018). Business E-mail Compromise Forensic Investigation - Case Study. Accessed Dec. 21, 2021. [Online]. Available: https://www.cyberimmersions.com/wp/wp- content/uploads/2019/03/Email-forensics-case-studyv2.pdf