BN309 Computer Forensics | My Assignment Tutor

Prepared by: Dr Nazmus Nafi Moderated by: Dr Ammar Alazab Nov, 2020 Assessment Details and Submission GuidelinesTrimesterT3 2020Unit CodeBN309Unit TitleComputer ForensicsAssessment TypeAssignment-1 (Individual Assessment)Assessment TitleValidating and Testing Computer Forensics Tools and EvidencePurpose of theThis assignment assesses the following Unit Learning Outcomes; studentsshould be able to demonstrate their achievements in them.1. Systematically collect evidence at private-sector incident scenes.2. Document evidence and report on computer forensics findings.3. Implement a number of methodologies for validating and testingcomputer forensics tools and evidence.WeightPart A: 5% and Part B: 10%Total Marks45Word limit500 words max for Part A, 1500 words max for Part BDue Date• Assignment 1-Part A: Wednesday 02/12/2020 (Week 3)• Assignment 1-Part B: Wednesday 06/01/2021 (Week 7)SubmissionGuidelines• All work must be submitted on Moodle by the due date along with acompleted Assignment Cover Page.• The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri(Body) font and 2 cm margins on all four sides of your page withappropriate section headings.• Reference sources must be cited in the text of the report, and listedappropriately at the end in a reference list using IEEE referencing style.Extension• If an extension of time to submit work is required, a Special ConsiderationApplication must be submitted directly to the School’s AdministrationOfficer, in Melbourne on Level 6 or in Sydney on Level 7. You must submitthis application three working days prior to the due date of theassignment. Further information is available at: Misconduct is a serious offence. Depending on the seriousness ofthe case, penalties can vary from a written warning or zero marks to exclusionfrom the course or rescinding the degree. Students should make themselvesfamiliar with the full policy and procedure available at: further information, please refer to the Academic Integrity Section in yourUnit Description. assessment (withULO Mapping) BN309 Computer Forensics Page 2 of 6Prepared by: Nazmus Nafi Moderated by: Dr Ammar Alazab Nov, 2020Assignment Questions:Objective: The objective of the assignment is to compare Computer Forensics Tools andacquire data from a drive, perform data recovery using different techniques and tools,analysing it and finally performing the validation of acquired data. In addition, students arerequired to document all steps in a report, and the report should be formal so that it can beused in a legal proceeding. Marks will be awarded based on the sophistication and in-depthpresentation of the techniques explored.Case Study: You have been assigned a case of embezzlement. A 16GB USB is found from thesuspect’s office, and it is expected the USB has digital clues that may be related to the case.The USB contains several Doc files, Excel files, a couple of image files, and some text files.Assignment Specification:Prepare a report on the following sections related to the case study scenario.The assignment consists of two parts.In Part A, you will install and compare two Computer Forensics Tools required to completethis report.In Part B, you will use the feedback from Part A to extend your report further to address thefollowing requirements:Data Preparation: You need to use your own USB to create/delete files as mentioned in thescenario below and perform the digital forensics investigation:1. You need to create six files of type pdf, excel and word documents, where you needto name these files as follow: yourname_BN309_Assig1.*, where * depends of the filetype. In addition, you need to change the attribute of these files to describe theMetadata which holds data such as your name as an author, organization name “MIT”,computer name “based on your terminal name”, date/time created, and commentssuch as “created for Assignment1 of BN309”.2. Modify the extension of one of the doc file to .jpeg3. Then you need to delete 3 files including the file you have modified its extension, oneof each type.Take the screenshot of each steps and include these in your final report. Provide thelist of references using IEEE referencing style at the end of the report.Section 1: Data AcquisitionPrepare a forensic image (bit stream copy) using any two standard tools from Table 1 withthe record of data deletion. In the report, you need to include the screenshots of each step.You will need this image to perform the consecutive tasks. You need to cover the challengesto, and make a successful acquisition what are the relevant format to use and why. Describesteps required for search and seizure. (400 words)BN309 Computer Forensics Page 3 of 6Prepared by: Nazmus Nafi Moderated by: Dr Ammar Alazab Nov, 2020Section 2: Data RecoveryThe suspect has deleted three image files from the USB, recover these files and explain themethod (with screenshots) and tool you used. (300 words)In addition, recover the data from recycle bin, explain the procedure with screenshots. Youneed to recover the metadata of these files (200 words)Section 3: Data AnalysisInspect all files in the USB, use a hex editor and analyse if there is any hidden data in thesefiles. Provide screenshots of your analysis. Describe the tools that can be used for analysingthe deleted files, and also describe the benefit(s) for conducting a window registry analysis(300 words)Section 4: Data ValidationExplain different methods of data validation and use one of them to validate data on USB.Explain how to verify the file extension if it has been altered using relevant tools.Demonstrate with snapshots the data validation as well as detecting the file extensionalteration. (400 words)Marking Criteria: Marking of assignment1 would done by tutors and then verified accordingto individual demonstration by students. The final mark might be reduced to half based onstudents’ presentation.Marking GuideThis assessment requires you write a report which includes Part A and Part B.You will perform the following tasks:1. In Part A: you will write a report on:i. Compare and analyse two Computer Forensics Tools (fromTable 1) used in forensic case investigations (the reportshould discuss similarities and differences with screenshotsfrom the installed tools features and references). ii.Discuss what should you consider when determining whichdata acquisition method to useProvide the suitability of computer forensics tools for thegiven case.iii. 2. In Part B: you will extend the report from Part A to include more detailsusing the feedback received. You will also perform 4 demonstration tasksalong with data preparation and evidence your work. Your final reportBN309 Computer Forensics Page 4 of 6Prepared by: Nazmus Nafi Moderated by: Dr Ammar Alazab Nov, 2020should include: i.ii.iii.iv.Data PreparationSection 1: Data AcquisitionSection 2: Data RecoverySection 3: Data Analysis v. Section 4: Data ValidationFor this assignment, download and install Computer Forensics tools assigned to you usingTable 1 shown below.Table 1 Computer Forensics tool assignment to students Students with ID ending withSecurity Tool Serial #0 to 2ProDiscover Basic and OS Forensics3 to 6OS Forensics and Autopsy7 to 9Autopsy and ProDiscover Basic Note: If you would like to choose other Computer Forensics tools that are not listed in thistable, talk to your tutor and get permission to use it. For Task 2, you can use anyappropriate tools with your tutor’s consent.Marking criteria:Marks are allocated as follows: Section to be includedin the reportDescription of the sectionMarksPart A: ComputerForensic Toolsinstallation andcomparisonDiscuss similarities and differences between twotools10Part A: ComputerForensic ToolsanalysisWhat should you consider when determiningwhich data acquisition method to use?Analyse the suitability of specific tool for thegiven case2.52.5Part B: DatapreparationFollow instruction of Data preparation. Note thatfailed to create the files according to request wouldreduce your marks for section 1, section 2 andsection 3.2Part B: Section 1Acquiring data using two standard toolExplanation of acquisitions and screenshotsChallenges for successful data acquisition5×2 = 10 BN309 Computer Forensics Page 5 of 6Prepared by: Nazmus Nafi Moderated by: Dr Ammar Alazab Nov, 2020 Search and seizurePart B: Section 2Data recovery from USB and explanationData recovery from recycle bin and explanation2×2 = 4Part B: Section 3Data analysis of all file in USB using Hex EditorTool for analyzing deleted files and window registry2×2 = 4Part B: Section 4Data validation and file extension alterationdetection with explanation5Writing quality, Coherence, Report Structure2Follow IEEE reference style (should have both intext citation and reference list)3Total45 Marking Rubric for Assignment #1: Total Marks 45 GradeMarkHD>=80%D70%-79%CR60%-69%P50%-59%Fail=80%D70%-79%CR60%-69%P50%-59%Fail


Leave a Reply

Your email address will not be published. Required fields are marked *