DIGITAL FORENSICS
Assessment item 2 - Tasks and Research Project
Value: 15%
Due Date: 22-Apr-2020
TASK
Note: A Study Planner tool has been provided with this subject to support the assessment process. This tool provides information about the submission flexibility of assessment tasks, and a way to organise adjustments to submission dates. A link to the Study Planner can be found on the Interact2 site.
Task 1: Reflection on Hands-on Projects (5 marks)
Complete the following hands-on projects from your textbook:
1. Hands-on Project 1-1
2. Hands-on Project 1-2
3. Hands-on Project 1-4
4. Hands-on Project 1-5
5. Hands-on Project 1-6
Deliverable: Write a 500-1000 words (up to two A4 pages) report on lessons learned from these projects. Comment on each project individually within the two-page limit. You can write one lesson learned from each of the projects.
Task 2: Case Project (5 marks) Complete the Hands-on Project 5-2 from your textbook (Nelson, Phillips, & Steuart, 6th edition, 2019, p. 260-261). In this project you will explore the MFT and learn how to locate time and date values in the metadata of a file you create during this project. Deliverable: Write a 500-1000 words paper after completing this project and report what metadata you have discovered from the file you analysed using WinHex editor. Provide screen shots of the steps completed in the project showing the results of date and time values you have recorded. Briefly describe the main steps that you think are necessary and important to locate date and time values while analysing the file.
Task 3: Research Project (5 marks)
You have been assigned a digital forensics case to investigate involving a potential monetary fraud in an organisation. The CTO of the organisation has given you access to the workstation and other necessary hardware, e.g. USB, of one of his employees who she thinks is potentially involved in this fraud. Your job as a digital forensics examiner is to conduct this investigation. You are required to create a (investigation) plan and describe the standard practice procedure that is used in such investigations. Your plan must include the procedures for collecting the digital data, securing the evidence that you may collect and then describing the method to validate the collected data, e.g. calculating hash values and specifying the hash algorithm that you intend to use, e.g. SHA-3, MD5 etc. You can make some reasonable assumptions if required when describing your plan / procedures.
Deliverable: Write a 500-1000 word report that outlines the investigation plan, procedures to secure the digital evidence, and data validation methods.
Note: Combine deliverable's of all three tasks mentioned above in a single document (only MS Word (preferable) or pdf, please note other formats e.g. *.zip, *.rar etc are NOT allowed) and then submit that one / single document through Turnitin.
RATIONALE
This assessment task will assess the following learning outcome/s:
· be able to determine and explain the legal and ethical considerations for investigating and prosecuting digital crimes.
· be able to formulate a digital forensics process.
· be able to evaluate the technology in digital forensics to detect, prevent and recover from digital crimes.
· be able to analyse data on storage media and various file systems.
· be able to collect electronic evidence without compromising the original data.
· be able to prepare and defend reports on the results of an investigation.
MARKING CRITERIA AND STANDARDS
|
Criteria |
Standards |
|
Task 1: Reflection on Hands-on Projects (5 marks) |
An outstanding reflection statement which includes strong analysis and documents completely the experience gained by completing each of the five projects and clearly stating five things learned or discovered supported by evidence e.g., images, screenshots. |
|
Task 2: Case Project 5-2 (5 marks) |
Project is completed, evidence of all steps is provided, paper provides excellent explanation of the importance of files examined and how might they affect the case. |
|
Task 3: Research Project (5 marks) |
Standard practice for potential fraud case(s) investigation, detailed investigation plan, securing digital evidence and data validation methods. Excellent explanation, justification with examples of MS Word and Excel hashes snapshots provided, explained and references are provided. |