Validating and Testing Computer Forensics Tools and Evidence – Part 2

Prepared by: Mr. Ahsan Aziz Moderated by: Dr. Ammar Alazab July, 2018

Assessment Details and Submission Guidelines

Unit Code BN309 – T2 2018

Unit Title Computer Forensics

Assessment Type Individual Assignment

Assessment Title Validating and Testing Computer Forensics Tools and Evidence – Part 2

Purpose of the assessment (with ULO Mapping)

This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them.

a. Systematically collect evidence at private-sector incident scenes. b. Document evidence and report on computer forensics findings. c. Implement a number of methodologies for validating and testing

computer forensics tools and evidence. d. Understand the cross-examination of a legal process

Weight 15% of the total assessments

Total Marks 50

Word limit 1500 words max

Due Date Friday, 21st Sep, 2018, 11:55 PM. (Week 10)

Submission Guidelines

• All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.

• The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings.

• Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using IEEE referencing style.

Extension If an extension of time to submit work is required, a Special Consideration Application must be submitted directly through AMS. You must submit this application within three working days of the assessment due date. Further information is available at: http://www.mit.edu.au/about-mit/institute-publications/policies- procedures-and-guidelines/specialconsiderationdeferment

Academic Misconduct

Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute-publications/policies- procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy- Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description.

BN309 IT Computer Forensics Page 2 of 4

Prepared by: Mr Ahsan Aziz Moderated by: Dr. Ammar Alazab July, 2018

Assignment Questions:

Objective: The objectives of this assignment is to gain theoretical and practical knowledge in different computer forensics and anti-forensics techniques such as image acquiring and data hiding. The students should apply appropriate computer forensics tools and techniques and write a report on their findings. Marks will be awarded based on the sophistication and the difficulties of the techniques explored.

Assignment Specification:

Prepare a report on the following sections related to the case study scenario. You can use your own

files for data hiding and analysis. Provide the list of references using IEEE referencing style at the end

of the report.

Section 1: Steganography

Use steganography to hide data in an image file. Explain each step with the help of screenshots from the tool you used. (200 words)

Section 2: Data Hiding in Slack

File slack is the space between the end of a file and the end of the disk cluster it is stored in. Hide a secret message into a file that contains slack space. Explain each step with the help of screenshots from the tool you used. (400 words) Section 3: Anti-forensics

Research on anti-forensics techniques and write a report on your findings on these techniques. Compare the pros and cons of these techniques in different contexts. Use one of the anti-forensic technique on your files and explain how useful it is. Please explain your methods with the help of screenshots. (400 words)

BN309 IT Computer Forensics Page 3 of 4

Prepared by: Mr Ahsan Aziz Moderated by: Dr. Ammar Alazab July, 2018

Marking Criteria:

Questions Description Marks

Section 1 Data hiding using steganography

Explanation of procedure and screenshots

6

6

Section 2 Data hiding in slack

Explanation of procedure and screenshots

6

6

Section 3 Anti-forensic techniques

Pros and Cons

Application of anti-forensic on files

6

5

5

Presentation Writing quality, Coherence, Report Structure

5

Reference style Follow IEEE reference style (should have both in-text

citation and reference list)

5

Total 50

BN309 IT Computer Forensics Page 4 of 4

Prepared by: Mr Ahsan Aziz Moderated by: Dr. Ammar Alazab July, 2018

Marking Rubric

Sections Excellent Good Fair Poor

Section 1

Contingency

Planning

Appropriate

requirements of the

plan specified

explained and

Issues identified and listed

Requirements

for the plan

specified and

issues identified

and listed

Not a complete

plan with a few

requirements

and issues

Did not address

sub sections of

the section

Section 2

Security

Tools

Addressed the three

tools explained briefly

as to how they work

and the cost analysis

explained

Addressed the

three tools

however with

minimum

explanation

with cost

analysis

Three tools

selected but not

explained and

not provided a

enough

explanation for

the justification

of cost analysis

Not a complete

list of security

tools and

missing

explanation of

cost analysis

Section 3

Information

Security Act

Explained the act and

the important key

points

Provided an

idea about the

act with the key

points

Did not provide

a clear picture

of the act with

the key points

included

Missing

explanation and

key points

Section 4

Security

Management

Policy

Addressed all the

seven sections of the

policy with necessary

explanation

Addressed all

the sections and

managed to

explain the

requirements of

the policy

Addressed all

sections with

minimum

information

Missing sections

from the policy

(Incomplete)