learning outcomes. These objectives will be measured by

Computer Forensics Assessment Specification Written Assignment — Case Study Due date: 23:45:00 AEST Week 11 Tuessday (26/09/2017) ASSESSMENT Weighting: 45% 3 Length: 3,000 words for Distance Education students; 3,500 for on-campus students Objectives This assessment item relates to the unit learning outcome 1 to 7. Please refer to the unit profile to see how this assessment item relates to the unit learning outcomes. These objectives will be measured by the ‘closeness of fit’ to meeting the requirements and the assessment criteria below. General Assessment Criteria Incomprehensible submissions. Assessments provide the opportunity for students to demonstrate their knowledge and skills to achieve the required standard. To do this, assessment responses need to be both clear and easy to understand. If not, the University cannot determine that students have demonstrated their knowledge and skills. Assessments will, therefore, be marked accordingly including the potential for 0 (zero) marks where relevant. Late penalty. Late submissions will attract penalties at 5% for each day or part thereof that it is late of the total available mark for the individual assessment item. This means that, for an assessment worth 45 marks, the mark that you earn is reduced by 2.25 marks each day that the assessment is late (including part-days and weekends). Check with marking criteria. Before submitting your assignment you should check it against the detailed assessment criteria included in this specification to ensure that you have satisfactorily addressed all the criteria that will be used to mark your assignment. Language. All submissions should be thoroughly proof-read for spelling, typographical or grammatical errors before being submitted. Do not reply on the ‘spell-check’ function in your word processing program. If, for example, ‘affect’ is substituted for ‘effect’, your program may not detect the error. Academic Integrity All assignments will be checked for plagiarism (material copied from other students and/or material copied from other sources) using TurnItIn (TII). If you are found to have plagiarised material or if you have used someone else’s words without appropriate referencing, you will be penalised for plagiarism which could result in zero marks for the whole assignment. In some circumstances a more severe penalty may be imposed. Useful information about academic integrity (avoiding plagiarism) can be found at: !1 Submission requirements Who to submit? For on-campus students, one and only one of the group members needs to submit for the entire group. Distance Education (thereinafter ‘DE’) students need to submit individually. What to submit? A report in MS Word format (.doc or .docx) needs to be submitted. No other document formats are accepted, in particular, no PDF files, Apple Pages, Apple Keynotes, Online Google Doc Links are accepted. No Zipped files. Students must not zip multiple files and submit it as one single zip/compressed file. Means of submission. All assignments must be submitted electronically to Moodle. The submission links can be accessed through the Assessment block on the Moodle unit website. Physical copies/ Email submissions are not accepted. Auto-submission. Moodle implements an auto-submission process for those items uploaded and left as drafts before the original deadline. However, any assessments uploaded after the original deadline must be manually submitted by the students. Please note that auto-submission process does not work for assessments which have extensions. Auto-submission only works where the original deadline of an assessment has not changed. If you are submitting after the deadline (original or extended), you must complete the Moodle submission process. Further details on completing the submission process are available via the ‘Moodle Help for Students’ link in the Support block of your Moodle pages. Complete and correct submission. Assignments, once submitted, are final and therefore cannot be modified. Students bear all the onus to ensure that their submissions are correct (correct files in correct format) and complete before submitting to Moodle. The Case This assignment is based on the following fictitious case. Please read this case carefully. UniCareer Pty. Ltd. (the ‘Company’) is a leading professional education provider in the U.S. delivering a range of industry-leading professional qualifications including CFA, FRM, CCNA, CCNP, OCAJ, OCPJ etc. With over 25,000 students, 10 campuses in five different States, over 500 staffs members, UniCareer embraced a huge success since founded 5 years ago. The Company promotes flexible study and allows both its students and staff members to bring their own devices (laptops, tablets and smart phones) to Company and connect them to the Company network. Each and every student enrolled in the Company’s training program is given a student card during the Orientation Week. These student cards are contactless and use RFID technology. Students need to tap their card onto a card reader to be able to access their respective campus. Staff members are given a similar staff identification card that provide them access to their workplace. Each student is assigned a unique student ID starting with two random lower English letters and followed by 8 numerical digits, e.g. ‘at12345678’. Student IDs are randomly generated, and therefore !2 are not necessarily alphabetically/numerically consecutive for the same cohort. Each student is also assigned an email address, which is their student ID followed by ‘@unicareer.com’, e.g. ‘[email protected]’. Staff members are also assigned a unique staff ID with the first letter of their first name followed by a ‘.’ (dot) and their full last name, e.g. ‘r.pickering’. Each staff member is also assigned an email address, which is their staff ID followed by ‘@unicareer.com’, e.g. ‘[email protected]unicareer.com’. Staff directory is open to the public while student information (including their student email and their personal information) is private and confidential. Email routing in the Company has been set up in such a way that emails sent to any unknown mailbox account will be routed to a catch-all address, ‘[email protected]’. The Company has directed much resources in information technology for its daily operation as well as enhancing student learning experiences. However, updating the networks and application infrastructure has not been the Company’s priority in the most recent years. The Company has a number of Mac and PC labs, running age-old versions of macOS and Windows OS. Staff members, at their orientation, have a choice of Mac or PC desktop computer for work. The desktop computers assigned to staff members remain properties of the Company. The network structure for all campuses and across all Company functional areas is flat and relatively unrestricted. Firewalls and network segmentation are poorly implemented throughout the entire network. Intrusion detection and prevention systems have been installed on the network but they are not effectively used. The professional qualification training industry is booming, attracting a significant number of students each year. Many companies are entering this market in most recent years – ABC Pty Ltd (the ‘Competitor’) is one of the Company’s major competitors, gradually encroaching on UniCareer’s market share. Last week the Information Security Office of the Company received complaints from a large number of students from all campuses claiming that they have received a spam email advertising and promoting the Competitor’s programs. Staff members have also received emails soliciting them to join ABC Pty Ltd. However, no such email was received by the ‘[email protected]’ account. An anonymous report also arrived at the Information Security Office last week, alleging that one of the staff membe
rs, John Pickering, viewed possessed and viewed child pornography at workplace using both his own PC (in his legal possession) and the Mac desktop provided by the Company (that remains a property of the Company). The Information Security Office takes these two incidents seriously. However, the Office has a small team of two IT professionals and they do not feel that they have the expertise to carry out a full scale forensic investigation. The Company is anxious to ensure that the student information is not being comprised, and to follow the correct procedures to investigate the second allegation. Your team has been employed to determine whether any malicious/inappropriate activity has taken place. Your team is tasked to undertake computer forensic analysis of the computer systems. This involves gathering digital evidence from relevant computers and e-mail accounts. Instructions Group/Individual assignment. This part is a group assignment for on-campus students and an individual assignment for DE students. Group formation and registration guidelines are available in the Presentation Assignment Specification. !3 Length. For on-campus student, the report is 3,500 words in length; for DE students, the report is 3,000 words in length. 10% leeway on either side is applicable to both on-campus and DE students. Assumptions. Students are encouraged to make assumptions wherever necessary subject to two conditions: (1) assumptions should not contradict with the factual information given in the case; (2) assumption, once made, must be relevant and addressed in your report. In capacity of a computer forensics expert, your task is to prepare a computer forensics investigation plan to enable a systematic collection of evidence and subsequent forensic analysis of the electronic and digital data. This plan should detail the following: • justify why the use of the digital forensic methodology and approach is warranted including appropriate procedures for the Company’s investigation. • describe the resources required to conduct a digital forensic investigation, including skill sets and required tools of the team members. • outline an approach for data/evidence identification and acquisition that would occur in order to prepare the other team members for review of the digital evidence. • outline an approach and steps to be taken during the analysis phase. • develop relevant security policies for the Company. • provide recommendations to the Company for dealing with the problems. Tips for preparing your computer forensics investigative plan In writing the computer forensics investigation plan, students need to address following points. Do note that points listed below are not exhaustive and need to be considered as helpful tips. • Justify a need for computer forensics methodology and consider the scope of the case including nature of alleged misconducts leading to consideration of how electronic and digital evidence may support the investigation. The plan should consider how computer forensics differs from other techniques (such as data recovery) and detail the overall steps for the systematic computer forensics approach. • Consider the required resources and include details regarding preparation plan for evidence gathering (such as evidence forms, types, storage media and containers), forensics workstation and peripherals needed, software/tools for analysis depending on the type of evidence to be gathered including rationale for selected tools, and consideration of team member skills in digital analysis (such as OS knowledge, skills for interviewing, consultation, working as per the needs of the team and understanding of law and Company policies). • Detail the approach for data acquisition including the different types of evidence that can be gathered and their source depending upon the nature of the case and scope of investigation, develop a plan for data acquisition including rationale for selected plan and contingency planning, detail type of data acquisition tools needed including rationale and an outline for the data validation & verification procedures. • Provide an outline of the forensic analysis procedures/steps depending upon the nature of evidence to be collected, and detail the validation approach. This can include techniques to counter data hiding, recovering deleted files, procedures for network and e-mail analysis. • Develop suitable security policies for the Company. • Provide appropriate recommendations to the Company for dealing with the problems. • Table of contents for the investigative plan should consider what to include in the report, structure of the report, focus or scope of the report including supporting material to be provided and references. This table of contents should include headings and sub-headings pertaining to the aspects addressed in the above dot points. Specifically your report should include the following. !4 1. Title page: (each) student name (in your group), (each) student number (in your group), (each) student email address (in your group, use CQU email), title of your report, local lecturer/tutor, and unit coordinator. Not counted towards the word count. 2. Executive summary. 3. Table of Contents (ToC): should list the report (sub)sections in decimal notation. Create the ToC using MS Word’s ToC auto-generator rather than manually typing out the ToC. Instructions can be found here: https://support.office.com/en-gb/article/Create-a-table-of-contents-or-update-a-table-of-contents-eb275189-b93e-4559-8dd9-c279457bfd72#__create_a_table. Not counted towards the word count. 4. Introduction. 5. Body of the report (use appropriate headings in the body of the report). 6. Conclusion. 7. Reference list: all references must be in Harvard Referencing Style. Not counted towards the word count. Marking Criteria – Justification (5 marks) Is the justification of “why use of the digital forensic methodology and approach is warranted” sound? – Resources (10 marks) Are the resources required to conduct a digital forensic investigation completely listed? – Approach (10 marks) Is the approach for evidence identification and acquisition reasonable? – Steps (5 marks) Are steps to be taken during the analysis phase reasonable? – Policies (5 marks) Are they suitable for the Company? – Recommendations (5 marks) Are they appropriate? – Table of content and References (5 marks) Is the table of contents for the investigative report complete? Can this reflect the student’s understanding of forensic principles? Are the references correctly cited? Deductions – Incomprehensible English (up to 45 marks) If the report is unable to be read and understood by the marker, the marker may impose a penalty up to 35 marks to this assessment. – Late penalty (up to 45 marks) In the absence of an extension, the marker will impose late penalties at 2.25 marks for each day or part thereof that the assignment is overdue. !5

Leave a Reply

Your email address will not be published.