Objectives This assessment item relates to the course learning

COIT12201, ECrime and Digital Forensics – T2, 2017 Assessment 2 Page: 1 / 4 Assessment item 2 — Practical and Written Assessment Due date: Both Part A and Part B is due at Week 10 Friday (22-Sep-2017) 11:00 PM AEST Weighting: 30% (15%( Part A) + 15%( Part B) = 30%) Length: Maximum 3000 ±10% words (excluding the cover page, table of content and references) for the entire report. Objectives This assessment item relates to the course learning outcome 1 to 6 as stated on page 1 of the course profile. Enabling objectives 1. Analysis a case study to identify appropriate course of action to investigate 2. Learn appropriate tools and techniques to investigate a digital forensic case. 3. Apply the digital forensics methodologies. 4. Appraising the legal issues involved in a forensic investigation. 5. Prepare an outline of a professional digital forensic plan and investigation report Instructions This assessment is a group assessment where group is made of 3(three) students. Each group need to choose a case study given in ‘case study’ section and perform activities from ‘Assessment activities’ section. There are three sub-sections under ‘Assessment activities’ section and each sub-section has two parts. Each students of the group should work on individual sub-section which will contribute to their individual grade. As a group you have to choose which sub-section will be done by a specific team member. Final outcome of the assessment will be a report for the entire group. Follow instructions given in ‘what to submit?’ section of this document to prepare a report and submit on Moodle. The report has to be cohesive and fit well together. Case study: As a group choose one from given cases below for this assignment: 1. Case one – Electronic eavesdropping 2. Case Two – Exfiltration of corporate IP 3. Case Three– Illegal digital materials Group size: It is expected that each group will have three group members: The group will work in one case selected from the list above. Each group member will complete one sub-section from below. It a special circumstances: you need permission from your lecturer to work by yourself or if you are only 2 in the group. You still need to finish all the sub-sections from below but feel free to discuss with your lecturer for further advice, specially distribution of work among two members. Issues with Group and group mates: Group has to be created on or before week 5. If any problem with group members, you have to report about this two weeks before the submission deadline to your campus lecture. They will contact to the coordinator (if require). I will be the first point of contact for all distance students. COIT12201, ECrime and Digital Forensics – T2, 2017 Assessment 2 Page: 2 / 4 Assessment activities: Select a case study as a group and perform the following to answer questions given in the case document included with this assignment. Sub-section 1: Analyse selected case and execute the following activities: Part A – • Investigate following evidences o charlie-2009-12-11.E01 o charlie-work-usb-2009-12-11.E01 o charlie-2009-12-11.mddramimage.zip Your investigation should aim to answer questions asked in the case and formulate a conclusion. Your conclusion should be supported by your investigated evidence. Note: your individual evidence may not answer all questions but your group evidence together should answer all questions so talk to your groupmates. • Use the forensic software you have leant in the lab for this investigation but if require feel free to use other available forensic tools available out there for free (or trial). Part B – • Finally prepare a report for your team members to carry the investigation further o Details of digital forensic methodologies and process flow used to investigate this case. Provide appropriate screenshots to show detail process of the investigation. o Identify ethical and legal issues are applicable for the case you are working on o Write appropriate justifications to support your chosen methodologies and process. o Justification of choosing ethical and legal issues that are relevant to the case. Sub-Section 2: Analyse selected case and execute the following activities: Part A – • Investigate following evidences o pat-2009-12-11.E01 o pat-2009-12-11.mddramimage.zip o jo-work-usb-2009-12-11.E01 • Your investigation should aim to answer questions asked in the case and formulate a conclusion. Your conclusion should be supported by your investigated evidence. Note: your individual evidence may not answer all questions but your group evidence together should answer all questions so talk to your groupmates. • Use the forensic software you have leant in the lab for this investigation but if require feel free to use other available forensic tools available out there for free (or trial). • Identify ethical and legal issues are applicable for the case you are working on Part B – • Finally prepare a report for your team members to carry the investigation further o Details of digital forensic methodologies and process flow used to investigate this case. Provide appropriate screenshots to show detail process of the investigation. o Identify ethical and legal issues are applicable for the case you are working on o Write appropriate justifications to support your chosen methodologies and process. o Justification of choosing ethical and legal issues that are relevant to the case. COIT12201, ECrime and Digital Forensics – T2, 2017 Assessment 2 Page: 3 / 4 Sub-section 3: Analyse selected case and execute the following activities: Part A – • Investigate following evidences o terry-2009-12-11-002.E01 o jo-2009-12-11-002.E01 -> new evidence added due to its significance to address questions in case three o terry-workusb-2009-12-11.E01 -> removed as it is less significant for this investigation o terry-2009-12-11.mddramimage.zip -> removed due to error in the evidence • Your investigation should aim to answer questions asked in the case and formulate a conclusion. Your conclusion should be supported by your investigated evidence. Note: your individual evidence may not answer all questions but your group evidence together should answer all questions so talk to your groupmates. • Use the forensic software you have leant in the lab for this investigation but if require feel free to use other available forensic tools available out there for free (or trial). Part B – • Finally prepare a report for your team members to carry the investigation further o Details of digital forensic methodologies and process flow used to investigate this case. Provide appropriate screenshots to show detail process of the investigation. o Identify ethical and legal issues are applicable for the case you are working on o Write appropriate justifications to support your chosen methodologies and process. o Justification of choosing ethical and legal issues that are relevant to the case. Evidences can be downloaded from: Tools like: OSForensics, FTK, SleuthKit, autopsy, ProDiscover Basic and Volatility can be really helpful to investigate this case. What to submit? You need to submit only one report as a group. Duplicate submission of same report will occur negative (-) 5 marks for entire group. What to include in the report: • A cover page clearly mention following: o Name and student numbers of group mates o Student number and the relevant section number worked by the specific student • It should follow formal reporting guideline. At minimum, it should have table of content, page numbers and relevant references(if any) • Combine your report from sub-section 1, 2 and 3 of the assignment. The report should be presented cohesively so that it looks like one whole investigation report with a group introduction and conclusion. • There is no page limit for the report. Download link for hard drive images: http://downloads.digitalcorpora.org/corpora/scenarios/2009-m57-patents/drives-redacted/ Download link for RAM
dumps: http://downloads.digitalcorpora.org/corpora/scenarios/2009-m57-patents/ram/ Download link for USB drives: http://downloads.digitalcorpora.org/corpora/scenarios/2009-m57-patents/usb/ COIT12201, ECrime and Digital Forensics – T2, 2017 Assessment 2 Page: 4 / 4 Reference The case is adapted from http://digitalcorpora.org/corpora/scenarios/m57-patents-scenario on 26th June, 2017. Marking guide: Student Number & Name: Marker / Date: Part A: Practical part (15 marks) Marks Comments 1. Depth of analyses: how well student analyzed the case to create/ acquire/investigate the digital crime evidence /4 2. Appropriateness of tools and techniques: How appropriate was the choice of tools and techniques used for investigation /3 3. Accuracy of practical work– • Does it follow the proper forensic methodologies taught in the course? [3] • How the investigation follow current professional forensic practice taught in this course? [2] • Does the investigation identified all possible evidence that can be presented in court [3] /8 Part B: Report part (15%) Report quality: • How well the report documents the forensic investigation activities • Is the report easy to follow? • How well the flow of the investigation were sequentially presented in the report • Does it prepare with formal report writing style such as table of content, page numbers, appropriate referencing (if any), cover page and so on. /10( 2.5 for each bullet points) Evidence of the practical work: • Does the report properly evidenced (using screenshots or video) the practical work with detail explanation of steps followed during investigation to answer given questions in the case? /5 Total Marks: /30

Leave a Reply

Your email address will not be published.