COIT12201, ECrime and Digital Forensics – T2, 2016 Assessment 2 Page: 1 / 4 Assessment item 2 — Practical and Written Assessment Due date: Both Part A and Part B is due at Week 10 Thursday (24-Sep-2015) 01:00 PM AEST Weighting: 30% (Part A -15% + Part B-15% = 30%) Length: 1500 ±10% words excluding the cover sheet, table of contents and references Objectives This assessment item relates to the course learning outcome 1 to 6 as stated on page 1 of the course profile. Enabling objectives 1. Analysis a case study to identify appropriate course of action to investigate 2. Learn appropriate tools and techniques to investigate a digital forensic case. 3. Apply the digital forensics methodologies. 4. Appraising the legal issues involved in a forensic investigation. 5. Prepare an outline of a professional digital forensic plan and investigation report Instructions This assessment is a group assessment where group is made of 2-3 students. Each group need to choose a case study given in 'case study' section and perform activities from 'Assessment activities' section. There are three sub-sections under 'Assessment activities' section and each sub-section has two parts. Each students of the group should work on individual sub-section which will contribute to their individual grade. As a group you have to choose which sub-section will be done by a specific team member. Final outcome of the assessment will be a report for the entire group. Follow instructions given in 'what to submit?' section of this document to prepare a report and submit on Moodle. The report has to be cohesive and fit well together. Case study: As a group choose one from given cases below for this assignment: 1. Case one - Electronic eavesdropping 2. Case Two – Exfiltration of corporate IP 3. Case Three– Illegal digital materials Assessment activities: Sub-section 1: Analyse the case you have selected and execute the following activities: Part A - • Investigate the selected case based on hard drive images from all workstations in the office. Your investigation should answer questions asked in the case and formulate a conclusion. Your and conclusion should be supported by your investigated evidence. Note: your individual evidence may not answer all questions but your group evidence together should answer all questions so talk to your groupmates. • Use the forensic software you have leant in the lab for this investigation but if require feel free to use other available forensic tools available out there for free ( or trial).COIT12201, ECrime and Digital Forensics – T2, 2016 Assessment 2 Page: 2 / 4 Part B - • Finally prepare a report for your team members to carry the investigation further o Details of digital forensic methodologies and process flow used to investigate this case. Provide appropriate screenshots to show detail process of the investigation. o Identify ethical and legal issues are applicable for the case you are working on o Write appropriate justifications to support your chosen methodologies and process. o Justification of choosing ethical and legal issues that are relevant to the case. Sub-Section 2: In this section you will perform static acquisition on digital crime evidence prepared in sub-section 1. Part A - • Investigate the selected case based on RAM dumps from the machines taken during the police visit (mdd or windd images). Your investigation should answer all the questions asked in the case and formulate a conclusion. Your and conclusion should be supported by your investigated evidence. Note: your individual evidence may not answer all questions but your group evidence together should answer all questions so talk to your groupmates. • Use the forensic software you have leant in the lab for this investigation but if require feel free to use other available forensic tools available out there for free ( or trial). • Identify ethical and legal issues are applicable for the case you are working on Part B - • Finally prepare a report for your team members to carry the investigation further o Details of digital forensic methodologies and process flow used to investigate this case. Provide appropriate screenshots to show detail process of the investigation. o Identify ethical and legal issues are applicable for the case you are working on o Write appropriate justifications to support your chosen methodologies and process. o Justification of choosing ethical and legal issues that are relevant to the case. Sub-section 3: Investigate the acquired digital evidence given to you by your peer and prepared in subsection 2. Part A - • Investigate the selected case based on three company USB drives found on-premises and one personal USB drive seized from Jo. Your investigation should answer all the questions asked in the case and formulate a conclusion. Your and conclusion should be supported by your investigated evidence. Note: your individual evidence may not answer all questions but your group evidence together should answer all questions so talk to your groupmates. • Use the forensic software you have leant in the lab for this investigation but if require feel free to use other available forensic tools available out there for free (or trial). Part B - • Finally prepare a report for your team members to carry the investigation further o Details of digital forensic methodologies and process flow used to investigate this case. Provide appropriate screenshots to show detail process of the investigation. o Identify ethical and legal issues are applicable for the case you are working on o Write appropriate justifications to support your chosen methodologies and process. o Justification of choosing ethical and legal issues that are relevant to the case. What to submit?COIT12201, ECrime and Digital Forensics – T2, 2016 Assessment 2 Page: 3 / 4 You need to submit only one report as a group. Duplicate submission of same report will occur negative (-) 5 marks for entire group. What to include in the report: • A cover page clearly mention following: o Name and student numbers of group mates o Student number and the relevant section number worked by the specific student • It should follow formal reporting guideline. At minimum, it should have table of content, page numbers and relevant references(if any) • Combine your report from sub-section 1, 2 and 3of the assignment. The report should be presented cohesively so that it looks like one whole investigation report with a group introduction and conclusion. Issues with Group and group mates: Group has to be created on or before week 5. If any problem with group members, you have to report about this one week before the submission deadline to your campus lecture. They will contact to the coordinator (if require). I will be the first point of contact for all FLEX students.COIT12201, ECrime and Digital Forensics – T2, 2016 Assessment 2 Page: 4 / 4 Marking guide: Student Number & Name: Marker / Date: Part A: Practical part (15 marks) Marks Comments 1. Depth of analyses: how well student analyzed the case to create/ acquire/investigate the digital crime evidence /4 2. Appropriateness of tools and techniques: How appropriate was the choice of tools and techniques used for creation/ acquisition/investigation /3 3. Accuracy of practical work– • Does it follow the proper forensic methodologies taught in the course? [3] • How the investigation follow current professional forensic practice taught in this course? [2] • Does the investigation identified all possible evidence that can be presented based on given police evidence [3] /8 Part B: Report part (15%) Report quality: • How well the report documents the forensic investigation activities • Is the report easy to follow • How well the flow of the investigation were sequentially presented in the report • Does it prepare with formal report writing style such as table of content, page numbers, appropriate referencing (if any), cover page and so on. /10( 2.5 for each bullet points) Evidence of the practical work: • Does the report properly evidence (using screenshots or video or any other possible means) the practical work with detail explanation of possible steps followed for creation/ acquisition/investigation of the case? /5 Total Marks: /30