Enabling objectives 1. Analysis a case study to identify appropriate course of action to investigate 2. Learn appropriate tools and techniques to investigate a digital forensic case. 3. Apply the digital forensics methodologies. 4. Appraising the legal issues involved in a forensic investigation. 5. Prepare an outline of a professional digital forensic plan and investigation report Instructions This assessment is a group assessment where group is made of 2-3 students. Each group need to choose a case study given in 'case study' section and perform activities from 'Assessment activities' section. There are three sub-sections under 'Assessment activities' section and each sub-section has two parts. Each students of the group should work on individual sub-section which will contribute to their individual grade. As a group you have to choose which sub-section will be done by a specific team member. Final outcome of the assessment will be a report for the entire group. Follow instructions given in 'what to submit?' section of this document to prepare a report and submit on Moodle. The report has to be cohesive and fit well together. Case study: As a group choose one from given cases below for this assignment: 1. Case one - Electronic eavesdropping 2. Case Two – Exfiltration of corporate IP 3. Case Three– Illegal digital materials Assessment activities: Sub-section 1: Analyse the case you have selected and execute the following activities: Part A - • Investigate the selected case based on hard drive images from all workstations in the office. Your investigation should answer questions asked in the case and formulate a conclusion. Your and conclusion should be supported by your investigated evidence. Note: your individual evidence may not answer all questions but your group evidence together should answer all questions so talk to your groupmates. • Use the forensic software you have leant in the lab for this investigation but if require feel free to use other available forensic tools available out there for free ( or trial). COIT12201, ECrime and Digital Forensics – T2, 2016 Assessment 2 Page: 2 / 4 Part B - • Finally prepare a report for your team members to carry the investigation further o Details of digital forensic methodologies and process flow used to investigate this case. Provide appropriate screenshots to show detail process of the investigation. o Identify ethical and legal issues are applicable for the case you are working on o Write appropriate justifications to support your chosen methodologies and process. o Justification of choosing ethical and legal issues that are relevant to the case. Sub-Section 2: In this section you will perform static acquisition on digital crime evidence prepared in sub-section 1. Part A - • Investigate the selected case based on RAM dumps from the machines taken during the police visit (mdd or windd images). Your investigation should answer all the questions asked in the case and formulate a conclusion. Your and conclusion should be supported by your investigated evidence. Note: your individual evidence may not answer all questions but your group evidence together should answer all questions so talk to your groupmates. • Use the forensic software you have leant in the lab for this investigation but if require feel free to use other available forensic tools available out there for free ( or trial). • Identify ethical and legal issues are applicable for the case you are working on