4/15/2017 Untitled Document http://interact.csu.edu.au/sakai­msi­tool/content/bbv.html?subjectView=true&siteId=ITC597_201730_SM_I 1/6 Expand All Collapse All Print Version ITC597 ­ Digital Forensics Session 1 2017 Faculty of Business, Justice and Behavioural Sciences School of Computing and Mathematics Internal Mode Subject Coordinator Rajasekaran Lakshmiganthan Email [email protected] Phone 0399357900 Campus To be advised. Building/Room number To be advised. Welcome to a new session of study at Charles Sturt University. Please refer to the University's Acknowledgement of Country. This subject outline is accessible through mobile devices from http://m.csu.edu.au. Consultation procedures Any questions concerning the teaching of this subject can be made by contacting your Subject Lecturer. Lecturer Name : Chetanpal Sing Lecturer Email : [email protected] Email is the best option. Please send a brief message regarding the issue and include the subject name and subject code in your email –it really helps to know which class you belong to, before I respond to your query. If your query is urgent then meet with your respective Course Coordinator on Level­4. Class times and location General Timetable as below will be available at the following website before the start of 201730 semester, which can be accessed on any Mobile Phone or IPAD: https://csutimetable.au.studygroup.com/Melbourne/ If you cannot contact your Subject Coordinator, please contact your teaching team using the contact details and consultation procedures provided on your Interact2 subject site. What is your subject about? A brief overview [Hide] This subject provides an in­depth study of the rapidly changing and fascinating field of computer forensics. It combines both the technical expertise and the knowledge required to investigate, detect and prevent digital crimes. The subject covers the knowledge on digital forensics legislations, digital crime, forensics processes and procedures, data acquisition and validation, e­discovery tools, e­evidence collection and preservation, investigating operating systems and file systems, network forensics, art of steganography and mobile device forensics, email and web forensics, presenting reports and testimony as an expert witness. Learning outcomes On successful completion of this subject, you should: be able to determine and explain the legal and ethical considerations for investigating and prosecuting digital crimes; be able to formulate a digital forensics process; be able to evaluate the technology in digital forensics to detect, prevent and recover from digital crimes; be able to analyse data on storage media and various file systems; be able to collect electronic evidence without compromising the original data; be able to evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab; be able to critique and compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation; be able to prepare and defend reports on the results of an investigation. Pass Requirements You must obtain at least 50% in both the examination and the total mark in order to pass this subject. To be eligible for the grade AA or AE you must have submitted all assessment items in the subject, including the final exam. If you choose not to complete an assessment item or do not sit the final exam then you will not be granted an AA or an AE grade. Key Subjects Passing a key subject is one of the indicators of satisfactory academic progress through your course. You must pass the key subjects in your course at no more than two attempts. The first time you fail a key subject you will be 'at risk' of exclusion; if you fail a second time you will be excluded from the course. The Academic Progress Policy sets out the requirements and procedures for satisfactory academic progress, for the exclusion of students who fail to progress satisfactorily and for the termination of enrolment for students who fail to complete in the maximum allowed time. Assumed knowledge Academic integrity means acting with honesty, fairness and responsibility, and involves observing and maintaining ethical standards in all aspects of academic work. This subject assumes that you understand what constitutes plagiarism, cheating and collusion. If you are a new student we expect you to complete the modules called Academic Integrity at CSU. Prescribed Text [Hide] Check the textbook database (link below) to ensure you have the correct textbook indicated. Textbooks listed in this database have already been ordered for this session https://online.csu.edu.au/de/dewtext.sqt?run=List Students must have access to a copy of the following prescribed textbook: Nelson, B., Phillips, A., & Steuart, C. (2015). Guide to Computer Forensics and Investigations (5/e). Boston, MA. Course Technology The textbooks required for each of your enrolled subjects can also be found via the Student Portal Textbooks page. Subject and Assessment Schedule [Hide] Schedule Session Week Week Commencing Modules/Topics Readings and Activities 1 27 February 2017 Topic 1: Understanding digital forensics and investigations Read Text Chapter 1: Complete activities listed in the Topics 2 6 March 2017 Topic 2: Digital crime: civil and crime law Complete Readings 1 & 2: Complete activities listed in the Topics 3 13 March 2017 Topic 3: Forensics process, policies and procedures Read Text Chapter 2: Complete activities listed in the Topics 4 20 March 2017 Topic 4: Data acquisition and validation Read Text Chapter 3 & 9: Complete activities listed in the Topics 5 27 March 2017 Topic 5: E­Evidence, guidelines and standards Read Text Chapter 4: Complete activities listed in the Topics Assessment item 1 due on 02 April 2017 1 April 2017 ­ 16 April 2017 Mid­session break 6 17 April 2017 Topic 6: E­Discovery, tools, environments and equipment Read Text Chapter 6: Complete activities listed in the Topics 7 24 April 2017 Topic 7: Investigating operating systems and analyzing file systems Read Text Chapter 5 and 7: Complete activities listed in the Topics 8 01 May 2017 Topic 8: Virtual machines, email and network forensics Read Text Chapter 10 & 11: Complete activities listed in the Topics 9 08 May 2017 Topic 9: Steganography and mobile device forensics Read Text Chapters 8 & 12: Complete activities listed in the Topics 10 15 May 2017 Topic 10: Cloud forensics Read Text Chapter 13: Complete activities listed in the Topics Assessment item 2 due on 19 May 2017 11 22 May 2017 Topic 11: Reporting and presenting Read Text Chapter 14: Complete activities listed in the Topics 12 29 May 2017 Topic 12: Expert witness and ethics Read Text Chapter 15 & 16: Complete activities listed in the Topics 05 June 2017 ­ 16 June 2017 Examination period (refer to the exam time table for the exam date/time for this subject) Subject Content Topic 1: Understanding digital forensics and investigations Topic 2: Digital crime: civil and crime law Topic 3: Forensics process, policies and procedures Topic 4: Data acquisition and validation Topic 5: E­Evidence, guidelines and standards Topic 6: E­Discovery, tools, environments and equipment Topic 7: Investigating operating systems and analysing file systems Topic 8: Virtual Machines, Cloud and Network Forensics Topic 9: Steganography and mobile device forensics Topic 10: Email and web forensics Topic 11: Reporting and presenting Topic 12: Expert witness and ethics Subject Delivery [Hide] Class/tutorial times and location4/15/2017 Untitled Document http://interact.csu.edu.au/sakai­msi­tool/content/bbv.html?subjectView=true&siteId=ITC597_201730_SM_I 2/6 Class/tutorial times and location If you are enrolled in an internal offering of this subject, your class times can be found at Timetable @ CSU. If you are enrolled in the online offering of the subject, this timetable will not apply. Find out how to use Timetable @ CSU via the Student Portal Class Timetable page. Learning, teaching and support strategies How you are expected to engage with the subject All of your subject materials are available on the Interact site under the Topics link in the left hand menu. I suggest that for each topic you read the learning objectives carefully and attempt the weekly activities and most of the labs at the end of each chapter. The topics are available online only, you can download and print topics as you like. In this subject there are also lots of opportunities for you to engage with me, with your peers and with the subject. I will be holding weekly face to face lecturers throughout the session where we can discuss subject content and assessment items. The details of times and dates will be posted on the Interact site. Interaction with your fellow students and the Subject Coordinator is very important to enhance your learning in this subject. You should check the Interact site at least weekly for postings, announcements and other resources that will assist your studies or additional information and resources vital to your success in the subject. You can also contact an adviser through Student Central on the following number: 1800 275 278 (or +61 2 6933 7507 from outside Australia). Library Services The CSU Library website provides access to online material and print, using Primo Search to find online journal articles, eBooks, hardcopy books from CSU Library (see Library Manager for Interlibrary Loan Requests), company & government reports, eJournals, dissertations, theses, newspapers including Business & Financial newspapers in Factiva (See Business & IT Journal Databases), and other reference resources (eg. Australian Bureau of Statistics, Australian standards, online encyclopaedias & dictionaries to be read on the computer). You will also find library guides, Subject Reserve for any readings eg. ITC100, ACC100, etc., and online assistance to help you use the Library's resources such as Ask a Librarian – Live Chat and Ask a Librarian ­ Web Form. You can find Library Services on both the SGA library online catalogue: http://primo.unilinc.edu.au/primo_library/libweb/action/search.do?vid=SGA The SGA library online catalogue allows students to Sign In, My Account shows student's current library record including all books on loan, Renew your borrowed books online before the due date, also Search and Request all books in the SGA library, even if unavailable due to high demand from students. Students can Request books when all books are on loan to other students. When the requested book is returned to the SGA library, the student who requested the book receives an email immediately to pick up the book from the SGA library. View your library record online 24/7 at the above web link for SGA library. And also CSU Library online: http://student.csu.edu.au/library ­ CSU Library Services including Primo Search & Subject Reserve online with 24/7 access, online and video tutorials in research skills, finding journal articles for assignments, topic analysis, download Endnote referencing program and many other online library services to help you successfully complete your assignments for all CSU courses. http://trove.nla.gov.au/ ­ Powerful search engine from National Library of Australia to access many different online resources on any subject from one search. Contact Details for renewing loans, locating books and other information: SGA Melbourne Library: Marian Lees ­ Director, Library Services Ph: (03) 9935 7921 Email: [email protected] Library Help http://student.csu.edu.au/library/help ­contacts Friendly and quick assistance is available. Ask for help finding information and navigating the library's extensive eResources. Online Tutorials http://student.csu.edu.au/library/study­research/training­tutorials­videos Learn how to: • use Primo Search to find eReserve material and journal articles • search journal databases and web resources for information for your assessments • identify appropriate sources of information and peer reviewed material, and evaluate resources. Bookmark your Subject Library Resource Guide Subject Library Guides are a great way to get started with research. Each online guide is tailored to a specific area of study, including Accounting, Business & Information Technology outlining how to research in your area and where to look for information. http://libguides.csu.edu.au/ Academic Learning Support Assistance Visit the learning support website for advice about assignment preparation, academic reading and note­taking, referencing, and preparing for exams at: http://student.csu.edu.au/study You may also contact: Name: Monique Moloney Email: [email protected] Phone: (03) 9935 7919 Name: Bethany Winkler Email: [email protected] Phone: (03) 9935 7953 Name: Gail Ekici Email: [email protected] Phone: (03) 9935 7965 For appointments, please see Reception at Level 1. Queries regarding the content of this subject should be directed to your subject lecturer. Residential school You are not required to attend a residential school for this subject. Your workload in this subject Each week you should spend around 9 ­ 11 hours studying this subject – obviously some weeks may require more time than other depending on how you work – but the following is a guide for your information. Weekly activities (4­5 hours) Participation in weekly lectures and discussion (3 hour) Preparation of assessment items (3 hours) Assessment Items [Hide] Item number Title Type Value Due date* Return date** 1 Assignment 1 ­ Tasks Assignment 20% 02­Apr­2017 27­Apr­2017 2 Assignment 2 ­ Tasks and Forensics Report Assignment 30% 19­May­2017 09­Jun­2017 3 Final Exam Exam 50% To be Advised. ­ * due date is the last date for assessment items to be received at the University ** applies only to assessment items submitted by the due date Assessment item 1 Assignment 1 ­ Tasks Value: 20% Due date: 02­Apr­2017 Return date: 27­Apr­2017 Submission method options Alternative submission method Task Task 1: Hands­On Projects (10 Marks) Complete the following Hands­On Projects from the textbook (Nelson, Phillips, & Steuart 2015): Hands­On Project 1­3 (2 marks) Hands­On Project 1­5 (2 marks) Deliverable: For project 1­3 and 1­5 provide screenshots of all steps taken to complete the project along with a description of each step. Complete the following Hands­On Projects from the textbook (Nelson, Phillips, & Steuart 2015): Hands­On Project 3­4 (4 marks) Hands­On Project 4­5 (2 marks) Deliverable: For project 3­4 and 4­5 provide screenshots of all steps taken to complete the project along with a description of each step. Task 2: Case Project (5 Marks) A distressed employee calls you because she has accidentally deleted crucial files from her hard drive and can't retrieve them from the Recycle Bin. Describe the options or methods that you believe might be used to recover the files. Your solution may contain a list of questions to ask her about her system before you carry out your methods. Deliverable: Write a 300­500 word report outlining the OS that the employee may be using, formulate interview questions that may help you to recover data, and highlight the possibility of data recovery in the report. Task 3: Research Project (5 Marks) As part of the duties of a digital forensics examiner, creating an investigation plan is a standard practice. Write a paper that describes how you would organise an investigation for a potential fraud case. Also, list the methods that you plan to use to validate collected data from storage devices such as MS Word, MS Excel and emails, with hashes. Specify the hash algorithm you plan to use, such as MD5 or SHA1.4/15/2017 Untitled Document http://interact.csu.edu.au/sakai­msi­tool/content/bbv.html?subjectView=true&siteId=ITC597_201730_SM_I 3/6 emails, with hashes. Specify the hash algorithm you plan to use, such as MD5 or SHA1. Deliverable: Write a 300­500 word report that outlines standard investigation management and data validation methods. Rationale This assessment task covers digital crime, forensic process and procedures, data acquisition and validation, e­evidence, e­discovery tools and equipment. This assessment has been designed to ensure that you are engaging with the subject content on a regular basis. More specifically it seeks to assess your ability to: determine the legal and ethical considerations for investigating and prosecuting digital crimes formulate a digital forensics process evaluate the technology in digital forensics to detect, prevent and recover from digital crimes analyse data on storage media and various file systems collect electronic evidence without compromising the original data evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab Marking criteria Task 1: Hands­On Projects (10 Marks) Criteria HD 100% ­ 85% DI 84% ­ 75% CR 74% ­ 65% PS 64% ­ 50% FL 49% ­ 0 Hands­On Projects 1.3 and 1.5 (4 marks) Projects are completed, evidence of all steps is provided, Complete report is inserted in the assignment. Projects are completed, evidence of most steps is provided, report is inserted in the assignment. Projects are mostly completed, some minor errors in report. Projects mostly completed but with errors, some steps are missing, report is missing some details. Evidence of some steps is provided, reports are missing most details. Possible marks 4.0 – 3.4 3.3 – 3.0 2.29 – 2.6 2.5 – 2.0 1.9 – 0 Hands­On Projects 3.4 and 4.5 (6 marks) Projects are completed, evidence of all steps is provided, Complete report is inserted in the assignment. Projects are completed, evidence of most steps is provided, report is inserted in the assignment. Projects are mostly completed, some minor errors in report. Projects mostly completed but with errors, some steps are missing, report is missing some details. Evidence of some steps is provided, reports are missing most details. Possible marks 6.0 – 5.1 5.0 – 4.5 4.4 – 3.9 3.8 – 3.0 2.9 – 0 Task 2: Case Project (5 Marks) Criteria HD 100% ­ 85% DI 84% ­ 75% CR 74% ­ 65% PS 64% ­ 50% FL 49% ­ 0 300­500 word Report on case project Report on OS, interview questions and the possibility of file recovery with excellent explanations and justifications. Report on OS, interview questions and the possibility of file recovery with reasonable explanations and justifications. Report on OS, interview questions and the possibility of file recovery with some minor errors in explanations and justifications. Report on OS, interview questions and the possibility of file recovery provided but it lacks reasoning for the explanations and justifications. Report is provided but it didn't address the questions asked. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0 Task 3: Research Project (5 Marks) Criteria HD 100% ­ 85% DI 84% ­ 75% CR 74% ­ 65% PS 64% ­ 50% FL 49% ­ 0 300­500 word Report on investigation and validation methods Standard practice for potential fraud case(s) investigation and data validation methods excellent explanation, justification with MS Word and Excel hashes snapshots provided, explained and references are provided. Standard practice for potential fraud case(s) investigation and data validation methods reasonable explanation, justification with MS Word and Excel hashes snapshots provided, explained and references are provided. Standard practice for potential fraud case(s) investigation and data validation methods some minor errors in explanation, justification with MS Word and Excel hashes snapshots provided, explained and references are provided. Standard practice for potential fraud case(s) investigation and data validation methods provided but it lacks reasoning for the with MS Word and Excel hashes snapshots provided, explained and references are provided. Little or no evidence of research conducted. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0 Presentation Ensure all tasks are identified with headings. Use single reference list at the end of document. Submit the assignment in ONE word or pdf file on Turnitin. Please do not submit *.zip or *.rar or multiple files Assessment item 2 Assignment 2 ­ Tasks and Forensics Report Value: 30% Due date: 19­May­2017 Return date: 09­Jun­2017 Submission method options Alternative submission method Task Task 1: Recovering scrambled bits (5 Marks) For this task I will upload a text file with scrambled bits on the Interact site closer to the assignment due date. You will be required to restore the scrambled bits to their original order and copy the plain text in your assignment. Deliverable: Describe the process used in restoring the scrambled bits and insert plain text in the assignment. Task 2: Revealing hidden information from an image (5 Marks) For this task I will provide an image with hidden information in it. You will be required to reveal the hidden information. Deliverable: Describe the process used to reveal the hidden information from the image and copy the revealed information in the assignment in plain text. Task 3: Forensics Report (20 Marks) In this major task assume you are a Digital Forensics Examiner. Considering a real or a hypothetical case you are required to produce a formal report consisting of facts from your findings to your attorney who has retained you. You are free to choose a forensics scenario which can be the examination of a storage media (HDD, USB Drive, etc), email or social media forensics, mobile device forensics, cloud forensics or any other appropriate scenario you can think of. Deliverable: A forensics report of 1800­2000 word. Rationale This assessment task covers data validation, e­discovery, steganography, reporting and presenting, and has been designed to ensure that you are engaging with the subject content on a regular basis. More specifically it seeks to assess your ability to: determine the legal and ethical considerations for investigating and prosecuting digital crimes analyse data on storage media and various file systems collect electronic evidence without compromising the original data; evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab; compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation; prepare and defend reports on the results of an investigation Marking criteria Task 1: Recovering scrambled bits (5 Marks) Criteria HD 100% ­ 85% DI 84% ­ 75% CR 74% ­ 65% PS 64% ­ 50% FL 50% ­ 0 Successfully recovering the scrambled bits to their original order (5 marks) Scrambled bits are restored to the original text. Tool used to decode the text is mentioned and justification to use the tool is also provided. The process to restore the scrambled bits is clearly described with screenshots inserted of all steps. Scrambled bits are restored to the original text. Tool used to decode the text is mentioned but the justification is not very clear. The process to restore the scrambled bits is described with some screenshots. Scrambled bits are restored to the original text. Tool used to decode the text is mentioned but the justification is not very clear. The process to restore the scrambled bits is described but no screenshots provided. Scrambled bits are restored to the original text. No justification of tool used is provided, process seems to be somewhat vague. Scrambled bits are restored but not matching with the original text. Tool is not mentioned and process is not described. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0 Task 2: Revealing hidden information from an image (5 Marks) Criteria HD 100% ­ 85% DI 84% ­ 75% CR 74% ­ 65% PS 64% ­ 50% FL 50% ­ 0 Successfully revealing hidden text from an image (5 marks) Hidden text is revealed. Tool used to reveal the text is mentioned and justification to use the tool is also provided. The process Hidden text is revealed. Tool used to reveal the text is mentioned but the justification is not very clear. The process to restore the text is Hidden text is revealed. Tool used to reveal the text is mentioned but the justification is not very clear. The process to restore the text is Hidden text is revealed. No justification of tool used is provided, process seems to be somewhat vague. Hidden text is revealed but not matching with the original text. Tool is not mentioned and process is not described.4/15/2017 Untitled Document http://interact.csu.edu.au/sakai­msi­tool/content/bbv.html?subjectView=true&siteId=ITC597_201730_SM_I 4/6 provided. The process to reveal the text is clearly described with screenshots inserted of all steps. restore the text is described with some screenshots. restore the text is described but no screenshots provided. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0 Task 3: Forensics report (20 Marks) Criteria HD 100% ­ 85% DI 84% ­ 75% CR 74% ­ 65% PS 64% ­ 50% FL 50% ­ 0 Introduction: Background, scope of engagement, tools and findings (3 marks) All elements are present, well expressed, comprehensive and accurate. All elements are present and largely accurate and well expressed. All elements are present with few inaccuracies. Most elements are present possibly with some inaccuracies. Fails to satisfy minimum requirements of introduction. Possible marks 3.0 – 2.55 2.54 – 2.25 2.24 – 1.95 1.94 – 1.5 1.4 – 0 Analysis: relevant programs, techniques, graphics (5 marks) Description of analysis is clear and appropriate programs and techniques are selected. Very good graphic image analysis. Description of analysis is clear and mostly appropriate programs and techniques are selected. Good graphic image analysis. Description of analysis is clear and mostly appropriate programs and techniques are selected. Reasonable graphic image analysis. Description of analysis is not completely relevant. Little or no graphics image analysis provided. Fails to satisfy minimum requirements of analysis. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0 Findings: specific files/images, type of searches, type of evidence, indicators of ownership (5 marks) A greater detail of findings is provided. Keywords and string searches are listed very clearly. Evidence found is very convincing. Indication of ownership is very clear. Findings are provided, keywords and string searchers are listed. Evidence is sound. Ownership is clear. Findings are provided, some keywords are listed. Evidence is reasonable which relates to the ownership. Findings are provided but are somewhat vague. Keywords and strings are not very clear. Evidence found may be questionable. Fails to satisfy minimum requirements providing findings. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0 Conclusion: Summary, Results (3 marks) High level summary of results is provided which is consistent with the report. Well summarised results and mostly consistent with the findings. Good summary of results. Able to relate the results with findings. No new material is included. Satisfies the minimum requirements. Results are not really consistent with the findings. Fails to satisfy minimum requirements of summarising the results. Possible marks 3.0 – 2.55 2.54 – 2.25 2.24 – 1.95 1.94 – 1.5 1.4 – 0 References: Must cite references to all material used as sources for the content (2 marks) APA 6th edition referencing applied to a range of relevant resources. No referencing errors. Direct quotes used sparingly. Sources all documented. APA 6th edition referencing applied to a range of relevant resources. No more than 2 referencing errors. Direct quotes used sparingly. Sources all documented. APA 6th edition referencing applied to a range of relevant resources. No more than 3 errors. Direct quotes used in­context. Sources all documented. APA 6th edition referencing applied to a range of relevant resources. No more than 4 errors. Direct quotes used incontext. Some sources documented. Referencing not done to the APA 6th edition standard. Over­use of direct quotes. Range of sources used is not appropriate and/or not documented. Possible marks 2.0 – 1.7 1.6 – 1.5 1.4 – 1.3 1.2 – 1.0 0.9 – 0 Glossary / Appendices: (2 marks) Glossary of technical terms used in the report is provided which has generally acceptable source of definition of the terms and appropriate references are included. Relevant supporting material is provided in appendices to demonstrate the evidence. Glossary of technical terms used in the report is provided which has mostly acceptable source of definition of the terms and appropriate references are included. Some supporting material is provided in appendices to demonstrate the evidence. Glossary of some technical terms used in the report is provided which has mostly acceptable source of definition of the terms and appropriate references are included. Some supporting material is provided in appendices to demonstrate the evidence. Glossary of some technical terms used in the report is provided however terms are not generally common and some references are missing. Some supporting material is provided in appendices. Most terminologies are missing. Appendices are either not provided or are irrelevant. Possible marks 2.0 – 1.7 1.6 – 1.5 1.4 – 1.3 1.2 – 1.0 0.9 – 0 Presentation The following should be included as minimum requirements in the report structure: • Executive Summary or Abstract This section provides a brief overview of the case, your involvement as an examiner, authorisation, major findings and conclusion • Table of Contents • Introduction Background, scope of engagement, forensics tools used and summary of findings • Analysis Conducted o Description of relevant programs on the examined items o Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions etc o Graphic image analysis • Findings This section should describe in greater detail the results of the examinations and may include: o Specific files related to the request o Other files, including deleted files that support the findings o String searches, keyword searches, and text string searches o Internet­related evidence, such as Web site traffic analysis, chat logs, cache files, e­mail, and news group activity o Indicators of ownership, which could include program registration data. • Conclusion Summary of the report and results obtained • References You must cite references to all material you have used as sources for the content of your work • Glossary A glossary should assist the reader in understanding any technical terms used in the report. Use a generally accepted source for the definition of the terms and include appropriate references. • Appendices You can attach any supporting material such as printouts of particular items of evidence, digital copies of evidence, and chain of custody documentation. Follow the referencing guidelines for APA 6 as specified in Referencing Guides. Submit the assignment in ONE word or pdf file on Turnitin. Please do not submit *.zip or *.rar or multiple files. Assessment item 3 Final Exam Value: 50% Date: To be advised Duration: 2 Hours Submission method options N/A ­ submission not required/applicable Rationale Covering all topics, this assessment task has been designed to assess your ability to: • determine the legal and ethical considerations for investigating and prosecuting digital crimes • formulate a digital forensics process • evaluate the technology in digital forensics to detect, prevent and recover from digital crimes • analyse data on storage media and various file systems • collect electronic evidence without compromising the original data; • evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab; • compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation; • prepare and defend reports on the results of an investigation Sample exam can be found at https://doms.csu.edu.au/csu/items/ec433966­0ca6­4a95­9915­00e73184070d/1/ and you may need to enter your Interact2's username and password to access to CSU's Digital Object Management System (DOMS). Requirements Close book examination consists of: Short answer questions and case study. All questions must be answered. It is your responsibility to ensure that you are aware of the requirements for completing the exam and that you attend the exam site on the correct date and at the correct time. The School of Computing and Mathematics will not accept misreading the exam time as misadventure. Marking criteria Part A – 5 Short Answer Questions (8 marks each) Criteria HD 100% ­ 85% DI 84% ­ 75% CR 74% ­ 65% PS 64% ­ 50% FL 49% ­ 0 Demonstrate an ability to analyse, reason and discuss the concepts learned in the subject (This includes content from online meetings, textbook chapters, modules, readings and forum discussions) Demonstrate an ability to analyse, reason and discuss the concepts to draw justified conclusions that are logically supported by examples and best practice. Answers succinctly integrate and link information into cohesive and coherent piece of analysis and consistently use correct forensics terminologies and sophisticated language. Demonstrate an ability to analyse, reason and discuss the concepts to draw justified conclusions that are logically supported by examples and best practice. The answers are logically structured to create cohesive and coherent piece of analysis that consistently use correct forensic terminologies. Demonstrate an ability to analyse, reason and discuss the concepts to draw justified conclusions that are generally logically supported by examples and best practice. The answers are generally logically structured to create a comprehensive, mainly descriptive piece of analysis. Some use of correct forensic terminologies. Demonstrate an ability to analyse, reason and discuss most concepts to draw justified conclusions that are generally logically supported by examples and best practice. The answers are partially structured into loosely­linked rudimentary sentences to create a comprehensive, descriptive piece of analysis. Some use of correct forensic terminologies. Demonstrate an ability to analyse, reason and discuss some concepts to draw conclusions that are generally logically supported by examples. The answers are partially structured and may tend to list information. Uses frequent informal language. Possible marks 8.0 – 6.8 6.7 – 6.0 5.9 – 5.2 5.1 – 4.0 3.9 – 0 Part B – One Case Study Question (10 marks)4/15/2017 Untitled Document http://interact.csu.edu.au/sakai­msi­tool/content/bbv.html?subjectView=true&siteId=ITC597_201730_SM_I 5/6 Criteria HD 100% ­ 85% DI 84% ­ 75% CR 74% ­ 65% PS 64% ­ 50% FL 49% ­ 0 Use the concepts learned in the subject to solve the case (This includes content from online meetings, textbook chapters, modules, readings and forum discussions) Use the concepts learned in the subject to solve the case which demonstrates an ability to analyse and reason the concepts to draw justified conclusions that are logically supported by examples and best practice. Answer succinctly integrates and link information into cohesive and coherent piece of analysis and consistently use correct forensics terminologies and sophisticated language. Use the concepts learned in the subject to solve the case which demonstrates an ability to analyse and reason the concepts to draw justified conclusions that are logically supported by examples and best practice. Answer is logically structured to create cohesive and coherent piece of analysis that consistently use correct forensic terminologies. Use the concepts learned in the subject to solve the case which demonstrates an ability to analyse and reason the concepts to draw justified conclusions that are generally logically supported by examples and best practice. Answer is generally logically structured to create a comprehensive, mainly descriptive piece of analysis. Some use of correct forensic terminologies. Use the concepts learned in the subject to solve the case which demonstrates an ability to analyse and reason most concepts to draw justified conclusions that are generally logically supported by examples and best practice. Answer is partially structured into loosely­linked rudimentary sentences to create a comprehensive, descriptive piece of analysis. Some use of correct forensic terminologies. Use the concepts learned in the subject to solve the case which demonstrates an ability to analyse and reason the concepts to draw conclusions that are generally logically supported by examples. Answer is partially structured and may tend to list information. Uses frequent informal language. Possible marks 10.0 – 8.5 8.4 – 7.5 7.4 – 6.5 6.4 – 5.0 4.9 – 0 Material provided by the University Answer Booklets (1 X 12 page) Material required by the student Writing implements, including a 2B pencil and an eraser. Any calculator allowed, including programmable calculators (hand held, no printer). i­pads, smart phones and other hand­held devices are not accepted as calculators. Assessment Information [Hide] Learning materials Details of learning materials that support your success in this subject can be found in the Interact2 Subject Site. Referencing Referencing is an important component of academic work. All assessment tasks should be appropriately referenced. The specific details of the referencing requirements are included in each assessment task description. Get referencing style guides and help to use for your assessments. Plagiarism CSU treats plagiarism seriously. We may use Turnitin to check your submitted work for plagiarism. You can use Turnitin to check for plagiarism in your assessments before submission. How to apply for special consideration Academic regulations provide for special consideration to be given if you suffer misadventure or extenuating circumstances during the session (including the examination period) which prevents you from meeting acceptable standards or deadlines. Find the form on the Student Portal Special Consideration, Misadventure, Advice and Appeals page. Extensions In order to ensure that students who hand their assignments in on time are not disadvantaged, and to enable the lecturer to comply with the requirement to return assignments to the class within 21 days, the following rules about extensions will be strictly enforced: 1. Extensions cannot be granted for online tests, as these have to be done within a specific time frame, after which the answers are released to the class automatically. 2. Computer problems and normal work­related pressures and family commitments do not constitute sufficient reasons for the granting of extensions. 3. If it becomes obvious that you are not going to be able to submit an assignment on time because of an unavoidable problem, you must submit your request for an extension to the Subject Coordinator in writing (email or post) prior to the due date. Requests for extensions will not be granted on or after the due date so you must make sure that any extension is requested prior to the day on which the assignment is due. You are expected to do all you can to meet assignment deadlines. Work and family related pressures do not normally constitute sufficient reasons for the granting of extensions or incomplete grades. 4. If you apply for an extension, you may be asked to email your lecturer on what you have done so far on the assignment. 5. You must be able to provide documentary evidence (such as a certificate from a doctor or counsellor) justifying the need for an extension as soon as practicable ­ but please note that if the circumstances giving rise to the request for an extension arise on a day when you cannot get documentary evidence, you must still apply for the extension before the due date and submit the documentary evidence afterwards. 6. Given the tight deadlines involved in returning assignments to students and putting feedback on Interact, the maximum extension granted generally will be seven (7) days from the due date. 7. Assignments received more than 10 days after the due date or extension date will not be marked unless the staff member decides otherwise. Items received late will be penalised at 10% of the mark available for the assessment item per day it is late (see below). 8. Note that for purposes of measuring lateness, the 'day' begins just after 00.00 hrs AEST ­ so an assignment received after midnight of the due date will be penalised 10% for lateness. This rule will be applied to all students uniformly. Penalties for Late Submission The penalty for late submission of an assessment task (without obtaining the Subject Coordinator's approval for an extension) will be: 10% deduction per day, including weekends, of the maximum marks allocated for the assessment task, i.e. 1 day late 10% deduction, or 2 days late 20% deduction. An example of the calculation would be: Maximum marks allocated = 20 Penalty for one day late = 2 marks (so, a score of 18/20 becomes 16/20 and a score of 12/20 becomes 10/20). If an assignment is due on a Friday but is not submitted until the following Tuesday, then the penalty will be four days (40% deduction or 8 marks in the example above). Submissions more than 10 days late will be acknowledged as received but will not be marked. Resubmission Under normal circumstances resubmission of assessment items will not be accepted for any of the assessments required in this subject. Online Submission Assignments should be submitted through TurnItIn. Please meet with your respective lecturer to enroll in the Turnitin (If you do not receive any email from Turnitin). Assessments such as Blogs, Quizzes and Journals are required to submit in the Interact2. TurnItIn does not accept Excel files and PDF files. Assignment/s must be submitted through Turnitin by midnight (AEST) according to the date mentioned in the subject outline. Postal Submission Under normal circumstances postal submissions will not be accepted for any of the assessments required. Hand Delivered Submission Under normal circumstances hand delivered submissions will not be accepted for any of the assessments required. Feedback Feedback for assessment items will be provided by subject lecturer/s. Assignment Return You should normally expect your marked assignment to be returned to you within 15 working days of the due date, if your assignment was submitted on time. If you submitted your assignment on time but have not returned by the return date, you should make enquiries in the first instance to the subject lecturer. If the subject lecturer is not available, contact Level 1, Reception. Student Feedback and Learning Analytics [Hide] Evaluation of Subjects CSU values constructive feedback and relies on high response rates to Subject Experience Surveys (SES) to enhance teaching. Responses are fed back anonymously to4/15/2017 Untitled Document http://interact.csu.edu.au/sakai­msi­tool/content/bbv.html?subjectView=true&siteId=ITC597_201730_SM_I 6/6 CSU values constructive feedback and relies on high response rates to Subject Experience Surveys (SES) to enhance teaching. Responses are fed back anonymously to Subject Coordinators and Heads of Schools to form the basis for subject enhancement and recognition of excellence in teaching. Schools report on their evaluation data; highlighting good practice and documenting how problems have been addressed. You can view a summary of survey results via the Student Portal SES Results page. We strongly encourage you to complete your online Subject Experience Surveys. You will be provided with links to your surveys via email when they open three [3] weeks before the end of session. Changes and actions based on previous student feedback Based on past analytics, changes made to the subject included more face­to­face interactions with the subject Lecturer and Course Coordinator can significantly improve learning outcomes. Learning analytics in this subject Learning Analytics refers to the collection and analysis of student data for the purpose of improving learning and teaching. It enables the University to personalise the support we provide our students. All Learning Analytics activities will take place in accordance with the CSU Learning Analytics Code of Practice. For more information, please visit CSU's Learning Analytics website. Data about your activity in the Interact2 site and other learning technologies for this subject will be recorded and can be reviewed by teaching staff to inform their communication, support and teaching practices. Services and Support [Hide] Your Student Portal tells you can how you can seek services and support. These include study, admin, residential, library, careers, financial, and personal support. Develop your study skills Develop your study skills with our free study services. We have services online, on campus and near you. These services can help you develop your English language, literacy, and numeracy. Library Services CSU Library provides access to the eBooks, journal articles, books, and multimedia resources needed for your studies and assessments. Get the most out of these resources by contacting Library staff either online or in person, or make use of the many Library Resource Guides, videos and online workshops available. CSU Policies and Regulations [Hide] This subject outline should be read in conjunction with all academic policies and regulations, e.g. Student Academic Misconduct Policy, Assessment Policy – Coursework Subjects, Assessment Principles Policy, Special Consideration Policy, Academic Progress Policy, Academic Communication with Students Policy, Student Charter, etc. Please refer to the collated list of policies and regulations relevant to studying your subject(s) which includes links to the CSU Policy Library – the sole authoritative source of official academic and administrative policies, procedures, guidelines, rules and regulations of the University. Subject Outline as a Reference Document This Subject Outline is an accurate and historical record of the curriculum and scope of your subject. CSU's Subject Outlines Policy requires that you retain a copy of the Subject Outline for future use such as for accreditation purposes.