Postgraduate Programmes Assignment Specification Faculty of Science and Engineering Department of Computer Science Module Title Digita forensic Learning Objectives Assessed LO3: Critically analyse and evaluate networked systems for vulnerabilities and weaknesses. LO4: Demonstrate an understanding of access and attack methods. LO5: Demonstrate the use of some complex penetration testing tools. Submission Information The final submission shall be a 2200 words (with 10% flexibility) report of all 4 exercises, submitted as a Word or pdf document to Moodle via a submission link on the CO7604 Moodle page. 5 marks penalty per 1000 words excess, e.g. if a 1000-word assignment, 5 marks deducted for 1101-2100 words). Permissible word count excludes the student’s name, title of module and assignment, references to sources, bibliography, graphs, tables, maps, diagrams, captions and appendices. Extensions and Plagiarism Extensions Extensions can only be granted by Dr Linda Rayner, Head of Department at least 48 hours in advance of the deadline (by appointment through the Departmental Administrator), and written evidence will be required. Late work is penalised at the rate of 5% per day. Plagiarism The material you submit must be your own work. The penalties for plagiarism are severe. The minimum penalty is usually zero for that piece of work. Further information is available at Portal > Support Departments > Academic Quality Support Services > Academic Malpractice Assignment Brief This is a portfolio of four (4) in-class exercises spread across the term for five weeks. These will be a combination of practical exercises with corresponding written report. All 4 exercises have equal mark of 10% each. Exercises will cover all stages/phases of penetration testing, INCLUDING Engagement & Information Gathering, Footprinting & Scanning, Vulnerability Assessment, and Exploitation, EXCLUDING the Reporting stage. Students are expected to carry out full penetration testing on a particular company. Each student has a separate company to work with. The company, which is the case study for this assessment, has an online presence as well as a network of machines, including servers and ordinary workstations. This case study will be the focus of the five weeks lectures. Every lecture will start with introducing a pentesting stage and the relevant tools followed by the exercise of performing the activities of that pentesting stage on the case study. This will involve building on those activities (further individual study and discretion will be required), applying them to the case study, and documenting the processes and findings. Students are expected to start each exercise in class with tutor’s support and then go on to complete tasks individually. Students are encouraged to complete each exercise before the start of the next lecture. Students will then submit a portfolio of all exercises, documenting and explaining findings (results) and the processes taken. The format of the report is suggested to have four sections addressing Engagement & Information Gathering, Footprinting & Scanning, Vulnerability Assessment, and Exploitation stages. Detailed information about the case study, with individual access to the company’s virtual network, is provided on the CO7604 Moodle page. Note that the case study is unique for each student. The difference is mainly in the area of naming but the technicalities, functionalities and level of complexity are similar. The main resource for this component is (Weidman, 2014). Weidman, G. (2014). Penetration Testing – A Hands-On Introduction to Hacking. No Starch Press. General Instructions • Format: The format should be one column, left or justified alignment, have appropriate and meaningful headings/sections. Use a meaningful structure that ensures coherency. • Referencing: Do not just give a list of references without showing where/how you have used them in the text – ensure you include in-text referencing. See here for a quick guide. • Support: If you use external support, e.g., for proofreading or translation, you MUST state this. The tutor will provide adequate support to ensure that all students are very clear of what is expected of them in this assessment. So ensure you take this opportunity to get clarifications where you need them. • Coverage: You are expected to address ALL aspects as identified in this brief. • Originality: It is acceptable to use direct quotes from sources. However, excessive use of direct quotes (regardless of whether they are referenced or not) reduces the originality of the work. This and high level of similarity will affect the student’s mark. Assessment Criteria Marks will be affected if the above instructions are not adhered to. The following criteria will apply: • Knowledge [30%]: Demonstration of knowledge and understanding of subject matter, tailoring of discussion to case study, and coverage • Cognitive skills [30%]: Clarity of discussion, coherency, perception, articulation of views, thoughtful interpretation etc. • Practical/professional skills [25%]: Technical understanding and use of materials, breadth and depth of material, academic writing, formatting and strength of argument. • Communication [10%]: Presentation, vocabulary and style, spelling and punctuation • Referencing [5%]: Using literature to support argument. Acknowledging and accurately presenting sources.