Charles Sturt University Subject Outline ITC597 201730 SM I-28 January 2017-Version 1 Page of 8 17 Criteria HD 100% - 85% DI 84% - 75% CR 74% - 65% PS 64% - 50% FL 49% - 0 300-500 word Report on investigation and validation methods Standard practice for potential fraud case(s) investigation and data validation methods excellent explanation, justification with MS Word and Excel hashes snapshots provided, explained and references are provided. Standard practice for potential fraud case(s) investigation and data validation methods reasonable explanation, justification with MS Word and Excel hashes snapshots provided, explained and references are provided. Standard practice for potential fraud case(s) investigation and data validation methods some minor errors in explanation, justification with MS Word and Excel hashes snapshots provided, explained and references are provided. Standard practice for potential fraud case(s) investigation and data validation methods provided but it lacks reasoning for the with MS Word and Excel hashes snapshots provided, explained and references are provided. Little or no evidence of research conducted. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0 Presentation Ensure all tasks are identified with headings. Use single reference list at the end of document. Submit the assignment in ONE word or pdf file on Turnitin. Please do not submit *.zip or *.rar or multiple files Assessment item 2 Assignment 2 - Tasks and Forensics Report Value: 30% Due date: 19-May-2017 Return date: 09-Jun-2017 Submission method options Alternative submission method Task Task 1: Recovering scrambled bits (5 Marks) For this task I will upload a text file with scrambled bits on the Interact site closer to the assignment due date. You will be required to restore the scrambled bits to their original order and copy the plain text in your assignment. Describe the process used in restoring the scrambled bits and insert plain text in the Deliverable: assignment. Task 2: Revealing hidden information from an image (5 Marks) For this task I will provide an image with hidden information in it. You will be required to reveal the hidden information. Describe the process used to reveal the hidden information from the image and copy the Deliverable: revealed information in the assignment in plain text. Charles Sturt University Subject Outline ITC597 201730 SM I-28 January 2017-Version 1 Page of 9 17 Task 3: Forensics Report (20 Marks) In this major task assume you are a Digital Forensics Examiner. Considering a real or a hypothetical case you are required to produce a formal report consisting of facts from your findings to your attorney who has retained you. You are free to choose a forensics scenario which can be the examination of a storage media (HDD, USB Drive, etc), email or social media forensics, mobile device forensics, cloud forensics or any other appropriate scenario you can think of. A forensics report of word. Deliverable: 1800-2000 Rationale This assessment task covers data validation, e-discovery, steganography, reporting and presenting, and has been designed to ensure that you are engaging with the subject content on a regular basis. More specifically it seeks to assess your ability to: determine the legal and ethical considerations for investigating and prosecuting digital crimes analyse data on storage media and various file systems collect electronic evidence without compromising the original data; evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab; compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation; prepare and defend reports on the results of an investigation Marking criteria Task 1: Recovering scrambled bits (5 Marks) Criteria HD 100% - 85% DI 84% - 75% CR 74% - 65% PS 64% - 50% Successfully recovering the scrambled bits to their original order (5 marks) Scrambled bits are restored to the original text. Tool used to decode the text is mentioned and justification to use the tool is also provided. The process to restore the scrambled bits is clearly described with screenshots inserted of all steps. Scrambled bits are restored to the original text. Tool used to decode the text is mentioned but the justification is not very clear. The process to restore the scrambled bits is described with some screenshots. Scrambled bits are restored to the original text. Tool used to decode the text is mentioned but the justification is not very clear. The process to restore the scrambled bits is described but no screenshots provided. Scrambled bits are restored to the original text. No justification of tool used is provided, process seems to be somewhat vague. Scrambled bits are restored but not matching with the original text. Tool is not mentioned and process is not described. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 Task 2: Revealing hidden information from an image (5 Marks) Criteria HD 100% - 85% DI 84% - 75% CR 74% - 65% PS 64% - 50% Successfully revealing hidden text from an image Hidden text is revealed. Tool used to reveal the text is Hidden text is revealed. Tool used to reveal the text is Hidden text is revealed. Tool used to reveal the text is Hidden text is revealed. No justification of tool Hidden text is revealed but not matching with the Charles Sturt University Subject Outline ITC597 201730 SM I-28 January 2017-Version 1 Page of 10 17 (5 marks) mentioned and justification to use the tool is also provided. The process to reveal the text is clearly described with screenshots inserted of all steps. mentioned but the justification is not very clear. The process to restore the text is described with some screenshots. mentioned but the justification is not very clear. The process to restore the text is described but no screenshots provided. used is provided, process seems to be somewhat vague. original text. Tool is not mentioned and process is not described. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 Task 3: Forensics report (20 Marks) Criteria HD 100% - 85% DI 84% - 75% CR 74% - 65% PS 64% - 50% Introduction: Background, scope of engagement, tools and findings (3 marks) All elements are present, well expressed, comprehensive and accurate. All elements are present and largely accurate and well expressed. All elements are present with few inaccuracies. Most elements are present possibly with some inaccuracies. Possible marks 3.0 – 2.55 2.54 – 2.25 2.24 – 1.95 1.94 – 1.5 relevantAnalysis: programs, techniques, graphics (5 marks) Description of analysis is clear and appropriate programs and techniques are selected. Very good graphic image analysis. Description of analysis is clear and mostly appropriate programs and techniques are selected. Good graphic image analysis. Description of analysis is clear and mostly appropriate programs and techniques are selected. Reasonable graphic image analysis. Description of analysis is not completely relevant. Little or no graphics image analysis provided. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 Findings: specific files/images, type of searches, type of evidence, indicators of ownership (5 marks) A greater detail of findings is provided. Keywords and string searches are listed very clearly. Evidence found is very convincing. Indication of ownership is very clear. Findings are provided, keywords and string searchers are listed. Evidence is sound. Ownership is clear. Findings are provided, some keywords are listed. Evidence is reasonable which relates to the ownership. Findings are provided but are somewhat vague. Keywords and strings are not very clear. Evidence found may be questionable. Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 Conclusion: Summary, Results (3 marks) High level summary of results is provided which is consistent with the report. Well summarised results and mostly consistent with the findings. Good summary of results. Able to relate the results with findings. No new material is included. Satisfies the minimum requirements. Results are not really consistent with the findings. Possible marks 3.0 – 2.55 2.54 – 2.25 2.24 – 1.95 1.94 – 1.5 References: Must cite references to all material used as sources for the content (2 marks) APA 6th edition referencing applied to a range of relevant resources. No referencing errors. Direct quotes used sparingly. Sources all documented. APA 6th edition referencing applied to a range of relevant resources. No more than 2 referencing errors. Direct quotes used sparingly. Sources all documented. APA 6th edition referencing applied to a range of relevant resources. No more than 3 errors. Direct quotes used in-context. Sources all documented. APA 6th edition referencing applied to a range of relevant resources. No more than 4 errors. Direct quotes used in-context. Some sources documented. Charles Sturt University Subject Outline ITC597 201730 SM I-28 January 2017-Version 1 Page of 11 17 Possible marks 2.0 – 1.7 1.6 – 1.5 1.4 – 1.3 1.2 – 1.0 Glossary / Appendices: (2 marks) Glossary of technical terms used in the report is provided which has generally acceptable source of definition of the terms and appropriate references are included. Relevant supporting material is provided in appendices to demonstrate the evidence. Glossary of technical terms used in the report is provided which has mostly acceptable source of definition of the terms and appropriate references are included. Some supporting material is provided in appendices to demonstrate the evidence. Glossary of some technical terms used in the report is provided which has mostly acceptable source of definition of the terms and appropriate references are included. Some supporting material is provided in appendices to demonstrate the evidence. Glossary of some technical terms used in the report is provided however terms are not generally common and some references are missing. Some supporting material is provided in appendices. Possible marks 2.0 – 1.7 1.6 – 1.5 1.4 – 1.3 1.2 – 1.0 Presentation The following should be included as minimum requirements in the report structure: • Executive Summary or Abstract This section provides a brief overview of the case, your involvement as an examiner, authorisation, major findings and conclusion • Table of Contents • Introduction Background, scope of engagement, forensics tools used and summary of findings • Analysis Conducted o Description of relevant programs on the examined items o Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions etc o Graphic image analysis • Findings This section should describe in greater detail the results of the examinations and may include: o Specific files related to the request o Other files, including deleted files that support the findings o String searches, keyword searches, and text string searches o Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news group activity o Indicators of ownership, which could include program registration data. • Conclusion Summary of the report and results obtained • References You must cite references to all material you have used as sources for the content of your work • Glossary A glossary should assist the reader in understanding any technical terms used in the report. Use a generally accepted source for the definition of the terms and include appropriate references. • Appendices You can attach any supporting material such as printouts of particular items of evidence, digital copies of evidence, and chain of custody documentation. Follow the referencing guidelines for APA 6 as specified in Referencing Guides (http://student.csu.edu.au/study/referencing-at-csu). Submit the assignment in ONE word or pdf file on Turnitin. Please do not submit *.zip or *.rar or multiple files.