Task 3: Forensics Report (20 Marks) In this major task assume you are a Digital Forensics Examiner. Considering a real or a hypothetical case you are required to produce a formal report consisting of facts from your findings to your attorney who has retained you. You are free to choose a forensics scenario which can be the examination of a storage media (HDD, USB Drive, etc), email or social media forensics, mobile device forensics, cloud forensics or any other appropriate scenario you can think of. Deliverable: A forensics report of 1800-2000 word. Rationale This assessment task covers data validation, e-discovery, steganography, reporting and presenting, and has been designed to ensure that you are engaging with the subject content on a regular basis. More specifically it seeks to assess your ability to: • determine the legal and ethical considerations for investigating and prosecuting digital crimes • analyse data on storage media and various file systems • collect electronic evidence without compromising the original data; • evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab; • compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation; • prepare and defend reports on the results of an investigation • Presentation • The following should be included as minimum requirements in the report structure: • • Executive Summary or Abstract This section provides a brief overview of the case, your involvement as an examiner, authorisation, major findings and conclusion • • Table of Contents • • Introduction Background, scope of engagement, forensics tools used and summary of findings • • Analysis Conducted o Description of relevant programs on the examined items o Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions etc o Graphic image analysis • • Findings This section should describe in greater detail the results of the examinations and may include: o Specific files related to the request o Other files, including deleted files that support the findings o String searches, keyword searches, and text string searches o Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news group activity o Indicators of ownership, which could include program registration data. • • Conclusion Summary of the report and results obtained • • References You must cite references to all material you have used as sources for the content of your work • • Glossary A glossary should assist the reader in understanding any technical terms used in the report. Use a generally accepted source for the definition of the terms and include appropriate references. • • Appendices You can attach any supporting material such as printouts of particular items of evidence, digital copies of evidence, and chain of custody documentation. • Follow the referencing guidelines for APA 6 as specified in Referencing Guides. • Submit the assignment in ONE word or pdf file on Turnitin. Please do not submit *.zip or *.rar or multiple files.