DIGITAL FORENSICS
TASK
Note: A Study Planner tool has been provided with this subject to support the assessment process. This tool provides information about the submission flexibility of assessment tasks, and a way to organise adjustments to submission dates. A link to the Study Planner can be found on the Interact2 site.
Task 1: Reflection on Hands-on Projects (5 marks)
Complete the following hands-on projects from your textbook:
1. Hands-on Project 1-1
2. Hands-on Project 1-2
3. Hands-on Project 1-4
4. Hands-on Project 1-5
5. Hands-on Project 1-6
Deliverable: Write a 500-1000 words (up to two A4 pages) report on lessons learned from these projects. Comment on each project individually within the two-page limit. You can write one lesson learned from each of the projects.
Task 2: Case Project (5 marks)
Complete the Hands-on Project 5-2 from your textbook (Nelson, Phillips, & Steuart, 6th edition, 2019, p. 260-261). In this project you will explore the MFT and learn how to locate time and date values in the metadata of a file you create during this project.
Deliverable: Write a 500-1000 words paper after completing this project and report what metadata you have discovered from the file you analysed using WinHex editor. Provide screen shots of the steps completed in the project showing the results of date and time values you have recorded. Briefly describe the main steps that you think are necessary and important to locate date and time values while analysing the file.
Task 3: Research Project (5 marks)
You have been assigned a digital forensics case to investigate involving a potential monetary fraud in an organisation. The CTO of the organisation has given you access to the workstation and other necessary hardware, e.g. USB, of one of his employees who she thinks is potentially involved in this fraud. Your job as a digital forensics examiner is to conduct this investigation. You are required to create a (investigation) plan and describe the standard practice procedure that is used in such investigations. Your plan must include the procedures for collecting the digital data, securing the evidence that you may collect and then describing the method to validate the collected data, e.g. calculating hash values and specifying the hash algorithm that you intend to use, e.g. SHA-3, MD5 etc. You can make some reasonable assumptions if required when describing your plan / procedures.
Deliverable: Write a 500-1000 word report that outlines the investigation plan, procedures to secure the digital evidence, and data validation methods.
Note: Combine deliverable’s of all three tasks mentioned above in a single document (only MS Word (preferable) or pdf, please note other formats e.g. *.zip, *.rar etc are NOT allowed) and then submit that one / single document through Turnitin.