COIT20267 Computer Forensics

COIT20267 Computer ForensicsAssessment Specification Due date:Week 12 Friday (5 Jun. 2020) 11:55 am AESTASSESSMENTWeighting:Length:45%3,500 words (excluding title page, ToC and references list)3 ObjectivesThis assessment item relates to the unit learning outcome 1 to 7 as stated on the unit profile.1. Apply the computer forensics methodologies.2. Write an analysis of a case study.3. Prepare an outline of a professional computer forensic plan.InstructionsThis assessment is a group assessment where group is made of 2-3(three) students. Each group need to choosea case study given in case study section and perform activities from Assessment activities section. Outcomeof the assessment will be a report for the entire group. Follow instructions given in what to submit? sectionof this document to prepare a report and submit on Moodle. The report must be cohesive and fit well together.Length. The report should be limited to 3,500 words in length, excluding title page, ToC and references list.10% leeway on either side is applicable.Assumptions. Students are encouraged to make assumptions wherever necessary subject to two conditions:(1) assumptions should not contradict with the factual information given in the case; (2) assumptions,oncemade, must be relevant and addressed in your report.Case study: As a group choose one from given casesbelow for this assignment:1. Case one Electronic eavesdropping2. Case Two Exfiltration of corporate IP3. Case Three Illegal digital materialsAssessment activities:I) In capacity of a computer forensics specialist, your task is to prepare a computer forensics investigationplan to enable a systematic collection of evidence and subsequent forensic analysis of the electronic anddigital data. This plan should detail the following: Justify why the use of the digital forensic methodology and approach is warranted includingappropriate procedures for the Companys investigation. Describe the resources required to conduct a digital forensic investigation, including skill sets andthe required software and hardware for the forensics team members. Outline an approach for data/evidence identification and acquisition that should occur in order tobe able to identify and review the digital evidence. Outline an approach and steps to be taken during the analysis phase.II) Investigate the collected evidences below to answer the question asked in the case study Hard drive images o charlie-2009-12-11.E01o pat-2009-12-11.E01o terry-2009-12-11-002.E01o jo-2009-12-11-002.E01 RAM Images o pat-2009-12-11.mddramimage.zipo charlie-2009-12-11.mddramimage.zip USB Drive imageso charlie-work-usb-2009-12-11.E01o jo-work-usb-2009-12-11.E01III) Report the evidence and validation to support the answer of your investigation outcomeTips for preparing your computer forensics investigative planIn writing the computer forensics investigative plan, students need to address following points. Do note thatpoints listed below are not exhaustive and need to be considered as helpful tips. Justify a need for computer forensics methodology and consider scope of the case including nature ofalleged misconduct leading to consideration of how electronic and digital evidence may support theinvestigation. The plan should consider how computer forensics differs from other techniques (such asnetwork forensics, data recovery) and detail the overall steps for the systematic computer forensicsapproach. Consider the required resources and include details regarding preparation plan for evidence gathering(such as evidence forms, types, storage media and containers), forensics workstation and peripheralsneeded, software/tools for analysis depending on the type of evidence to be gathered including rationalefor selected tools, and consideration of team member skills in digital analysis (such as OS knowledge,skills for interviewing, consultation, working as per the needs of the auditing team and understanding oflaw and corporate policies). Detail the approach for data acquisition including the different types of evidence that can be gathered andtheir source depending upon the nature of the case and scope of investigation, develop a plan for dataacquisition including rationale for selected plan and contingency planning, detail type of data acquisitiontools needed including rationale and an outline for the data validation & verification procedures. Provide an outline of the forensic analysis procedures/steps depending upon the nature of evidence to becollected and detail the validation approach. This can include techniques to counter data hiding,recovering deleted files, procedures for network and e-mail analysis. Prepare a professional report with an Executive Summary, a Word generated table of contents, anIntroduction, a body of the report with proper headings and sub-headings, and a Conclusion. Table of contents for the investigative plan should consider what to include in report, structure of report,focus or scope of the report including supporting material to be provided and references. This table ofcontents should include headings and sub-headings pertaining to the aspects addressed in the above dotpoints.What to submit?Specifically, your report should include the following sections.1. Title page: (each) student name (in your group), (each) student number (in your group), (each)student email address (in your group, use CQU email), title of your report, local lecturer/tutor, andunit coordinator. Not counted towards the word count.2. Executive summary.3. Table of Contents (ToC): should list the report (sub)sections in decimal notation. Create the ToCusing MS Words ToC auto-generator rather than manually typing out the ToC. Instructions can befoundhere: https://support.office.com/en-gb/article/create-a-table-of-contents-882e8564-0edb-435e84b5-1d8552ccf0c0?redirectSourcePath=%252fen-gb%252farticle%252fCreate-a-table-ofcontentsor-update-a-table-of-contents-eb275189-b93e-4559-8dd9-c279457bfd72&ui=enUS&rs=enGB&ad=GB# create_a_table. Not counted towards the word count.4. Introduction.5. Body of the report Computer forensics investigation plan Investigation outcome to answer the question and evidence to support your answer.6. Conclusion.7. Reference list: all references must be in Harvard Referencing Style. Not counted towards the wordcount.________________________________________________________________________________________General Assessment CriteriaIncomprehensible submissions. Assessments provide the opportunity for students to demonstrate theirknowledge and skills to achieve the required standard. To do this, assessment responses need to be both clearand easy to understand. If not, the University cannot determine that students have demonstrated theirknowledge and skills. Assessments will, therefore, be marked accordingly including the potential for 0 (zero)marks where relevant.Late penalty. Late submissions will attract penalties at 5% for each day or part thereof that it is late of the totalavailable mark for the individual assessment item. This means that, for an assessment worth 45 marks, themark that you earn is reduced by 2.25 marks each day that the assessment is late (including part-days andweekends).Check the marking criteria. Before submitting your assignment, you should check it against the detailedassessment criteria included in this specification to ensure that you have satisfactorily addressed all the criteriathat will be used to mark your assignment.Academic Language. All submissions should be thoroughly proof-read for spelling, typographical orgrammatical errors before being submitted. Do not rely on the spell-check function in your word processingprogram. If, for example, affect is substituted for effect, your program may not detect the error.Academic IntegrityAll assignments will be checked for plagiarism (material copied from other students and/or material copiedfrom other sources) using Turnitin. If you are found to have plagiarised material or if you have used someoneelses words without appropriate referencing, you will be penalised for plagiarism which could result in zeromarks for the whole assignment. In some circumstances a more severe penalty may be imposed.Useful information about academic integrity (avoiding plagiarism) can be found at: CQUniversity referencingguideshttps://www.cqu.edu.au/student-life/services-and-facilities/referencing/cquniversity-referencing-guidesSubmission requirementsWho to submit? For on-campus students, one and only one of the group members needs to submit for theentire group. Distance students need to submit individually.What to submit? A report in MS Word format (.doc or .docx) needs to be submitted. No other documentformats are accepted (no PDF files, Apple Pages, Apple Keynotes or Online Google Doc Link). No Zippedfiles. Students must not zip multiple files and submit it as one single zip/compressed file.Means of submission. All assignments must be submitted electronically to Moodle. The submission links canbe accessed through the Assessment block on the Moodle unit website. Physical copies/ Email submissions arenot accepted.Auto-submission. Moodle implements an auto-submission process for those items uploaded and left as draftsbefore the original deadline. However, any assessments uploaded after the original deadline must be manuallysubmitted by the students.Please note that auto-submission process does not work for assessments which have extensions. Autosubmission only works where the original deadline of an assessment has not changed. If you are submittingafter the deadline (original or extended), you must complete the Moodle submission process. Further detailson completing the submission process are available via the Moodle Help for Students link in the Supportblock of your Moodle pages.Complete and correct submission. Requests for changing files after the submission deadline may be grantedif the Unit Coordinator is contacted. However, if a change of files is allowed by the Unit Coordinator, then thesubmission time will be taken as the latest time (i.e. when the last update is made), not the original submissiontime. That will result in a late penalty.Assessment criteria COIT20267 Assessment item 3 Case studyCriteriaPerformance levelsBeginning1Developing2Improving3Accomplished4Exemplary5ScoreJustification Is the justification ofwhy use of the computer forensicmethodology and approach iswarranted sound?Resources Are the resources requiredto conduct a computer forensicinvestigation completely listed?Approach Is the approach forevidence identification and acquisitionreasonable?Steps Are steps to be taken during theanalysis phase reasonable?Correctness of the answerReporting of investigation outcomewith evidenceReporting the validation ofevidence for courtTable of contents Is the table ofcontents professionally prepared?References Are the referencescorrectly cited?TotalComments:Marker:Date:

Pssst…We can write an original essay just for you.

Any essay type. Any subject. We will even overcome a 6 hour deadline.

<< SAVE15 >>

Place your first order with code to get 15% discount right away!

Impressive sample results