Task 2: Digital Forensics

Task 2: Digital Forensics Report (20 Marks)

Task 2: Digital Forensics Report (20 Marks) In this major task you have assumed a digital forensics investigator and asked to prepare a digital forensic report for the following scenario: In this case, youre examining, Randall Simpson, the CIO of Flashbills, and Sarah Jensen, the lead developer at Desert Oasis Funding, are suspected of intellectual property theft. Randall is unhappy that his share of the profits has gone down since his partners son was hired, and Sarah has been after the code for a new app from Flashbills. The corporate investigator is aware that the two have been calling and e-mailing each other, so he attempted to do a logical acquisition of Sarahs TracFone (a low-cost, prepaid phone often referred to as a burner phone). To keep customers from switching to other plans, these phones are code-locked to prevent a USB connection and even jailbreaking. Cellebrite was able to read the SIM card data but found no text messages, SMS messages, phone numbers, or other data. Figure 12-2 shows a Cellebrite report, and Figure 12-3 shows some plists (discussed in Chapter 7) found on the device. In addition to the case legal side, the investigator was able to get a warrant for cloud backups of Randalls and Sarahs mobile devices. Deliverable:For this forensic examination, you need to search all possible places data might be hiding and submit a digital forensics report of 1800-2000 words. Rationale back to top This assessment task will assess the following learning outcome/s: be able to determine and explain the legal and ethical considerations for investigating and prosecuting digital crimes. be able to analyse data on storage media and various file systems. be able to collect electronic evidence without compromising the original data. be able to evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab. be able to critique and compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation. be able to prepare and defend reports on the results of an investigation. This assessment task covers data validation,e-discovery, steganography, reporting and presenting, andhas been designed to ensure that you are engaging with the subject content on a regular basis. Marking criteria and standards Task 2: Forensics report (20 Marks) Criteria HD DI CR PS FL 100% 85% 84% 75% 74% 65% 64% 50% 50% 0 Introduction: All elements are present, well expressed, comprehensive and accurate. All elements are present and largely accurate and well expressed. All elements are present with few inaccuracies. Most elements are present possibly with some inaccuracies. Fails to satisfy minimum requirements of introduction. Background, scope of engagement, tools and findings (3 marks) Possible marks 3.0 2.55 2.54 2.25 2.24 1.95 1.94 1.5 1.4 0 Analysis:relevant programs, techniques, graphics Description of analysis is clear and appropriate programs and techniques are selected. Very good graphic image analysis. Description of analysis is clear and most appropriate programs and techniques are selected. Good graphic image analysis. Description of analysis is clear and most appropriate programs and techniques are selected. Description of analysis is not completely relevant. Little or no graphics image analysis provided. Fails to satisfy minimum requirements of analysis. (5 marks) Reasonable graphic image analysis. Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5 2.4 0 Findings: A greater detail of findings is provided. Keywords and string searches are listed very clearly. Evidence found is very convincing. An indication of ownership is very clear. Findings are provided, keywords and string searchers are listed. The evidence is sound. Ownership is clear. Findings are provided, some keywords are listed. The evidence is reasonable which relates to the ownership. Findings are provided but are somewhat vague. Keywords and strings are not very clear. Evidence found may be questionable. Fails to satisfy minimum requirements providing findings. specific files/images, type of searches, type of evidence, indicators of ownership (5 marks) Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5 2.4 0 Conclusion: High-level summary of results is provided which is consistent with the report. Well summarised results and mostly consistent with the findings. Good summary of results. Satisfies the minimum requirements. Results are not really consistent with the findings. Fails to satisfy minimum requirements of summarising the results. Summary, Results Able to relate the results with findings. No new material is included. (3 marks) Possible marks 3.0 2.55 2.54 2.25 2.24 1.95 1.94 1.5 1.4 0 References: APA 6th edition referencing applied to a range of relevant resources. No referencing errors. Direct quotes used sparingly. Sources all documented. APA 6th edition referencing applied to a range of relevant resources. No more than 2 referencing errors. APA 6th edition referencing applied to a range of relevant resources. No more than 3 errors. Direct quotes used in-context. Sources all documented. APA 6th edition referencing applied to a range of relevant resources. Referencing not done to the APA 6th edition standard. Over-use of direct quotes. A range of sources used is not appropriate and/or not documented. Must cite references to all material used as sources for the content Direct quotes used sparingly. Sources all documented. No more than 4 errors. Direct quotes used in-context. Some sources documented. (2 marks) Possible marks 2.0 1.7 1.6 1.5 1.4 1.3 1.2 1.0 0.9 0 Glossary / Appendices: Glossary of technical terms used in the report is provided which has a generally acceptable source of the definition of the terms and appropriate references are included. The relevant supporting material is provided in appendices to demonstrate the evidence. Glossary of technical terms used in the report is provided which has a mostly acceptable source of the definition of the terms and appropriate references are included. Some supporting material is provided in appendices to demonstrate the evidence. Glossary of some technical terms used in the report is provided which has a mostly acceptable source of the definition of the terms and appropriate references are included. Some supporting material is provided in appendices to demonstrate the evidence. Glossary of some technical terms used in the report is provided however terms are not generally common and some references are missing. Some supporting material is provided in appendices. Most terminologies are missing. (2 marks) Appendices are either not provided or are irrelevant. Possible marks 2.0 1.7 1.6 1.5 1.4 1.3 1.2 1.0 0.9 0 Presentation The following should be included as minimum requirements in the report structure: Executive Summary or Abstract This section provides a brief overview of the case, your involvement as an examiner, authorisation, major findings and conclusion Table of Contents Introduction Background, scope of engagement, forensics tools used and summary of findings Analysis Conducted -Description of relevant programs on the examined items -Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions etc -Graphic image analysis Findings -This section should describe in greater detail the results of the examinations and may include: -Specific files related to the request -Other files, including deleted files that support the findings -String searches, keyword searches, and text string searches -Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and newsgroup activity -Indicators of ownership, which could include program registration data. Conclusion Summary of the report and results obtained References You must cite references to all material you have used as sources for the content of your work Glossary A glossary should assist the reader in understanding any technical terms used in the report. Use a generally accepted source for the definition of the terms and include appropriate references. Appendices You can attach any supporting material such as printouts of particular items of evidence, digital copies of evidence, and chain of custody documentation. Follow the referencing guidelines for APA 6 as specified inReferencing Guides. Submit the assignment in ONE word or pdf file on TURNITIN. Please do not submit *.zip or *.rar or multiple files.

Pssst…Are you looking for assignment help?

We have experienced native experts to complete any assignment you may have. Plagiarism Free & Great Quality. (Full Refund Provided)

<< SAVE15 >>

Place your first order with code to get 15% discount right away!

Impressive sample results