2022 T2 BN309 Assignment 1 MEL SYD
Prepared by: ABM Russel XXXXXXXXXXModerated by: Dr Sanjeeb Shrestha July, 2022
Assessment Details and Submission Guidelines
Unit Code BN309 – T2 2022
Unit Title Computer Forensics
Assessment Type Formative Assignment-1 (Individual Assessment)
Assessment Title Validating and Testing Computer Forensics Tools and Evidence
Purpose of the
assessment (with
ULO Mapping)
This assignment assesses the following Unit Learning Outcomes; students
should be able to demonstrate their achievements in them.
a. Document evidence and report on computer forensics findings.
. Implement a number of methodologies for validating and testing
computer forensics tools and evidence.
Weight 5%
Total Marks 60
Word limit 500 – 600 words
Due Date Assignment 1 – Week 3, Sunday, 7 August XXXXXXXXXX:59 pm
Submission
Guidelines
• All work must be submitted on Moodle by the due date along with a
completed Assignment Cover Page.
• The assignment must be in MS Word format, 1.5 spacing, 11-pt Cali
i
(Body) font and 2 cm margins on all four sides of your page with
appropriate section headings.
• Reference sources must be cited in the text of the report, and listed
appropriately at the end in a reference list using IEEE referencing style.
Extension • If an extension of time to submit work is required, a Special Consideration
Application must be submitted directly to the School's Administration
Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit
this application three working days prior to the due date of the
assignment. Further information is available at:
http:
www.mit.edu.au/about-mit/institute-publications/policies-
procedures-and-guidelines/specialconsiderationdeferment
Academic
Misconduct
• Academic Misconduct is a serious offence. Depending on the seriousness
of the case, penalties can vary from a written warning or zero marks to
exclusion from the course or rescinding the degree. Students should make
themselves familiar with the full policy and procedure available at:
http:
www.mit.edu.au/about-mit/institute-publications/policies-
procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-
Procedure. For further information, please refer to the Academic Integrity
Section in your Unit Description.
BN309 Computer Forensics Page 5 of 5
Prepared by: ABM Russel XXXXXXXXXXModerated by: Dr Sanjeeb Shrestha July, 2022
Assignment Questions:
Objective: The objective of the assignment is to compare Computer Forensics Tools and
Techniques that can acquire data from a drive. In addition, students are required to document
all steps in a report, the report should be formal so that it can be used in a legal process.
Marks will be awarded based on the sophistication and the difficulties of the techniques
explored.
Case Study: You have been assigned a child abduction case. A 16GB USB is found from the
suspect’s apartment, and it is expected to have very important information related to the
case. The USB contains several Doc files, a couple of image files, and some text files.
Assignment Specification:
Prepare a report on the following sections related to the case study scenario.
Install and compare two Computer Forensics Tools required to complete this report. You will
eport on their uses.
You need to address the following requirements:
Data Preparation: You need to use your own USB to create/delete files as mentioned in the
scenario below and perform the digital forensics investigation:
1. You need to create six files of type pdf, excel and word documents, where you need
to name these files as follow: YourMITID_BN309_Assig1.*, where * depends of the
file type. In addition, you need to change the attribute of these files to describe the
Metadata which holds data such as your name as an author, organization name “MIT”,
computer name “based on your terminal name”, date/time created, and comments
such as “created for Assignment1 of BN309”.
2. Modify the extension of one of the doc file to .jpeg
3. Then you need to delete 3 files including the file you have modified its extension, one
of each type. Provide the list of references using IEEE referencing style at the end of
the report.
Data Acquisition
Prepare a forensic image (bit stream copy) with the record of data deletion. Explain the
method and tool you have used in acquiring data. Please submit this image with your
assignment. You need to cover the challenges to make a successful acquisition, and what are
the relevant formats to use and why. Describe the steps required for search and seizure. (500
- 600 words)
BN309 Computer Forensics Page 5 of 5
Prepared by: ABM Russel XXXXXXXXXXModerated by: Dr Sanjeeb Shrestha July, 2022
Marking Guide
This assessment requires you write a report.
Select and compare two Computer Forensics Tools used in forensic case investigations
(the report should discuss similarities and differences with screenshots from the
installed tools features and references). You will also perform 2 demonstration tasks
along with data preparation and evidence your work. Your final report should include:
i. Suitability of Computer Forensics tools for the given case
ii. Data Preparation
iii. Section 1: Data Acquisition
iv. Section 2: Data Recovery
For this assignment, download and install Computer Forensics tools assigned to you using
Table 1 shown below.
Table 1 Computer Forensics tool assignment to students
Students with ID
ending with
Security Tool Serial #
0 to 3 ProDiscover Basic and any other tool of your choice
4 to 6 OS Forensics and any other tool of your choice
7 to 9 Autopsy and any other tool of your choice
Note: If you would like to choose other Computer Forensics tools that are not listed in this
table, talk to your tutor and get permission to use it.
Marking criteria:
Marks are allocated as follows:
Section to be included
in the report
Description of the section Marks
Computer Forensic
Tools installation
and comparison
Discuss similarities and differences between
two tools
10
Computer Forensic
Tools analysis
Analyse the suitability of specific tool for the
given case
10
Data preparation Follow instruction of Data preparation. Note
that failed to create the files according to
equest would reduce your marks.
10
Data Acquisition
Acquiring data using a standard tool
Explanation of acquisitions and screenshots
5x4 = 20
BN309 Computer Forensics Page 5 of 5
Prepared by: ABM Russel XXXXXXXXXXModerated by: Dr Sanjeeb Shrestha July, 2022
Challenges for successful data acquisition
Search and seizure
Writing quality, Coherence, Report Structure
5
Follow IEEE reference style (should have both in-
text citation and reference list)
5
Total 60
Marking Ru
ic for Assignment #1: Total Marks 60
Grade
Mark
HD
=80%
D
70%-79%
CR
60%-69%
P
50%-59%
Fail
50%
Excellent Very Good Good Satisfactory Unsatisfactory
Computer Forensic
Tools installation
and comparison
Very
professional
descriptions
and easy to
follow
professional
descriptions and
easy to follow
Clear description
and easy to
follow
Clear descriptions Description is
hard to follow
and inco
ect
Computer Forensic
Tools analysis
Very
professional
descriptions
and easy to
follow
professional
descriptions and
easy to follow
Clear description
and easy to
follow
Clear descriptions Description is
hard to follow
and inco
ect
Data preparation
Data
Preparation is
co
ect
according to
equirements
Requirements for
the Data
preparation is
specified, files were
created but not
delete any file, and
all issues identified
and listed
Requirements for
the Data
preparation is
specified, files were
created but not
delete any file, and
some issues
identified and listed
Not a complete Data
Preparation with a
few requirements,
very few files were
created but not
deleted, and issues
Did not address sub
sections of Data
Preparation
Data Acquisition Explained the
act and the
important key
points in
elation to data
acquisition
Provided an
adequate idea
about the act with
the key points
Provided an idea
about the act with
the key points
Did not provide a clear
picture of the act with
the key points
included
Missing explanation
and key points
Writing quality Generally good Needs minor
improvement
Needs improvement Needs significant
improvement
Unsatisfactory
References Generally good
with adequate
eferences
Needs minor
improvement
Needs improvement Needs significant
improvement
No reference