Great Deal! Get Instant $10 FREE in Account on First Order + 10% Cashback on Every Order Order Now


1 answer below »
PSB109SE - Digital Forensics Fundamentals (CU DEGREE)
Marking Scheme
Assignment Learning Outcomes
On completion of this module, a student should be able to:
1. Define the principles of digital forensics and data recovery in respect of “live” and “dead” acquisition. ( You can use USB drive or any external DVD , HARD drive )
3. Apply digital forensic methodology to digital crime investigation in accordance with UK ACPO Principles regarding digital evidence. (2012)
4. Analyse the legal, ethical and professional issues involved in digital forensic investigations.
6. Develop technical writing skills required to accurately record and report forensic findings and document evidence.
Indicative time (hrs)

Activity Led Learning

18 Hours of Lecture and 18 hours of Tutorial (Lab) = 36 hours



Coursework with Viva (50%) assessing learning outcomes 1,3,4,6
Coursework with Viva (Activity Led Learning)
Learning Outcomes:
· Perform identification, extraction and analysis of digital evidence (Task 1, 3, 4)
· Record and report forensic findings and document evidence (Task 6)
· Present findings in a 15 minutes VIVA.
Digital Forensic Examination of Storage Media
The storage media, to be examined for evidence, contained a virtualized image of a Windows-based Operating System with a NTFS/FAT based File System. The case is as follows:
John Doe contacted my office (forensic services) in regards to imaging a stolen laptop computer running Windows® XP Professional that had been recovered. Doe is requesting a forensic examination to see what company documents may have been stolen by the suspect(s) and is requesting a full forensic examination and report for possible criminal charges & civil litigation.
1. Investigation
You, as the expert digital forensic examiner, are required to research on at least one open source (free) forensic tool, learn how to use the tool by performing forensic examination on a storage media.
Forensic examination of the given storage media (containing the above mentioned case) is to be ca
ied out using AccessData® FTK based forensic tools as well as an open source forensic tool for cross checking.
2. Examiner Report
In your examiner report of not more than 25 pages (Times New Roman Font size 12 with one line spacing), you need to state your key observations, analysis and opinions on the case based on the evidences extracted from the evidence file.
The following are required in the examination report:
•    Case information
•    Information on the Evidences seized. This include:
· Evidence Number
· SHA1
· Model
· Serial Numbe
· Examiner name    
•    Any evidences that are relevant to the case. You should be as thorough as possible.
•    Any relevant notes on the evidence recovered (base on your observation).
The examiner report should include the relevant sections:
· Case identifie
· Exhibit/tag numbe
· Identity of the examine
· Identity of the reporting agency
· Date of receipt of exhibit
· Date of report
· Descriptive list of items submitted for examination, including serial number, make, model, operating system etc.
· Brief description of steps taken during examination, such as string searches, graphics image searches, and recovering erased files
· Conclusion
· Appendices
Submission of Work (30%)
Submission of Forensic Examination Report in hardcopy format on 11 June 2018 (Monday). The report format consists of following main sections:
· Case Summary
· Forensic Acquisition (Imaging) (if applicable)
· Details of Findings (Forensic Analysis)
· Conclusion
VIVA (20%)
Conduct a presentation on your approach and demonstrate your work/demonstration during an in-class session on 11 June 2018 (Monday) in a 15 minutes VIVA session.
Reference Sites:
The following steps are recommended for forensic examination of digital evidence:
1. Case Planning & Preparation
1.1. Accessing the case scenario - determine a preliminary design or approach to the case. Consider the case size, scope, and other special characteristics. This is in accordance to UK Computer Misuse Act.
1.2. Seizure and device handling – knowledge and compliance to seizure and device handling policies and procedures, plans, drills, staff training and experience, and proper equipment, in accordance to ACPO Digital Evidence Principles (2012).
1.3. Recording the incident scene – Assessing a physical location for safety. Scene is recorded through a combination of field notes, sketches, video, or still images.
2. Case Collection
2.1. Acquiring evidence – Systematically outline the case details. Determine the type of evidence; operating system; known disk format; location of evidence.
2.2. Chain of custody - Establish a chain of custody; transport the evidence to a computer forensics lab; secure evidence in an approved secure container.
3. Case Examination
3.1. Forensic Imaging – prepare a forensics workstation; make a forensic copy of the evidence via forensically sound and repeatable techniques.
3.2. Forensic Handling of Volatile Digital Evidence – Protect and capture volatile memory of live system such as running processes, network connections, and other important application data.
3.3. Investigator Ethics – Professionalism and competency of forensic investigator to ca
y out investigations & report their findings in an unbiased and factual manner.
4. Case Analysis
4.1. Forensic Examination - Identify meaningful evidence, determine how to preserve the evidence and extract, process, and interpret the evidence.
4.2. Interpret Evidence – Expert interpretation of evidence to draw deductions, expert opinions of the case.
5. Reporting
5.1. Organization/Clarity/Coherence - Ability to communicate the results of investigation in a thorough and clear manner. Laying out of ideas in logical order; building arguments piece by piece.
5.2. Competency to Present Analytical Findings - Possessing a well-defined report structure so as to contribute to readers’ ability to understand the written information.
Assignment Deliverables and Conditions:
· Final Documentation has to be word processed. The maximum of 25 pages is recommended.
· Late submissions will be awarded ZERO marks. If you have genuine reason/s for needing to submit late, you can request an extension from faculty registry (at reception).
· Your document should be submitted in hardcopy.
· Citation of ACPO and relevant legislation is mandatory. Obtain the forensic tools from credible sources.
Marks Allocation (Examiner Report)
    Marks Allocated
    1. Case Planning & Preparation
    1.1. Accessing the case scenario
(UK Computer Misuse Act)
    1.2. Seizure and device handling
    1.3. Recording the incident scene –
Contemporaneous notes taking
    2. Case Collection
    2.1. Acquiring evidence
    2.2. Chain of custody
    3. Case Examination
    3.1. Forensic Imaging
    3.2. Forensic Handling of Volatile Digital Evidence
    3.3. Investigator Ethics
    4. Case Analysis
    4.1. Forensic Examination
    4.2. Interpreting Evidence
    5. Reporting
    5.1    Organization/Clarity/Coherence
    5.1    Competency to Present     Analytical Findings
Marks Allocation (VIVA)
The information in the speech should be organized. It should have an engaging introduction that grabs the audience’s attention. The body of the speech should include details, facts and statistics to support the main idea. The conclusion should wrap up the speech and leave the audiences with something to remember.
In addition, the speech should be accurate. Teachers should decide how students should cite their sources if they are used. These should be turned in at the time of the speech. Good speakers will mention their sources during the speech.
Last, the content should be clear. The information should be understandable for the audience and not confusing or ambiguous.
Eye Contact
Students eyes should not be riveted to the paper or note cards that they prepare for the presentation. It is best if students write talking points on their note cards. These are main points that they want to discuss. If students write their whole speech on the note cards, they will be more likely to read the speech word-for-word, which is boring and usually monotone.
Students should not stare at one person or at the floor. It is best if they can make eye contact with everyone in the room at least once during the presentation. Staring at a spot on the wall is not great, but is better than staring at their shoes or their papers.
When speaking, the speaker should not have distracting pauses during the speech. Sometimes a speaker may pause for effect; this is to tell the audience that what he or she is going to say next is important. However, when students pause because they become confused or forget the speech, this is distracting.
Another problem is ve
al fillers. Student may say “um," “er" or “uh" when they are thinking or between ideas. Some people do it unintentionally when they are nervous.
If students chronically say “um" or use any type of ve
al filler, they first need to be made aware of the problem while practicing. To fix this problem, a trusted friend can point out when they doing during practice. This will help students be aware when they are saying the ve
al fillers.
Confidence and Attitude
When students speak, they should stand tall and exude confidence to show that what they are going to say is important. If they are nervous or are not sure about their speech, they should not slouch. They need to give their speech with enthusiasm and poise. If it appears that the student does not care about his or her topic, why should the audience? Confidence can many times make a boring speech topic memorable.
Visual Aids
The visual that a student uses should aid the speech. This aid should explain a facts or an important point in more detail with graphics, diagrams, pictures or graphs.
These can be presented as projected diagrams, large photos, posters, electronic slide presentations, short clips of videos, 3-D models, etc. It is important that all visual aids be neat, creative and colorful. A poorly executed visual aid can take away from a strong speech.
One of the biggest
Answered Same Day Jun 01, 2020


Amit answered on Jun 06 2020
125 Votes
Full Name :
    Student ID :
    Subject :
    Assignment No :
    Due Date :
    Lecturer’s Name :
PSB109SE - Digital Forensics Fundamentals
Your Name:
Your Email:
School name, University name, country name
Table of Contents
1.    Overview of case study    3
2.    Forensic acquisition    6
3.    Computer misuse act of UK (1990)    10
4.    FTK Imager as open source forensic tool    14
5.    Magnet RAM Capture as open source forensic tool for comparison    17
6.    Details of finding    19
7.    Conclusion    24
8.    References:    25
1. Overview of case study
The task and role of digital forensic is rapidly increasing in modern world. The cyber crimes executed by hackers are responsible for defining the importance of digital forensic. In the given case, the laptop running on Windows XP operating system is stolen. So, the user wants to know from digital forensic examiner that documents are stolen and what the effective way to recover them is. The potential impact of stolen documents on company profile and business is also examined by the digital forensic examiner. The security of information is most crucial thing for modern organizations for conducting their business activities and maintaining its flow. The protection of used information system and developed information with hardware and software which are being used to transmit the developed information is known as information security. The functional ability, protection of used and collected data from external threats; safely enabling the operations required in organization and security of technical assets of organization are main points which require consideration in making digital forensic investigation for any organization. The implementation of digital forensic involves identification of different risks and associated challenges for associated organization. Among all important assets, the developed documents are the most important assets which require proper security from possible threats. The company documents are considered as the most important and valuable item, so, a proper protection is required for its safety [Dang-Nguyen et al, 2015]. For maintaining the confidentiality and associated integrity of operations processed through the developed documents, digital forensic is being essential for internal controls, required operations and combinations of different systems. The history of digital forensic starts in 1980’s when organizational uses of computers are being started. In that time, the security of physical assets of computer system is considered as the security of developed information. Even through the business enabled by internet opens the doors for fast acceptance of technology systems. By opening the doors for internet, the weaknesses of information security start encountering and role of digital forensic is improved. This
ings millions of unknown users to the developed systems which are making use of information generated by any organization. Different incidents relate to attacks on information/ database/ documents security by making use of malicious applications, worms and other virus are occu
ed. The occu
ence of these security failure incidents increases the cost and complexity of developed systems by digital forensic. Because of possible attacks to systems and information, awareness is also increased in its users. All the organizations which are using information systems have deployed proper security standards for the protection of developed documents and information for easy evaluation of digital forensic.
In 1990’s, the UK government passed a computer misuse acts which work on three key concepts: authorized access, unauthorized access and unauthorized modification [Lloyd, 2017]. In normal ways, the data and information protection created and developed by any individual or any organization is considered as information security through digital forensic. The maintaining of state and related quality of any documents which are free from any type of harm is also considered as the information security through digital forensic. Some more standards define the information digital forensic as the operational sense and steps which are developed to ensure the protections of valuable things is also digital forensic. The digital forensic is all about preventions of unwa
anted, unauthorized and intentional actions which may cause any issue to the used information system inside any organization. So, the main motive behind digital forensic is to build protection from intentional damages caused by certain enemies. The security of critical elements and developed information by means of using, storing and transmitting any developed information through hardware or software is also digital forensic. Thus, it can be said that the collections of different deployed standards, management practices, used policies and technologies which are being applied to information systems for ensuring their security is main aspect of digital forensic in any organization. The functions like safe operations execution through implemented IT system of organization, security of technology assets used in organization, maintaining the functional ability of working IT system and security of collected and developed information are main functions of any digital forensic system. The execution of safe operations through the developed information system by organization is also the main function of digital forensic system. Most of the organizations make use of protected applications, and different anti-viruses for protecting the data and maintaining the security of information system. Thus, security of information is considered as the most important and critical asset of any organization for effective execution of required operations. The security of information system is not complete part but security of used application which works on the developed data and processed data is also very important and critical task for organizations. Any damages or lost to these application systems can cause serious issues for the organizations.
The used and collected data of any organization is protected by digital forensic. If the organization lets use of unprotected data, then any user can make access to this information. If this information is used by any professional hackers, then, it can cause business dropping to that organization. The protection of appropriate information by considering the legal and business requirements for document protection of any organization, the program of digital forensic is being developed and utilized in any organization. The maintenance from any theft and giving privacy to developed information are the key requirements from any digital forensic system. Thus, for proper functioning of any organization or individual system, the implementation of digital forensic defines the functional ability. The overall business activities are dependent on the deployed digital forensic security to information flow of that organization. Most of the organizations handle the customer data and financial data of clients, so proper security must be maintained by all organizations related to developed information. The effective execution of business activity is ensured by developed digital forensic system, so, security of used and developed information is most critical part of any business organization.
2. Forensic acquisition
The security of developed and collected information is considered as the most multi dimensional discipline in modern era of information technology. The organizations and government collectively performs activities of information security with help of digital forensic systems. The digital forensic systems provide management of standards, guidelines and best practices which are developed to maintain the information security in any organization. The responsibilities and roles of individuals, occu
ed communication among these developed roles, commitments of top management and use of information security is also defined by the help of digital forensic system. The complete structure of information security inside any organization is assured by the implemented digital forensic system [Flaglien et al, 2017].
So, digital forensic system is similar to management system which is used to maintain and establish the secured environment for any information system. The required procedures and related processes for effective management of information security are being established by these digital forensic systems. The primary aim of all and related processes for effective management of information security established by digital forensic system are to provide proper security to all information assets of any organization. This also aims to make continuous improvements in security of any organization. The digital forensic system of any organization can be defined with the help of different international standards like computer misuse act of UK (1990) [Asam & Samara, 2016]. These international standards provides an approach of risk management and management control on overall system with monitoring, establishment, operations, implementation, improvements and maintenance of information security in digital forensic system. The policies, structure of organization, responsibilities, activities of planning, procedures, related practices and used resources are defined by these standards for helping digital forensic system. The different perspectives showing purpose of digital forensic system are described below:
· Perspectives for strategic planning: This perspective of digital forensic system addresses the management issues, related police and corporation of government on organization.
· Perspectives for human: This perspective of digital forensic system addresses the ethics training, awareness issues of end users, culture of information security, and issues caused and related to humans.
· Perspectives for technology: This perspective of digital forensic system addresses the hardware and software issues in maintaining the information security.
· Perspectives for executed processes: This perspective of digital forensic system addresses the practices code, role of standards and control of standards on implemented system.
On bases of above perspectives, it can be said that digital forensic system is a holistic approach which defines the all perspectives required for security of information in any organization. A vital role is played by digital forensic system for management of information security inside any organization. The security to all vital assets relates to information, procedures and related processes, and structures of any organizational security plan are properly defined with help of digital forensic system. The operations of security...

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here