Prepared by: Mr. Ahsan Aziz XXXXXXXXXXModerated by: Dr. Ammar Alazab July, 2018 Assessment Details and Submission Guidelines Unit Code BN309 – T2 2018 Unit Title Computer Forensics Assessment Type...

Prepared by: Mr. Ahsan Aziz XXXXXXXXXXModerated by: Dr. Ammar Alazab July, 2018
Assessment Details and Submission Guidelines
Unit Code BN309 – T2 2018
Unit Title Computer Forensics
Assessment Type Individual Assignment
Assessment Title Validating and Testing Computer Forensics Tools and Evidence – Part 1
Purpose of the
assessment (with
ULO Mapping)
This assignment assesses the following Unit Learning Outcomes; students
should be able to demonstrate their achievements in them.

a. Systematically collect evidence at private-sector incident scenes.
. Document evidence and report on computer forensics findings.
c. Implement a number of methodologies for validating and testing
computer forensics tools and evidence.

Weight 15% of the total assessments
Total Marks 50
Word limit 1500 words max
Due Date Friday, 31st Aug, 2018, 11:55 PM. (Week 7)
Submission
Guidelines
• All work must be submitted on Moodle by the due date along with a
completed Assignment Cover Page.
• The assignment must be in MS Word format, 1.5 spacing, 11-pt Cali
i
(Body) font and 2 cm margins on all four sides of your page with appropriate
section headings.
• Reference sources must be cited in the text of the report and listed
appropriately at the end in a reference list using IEEE referencing style.
Extension If an extension of time to submit work is required, a Special Consideration
Application must be submitted directly through AMS. You must submit this
application within three working days of the assessment due date. Further
information is available at:
http:
www.mit.edu.au/about-mit/institute-publications/policies-
procedures-and-guidelines/specialconsiderationdeferment
Academic
Misconduct

Academic Misconduct is a serious offence. Depending on the seriousness
of the case, penalties can vary from a written warning or zero marks to
exclusion from the course or rescinding the degree. Students should make
themselves familiar with the full policy and procedure available at:
http:
www.mit.edu.au/about-mit/institute-publications/policies-
procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-
Procedure. For further information, please refer to the Academic Integrity
Section in your Unit Description.

http:
www.mit.edu.au/about
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/special-considerationdeferment
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure
http:
www.mit.edu.au/about-mit/institute-publications/policies-procedures-and-guidelines/Plagiarism-Academic-Misconduct-Policy-Procedure
BN XXXXXXXXXXIT Computer Forensics Page 2 of 4
Prepared by: Mr Ahsan Aziz XXXXXXXXXXModerated by: Dr. Ammar Alazab July, 2018
Assignment Questions:
Objective: The objective of the assignment is to acquire data from a drive, perform data recovery
using different techniques and tools, analysing it and finally performing the validation of acquired
data. In addition, students are required to properly document all steps in form a report, the report
should be formal enough that it can be used in a legal process. Marks will be awarded based on the
sophistication and the difficulties of the techniques explored.

Case Study: You have been assigned a case of embezzlement. A USB is found from the suspect’s
office, and it is expected to have very important information regarding the case. The USB contains
several Excel files, a couple of image files and some text files.
Assignment Specification:
Prepare a report on the following sections related to the case study scenario. You can use your own
USB, create/delete files as mentioned in the scenario and perform forensics. Provide the list of
eferences using IEEE referencing style at the end of the report.
Section 1: Data Acquisition
Prepare a forensic image (bit stream copy) with the record of data deletion. Explain the method
and tool you used for acquiring data. You will need this image to perform the consecutive tasks.
Please submit this image with your assignment XXXXXXXXXXwords)

Section 2: Data Recovery
The suspect has deleted two image files from the USB, recover the files and explain the method (with
screenshots) and tool you used XXXXXXXXXXwords)
In addition, recover data from recycle bin, explain the procedure with screenshots. (200 words)
Section 3: Data Analysis
Inspect all files in the USB, use a hex editor and analyse if there is any hidden data in files. Provide
screenshots of your analysis XXXXXXXXXXwords)
Section 4: Data Validation
Explain different methods of data validation and use one of them to validate data on USB XXXXXXXXXX
words)








BN XXXXXXXXXXIT Computer Forensics Page 3 of 4
Prepared by: Mr Ahsan Aziz XXXXXXXXXXModerated by: Dr. Ammar Alazab July, 2018
Marking Criteria:
Questions Description Marks
Section 1 Acquiring data using a standard tool
Explanation of acquisitions and screenshots
5
5
Section 2 Data recovery from USB and explanation
Data recovery from recycle bin and explanation
5
5
Section 3 Data analysis of all file in USB using Hex Editor 10
Section 4 Data validation with explanation 10
Presentation Writing quality, Coherence, Report Structure
5
Reference style Follow IEEE reference style (should have both in-text
citation and reference list)
5
Total 50
BN XXXXXXXXXXIT Computer Forensics Page 4 of 4
Prepared by: Mr Ahsan Aziz XXXXXXXXXXModerated by: Dr. Ammar Alazab July, 2018
Marking Ru
ic
Sections Excellent Good Fair Poor
Section 1
Contingency
Planning
Appropriate
equirements of the
plan specified
explained and
Issues identified and
listed
Requirements
for the plan
specified and
issues identified
and listed
Not a complete
plan with a few
equirements
and issues
Did not address
sub sections of
the section
Section 2
Security
Tools
Addressed the three
tools explained
iefly
as to how they work
and the cost analysis
explained
Addressed the
three tools
however with
minimum
explanation
with cost
analysis
Three tools
selected but not
explained and
not provided a
enough
explanation for
the justification
of cost analysis
Not a complete
list of security
tools and
missing
explanation of
cost analysis
Section 3
Information
Security Act
Explained the act and
the important key
points
Provided an
idea about the
act with the key
points
Did not provide
a clear picture
of the act with
the key points
included
Missing
explanation and
key points
Section 4
Security
Management
Policy
Addressed all the
seven sections of the
policy with necessary
explanation
Addressed all
the sections and
managed to
explain the
equirements of
the policy
Addressed all
sections with
minimum
information
Missing sections
from the policy
(Incomplete)