Assignment 2 Subject: CSE3CFN and CSE5CFN Submission deadline: 16th of May Total Mark: 30 Word Limit: 2000 words (+/- 10%) Instructions: Your report must include: 1. Evidence description. 2. Standard...

Assignment 2
Subject: CSE3CFN and CSE5CFN
Submission deadline: 16th of May
Total Mark: 30
Word Limit: 2000 words (+/- 10%)
Instructions:
Your report must include:
1. Evidence description.
2. Standard procedure (example: collection steps, imaging, chain of custody,
etc)
3. Examination of FAT32 file structure (include tables for FAT32 file system,
description of each item)
4. In detail explanation of $MFT file record findings (include table showing all the
attribute values and data run)

Question 1 (40% of the total mark of 30)
You are a digital forensic examiner. Your task is to process and perform a
forensically sound acquisition of the following SD card:
The SD card is formatted with FAT 32 file system.
a) Describe your steps in details, including specific forensic equipment,
hardware and software that you will use, to complete forensic acquisition of
the SD card and create an forensic image.

) How would you examine the file system?
Question 2 (60% of the total mark of 30)
Please examine the $MFT FILE Record below and report on its content.
Hints: Read chapter 5 of the textbook and week 6 lecture slides to prepare for your
esponse. You can also look into week 8 lecture slides for the sample structure of
your report.
You are expected to work on this assignment independently and MUST NOT DISCUSS IT WITH
ANYONE.

Assignment 2
Subject: CSE3CFN and CSE5CFN
Submission deadline: 23rd of September, 2022
Total Mark: 30
Word Limit: 2000 words (+/- 10%)
Academic integrity
Academic integrity means being honest in academic work and taking responsibility for learning the conventions of scholarship. The University requires its instructors and course participants to observe the highest ethical standards in all aspects of academic work.
You can demonstrate academic integrity by:
· using information appropriately according to copyright and privacy laws
· acknowledging where the information you use comes from
· not presenting other people’s work as your own
· not commissioning or purchasing work and submitting it as your own
· producing assignments independently, except when you are asked to participate in a group project.
Instructions for Assignment:
Your report must include:
1. Evidence description.
2. Standard procedure (example: collection steps, imaging, chain of custody, etc)
3. Examination of NTFS file structure (include tables for NTFS file system, description of each item)
4. In detail explanation of $MFT file record findings (include table showing all the attribute values and data run)
Question 1 (20% of the total mark of 30)
You are a digital forensic examiner. Your task is to process and perform a forensically sound acquisition of the following memory card:
The SSD card is formatted with NTFS file system.
a) Describe your steps in details, including specific forensic equipment, hardware and software that you will use, to complete forensic acquisition of the SSD device and create a forensic image.
) How would you examine the NTFS file system? Discuss how the files are stored and access in NTFS file system.
Question 2 (30% of the total mark of 30)
The following is a MBR snapshots. Find the following information for each partition.
(Hints: watch this youtube video: https:
www.youtube.com/watch?v=jRj_HzbHeWU)
1. Find Boot indicator bits/flag (check if bootable or not)
2. Find types of File System Type (e.g., FAT32, NFTS, EXT3 etc.)
3. Starting LBA Address (Relative Sectors)
4. Size of the partitions (sector size is 512 bytes).
Question 3 (50% of the total mark of 30)
Please examine the $MFT FILE Record below and report on its content.
Hints: Read chapter 5 of the textbook and week 6 lecture slides to prepare for your response. You can also look into week 8 lecture slides for the sample structure of your report.
For conversion you can use DCode software (https:
www.digital-detective.net/dcode/)
You answers need to include the detail description of the following attributes and their co
esponding values.
· Attributes x010
· Attributes x030
· Attributes x080

You are expected to work on this assignment independently and MUST NOT DISCUSS IT WITH ANYONE.

Assignment 2
Subject: CSE3CFN and CSE5CFN
Submission deadline: 23rd of September, 2022
Total Mark: 30
Word Limit: 2000 words (+/- 10%)
Academic integrity
Academic integrity means being honest in academic work and taking responsibility for learning the conventions of scholarship. The University requires its instructors and course participants to observe the highest ethical standards in all aspects of academic work.
You can demonstrate academic integrity by:
· using information appropriately according to copyright and privacy laws
· acknowledging where the information you use comes from
· not presenting other people’s work as your own
· not commissioning or purchasing work and submitting it as your own
· producing assignments independently, except when you are asked to participate in a group project.
Instructions for Assignment:
Your report must include:
1. Evidence description.
2. Standard procedure (example: collection steps, imaging, chain of custody, etc)
3. Examination of NTFS file structure (include tables for NTFS file system, description of each item)
4. In detail explanation of $MFT file record findings (include table showing all the attribute values and data run)
Question 1 (20% of the total mark of 30)
You are a digital forensic examiner. Your task is to process and perform a forensically sound acquisition of the following memory card:
The SSD card is formatted with NTFS file system.
a) Describe your steps in details, including specific forensic equipment, hardware and software that you will use, to complete forensic acquisition of the SSD device and create a forensic image.
) How would you examine the NTFS file system? Discuss how the files are stored and access in NTFS file system.
Question 2 (30% of the total mark of 30)
The following is a MBR snapshots. Find the following information for each partition.
(Hints: watch this youtube video: https:
www.youtube.com/watch?v=jRj_HzbHeWU)
1. Find Boot indicator bits/flag (check if bootable or not)
2. Find types of File System Type (e.g., FAT32, NFTS, EXT3 etc.)
3. Starting LBA Address (Relative Sectors)
4. Size of the partitions (sector size is 512 bytes).
Question 3 (50% of the total mark of 30)
Please examine the $MFT FILE Record below and report on its content.
Hints: Read chapter 5 of the textbook and week 6 lecture slides to prepare for your response. You can also look into week 8 lecture slides for the sample structure of your report.
For conversion you can use DCode software (https:
www.digital-detective.net/dcode/)
You answers need to include the detail description of the following attributes and their co
esponding values.
· Attributes x010
· Attributes x030
· Attributes x080

You are expected to work on this assignment independently and MUST NOT DISCUSS IT WITH ANYONE.