Reference no: EM132400091
Unit Code - BN309
Unit Title - Computer Forensics
Assessment Title - Validating and Testing Computer Forensics Tools and Evidence
Purpose of the assessment:
This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them.
• Exhibit and understand forensics ethical behaviour and professional conduct;
• Implement a process to support the administration and management of computer forensics
Assignment Description
Objectives: The objectives of this assignment are to document evidence and report on computer forensics findings and implement a number of methodologies to perform data analysis, recovery and validation. In addition, it will help the students to understand the cross-examination of a legal process. Marks will be awarded based on the sophistication and the difficulties of the techniques explored.
Case Study: You are investigating a domestic violence murder case. You have acquired the USB drive image of one of the suspects. You have planned to perform a list of computer forensics techniques to recover and validate data. You will also prepare a report to face the cross-examination in a court.
Please perform the following tasks:
1. Prepare a forensic image with the record of data deletion, data encryption, email log, web logs and web history. You will need this image to perform the consecutive tasks.
2. Before analysing the image, you need to emulate the suspect role by deleting some of the image files.
Tasks to be done on the image prepared image:
3. Recover these images and validate them.
4. Use a hex editor to analyse at least two image files (one common and another uncommon format).
5. Retrieve the files which had been deleted from the Recycle bin. And comment if you can decrypt and read the encrypted files.
6. View the past URL web history and analyse the web logs file.
7. View and analyse the email log file with proper tool.
8. Write a report on the procedure of data recovery and validation of forensics evidences. The validation procedure you have used should be well-explained in order to face the cross- examination in the court. Take screenshots for each step you have followed in preparing forensics image, data analysis, recovery and validation. Provide it in the report to proof the validity of your work.
Attachment:- Computer Forensics.rar