Reference no: EM132523459 , Length: word count:3500
COIT20267 Computer Forensics - Central Queensland University
Objectives
Learning outcome 1. Apply the computer forensics methodologies.
Learning outcome 2. Write an analysis of a case study.
Learning outcome 3. Prepare an outline of a professional computer forensic plan.
Case study: As a group choose one from given cases below for this assignment:
1. Case one - Electronic eavesdropping
2. Case Two - Exfiltration of corporate IP
3. Case Three- Illegal digital materials
Assessment activities:
I) In capacity of a computer forensics specialist, your task is to prepare a computer forensics investigation plan to enable a systematic collection of evidence and subsequent forensic analysis of the electronic and digital data. This plan should detail the following:
• Justify why the use of the digital forensic methodology and approach is warranted including appropriate procedures for the Company's investigation.
• Describe the resources required to conduct a digital forensic investigation, including skill sets and the required software and hardware for the forensics team members.
• Outline an approach for data/evidence identification and acquisition that should occur in order to be able to identify and review the digital evidence.
• Outline an approach and steps to be taken during the analysis phase.
II) Investigate the collected evidences below to answer the question asked in the case study
• Hard drive images -
o charlie-2009-12-11.E01
o pat-2009-12-11.E01
o terry-2009-12-11-002.E01
o jo-2009-12-11-002.E01
• RAM Images -
o pat-2009-12-11.mddramimage.zip
o charlie-2009-12-11.mddramimage.zip
• USB Drive images
o charlie-work-usb-2009-12-11.E01
o jo-work-usb-2009-12-11.E01
III) Report the evidence and validation to support the answer of your investigation outcome
Tips for preparing your computer forensics investigative plan
In writing the computer forensics investigative plan, students need to address following points. Do note that points listed below are not exhaustive and need to be considered as helpful tips.
• Justify a need for computer forensics methodology and consider scope of the case including nature of alleged misconduct leading to consideration of how electronic and digital evidence may support the investigation. The plan should consider how computer forensics differs from other techniques (such as network forensics, data recovery) and detail the overall steps for the systematic computer forensics approach.
• Consider the required resources and include details regarding preparation plan for evidence gathering (such as evidence forms, types, storage media and containers), forensics workstation and peripherals needed, software/tools for analysis depending on the type of evidence to be gathered including rationale for selected tools, and consideration of team member skills in digital analysis (such as OS knowledge, skills for interviewing, consultation, working as per the needs of the auditing team and understanding of law and corporate policies).
• Detail the approach for data acquisition including the different types of evidence that can be gathered and their source depending upon the nature of the case and scope of investigation, develop a plan for data acquisition including rationale for selected plan and contingency planning, detail type of data acquisition tools needed including rationale and an outline for the data validation & verification procedures.
• Provide an outline of the forensic analysis procedures/steps depending upon the nature of evidence to be collected and detail the validation approach. This can include techniques to counter data hiding, recovering deleted files, procedures for network and e-mail analysis.
• Prepare a professional report with an Executive Summary, a Word generated table of contents, an Introduction, a body of the report with proper headings and sub-headings, and a Conclusion.
• Table of contents for the investigative plan should consider what to include in report, structure of report, focus or scope of the report including supporting material to be provided and references. This table of contents should include headings and sub-headings pertaining to the aspects addressed in the above dot points.
Attachment:- Computer Forensics.rar