Reference no: EM132486772

MN624 Digital Forensic - Melbourne Institute of Technology

Assessment - Validating and testing digital forensics tools and evidence

Learning Outcome 1: Record, administer and document digital forensics in social media.

Assignment 1a: Leaving Clues to a Crime

In this Assignment 1a you will create a pretended crime scenario that needs computer forensic analysis. Along with the crime scenario, create digital clues that may be left on a small portable storage device.

The chosen crime scenario must be discussed according to the following questions:

Question 1) You will leave your digital "clues" on a flash/thumb drive. Provide your thumb drive (containing your digital clues) for analysis as an image by using software such as ProDiscover.
Include this screenshot in your final report!

Your digital clues must include at least one of each of the following:

- Hidden file
- Deleted file
- Graphic file
- Password-protected file
- Web access (browser history)
- Change extension of one file such as .docs to .pdf

Question 2) Discuss what should you consider when determining which data acquisition method to use.

Question  3) Discuss some options that can be used for preserving the data in this situation

Question 4) Explain two acquisition methods that you should use in this situation.

Assignment 1b: Create and Delete Files on USB Drive

In this Assignment 1b, you need to find any evidence of the Assignment 1a, and any data that might have been generated from the suspect's hard drive, so that, it may be presented in a court of law. To create your digital clues, please do the following task:

Part 1. On your USB drive, create a word file named your Student ID, where the blank should be filled with your name, mobile, citizen, address and some other information.
The file should contain the following sentence: "I have enrolled for MN624 Digital Forensic." The first blank in the sentence should be filled in with your Full name and the second blank with the date when you registered for this unit.

Part 2. On the same drive, create an excel file named "StudentID.xls", where the First column should be filled with your units name that you had at MIT last semester and the second column should be filled with your marks with those units.

Part 3. Store your current Photo on a USB drive and save it in JPG format or other images format.

Part 4. Take a screenshot of your Windows Explorer window showing the content of the USB's folder hosting the three files. Include this screenshot in your final report! Now delete those files, and then take another screenshot of the respective folder's content (after the two files have been deleted). Include this screenshot in your final report.

Table 1: Digital forensics Tools (You can choose any two tools for your demonstration with your tutor's consent)

Serial #	Name of the security tool
1	The Sleuth Kit (Autopsy)
2	FTK Imager
3	X-Ways Forensics
4	CAINE (Computer Aided Investigative Environment)
5	SANS Investigative Forensic Toolkit (SIFT)

Question 1) Use two computer forensics tool from table 1 to Acquire an Image of USB Drive. In the report, you need to include the screenshots of each step.
Question 2) Use two computer forensics tool from table 1 to Recover Deleted Images and to verify which files have changed of extension. In the report, you need to include the screenshots of each step.
Question 3) validate your results by using hash algorithms.

Question 4) Comparison of the digital forensics tools that you used in this work. Your comparison could include:
- Digital forensics features
- Time is taken to detect acquire threat
- Ease of usage
Question 5) Demonstration of the two digital forensics tools that you used in this work on week 7.

Attachment:- Digital Forensic.rar