Reference no: EM132390015 , Length: word count:2000
FIT3168 IT Forensics Assignment - Monash University, Australia
A. CASE REPORTING -
1. CASE REPORT SUMMARY
Now that you have created a fictitious criminal case on your Assignment 1 of the unit, you are required to write a computer forensics report based on the "fictional" investigation and findings (see below).
The report will also be read by those people who are not necessarily having an in-depth technical background in IT and/or computer forensics. This should be considered when writing your report.
The report should include:
1. Case Information
2. Summary
3. Findings
4. Conclusion
5. Word list (glossary)
You can find the report examples/templates on Appendix C (page 215-218) of "Fundamentals of Digital Forensics: Theory, Methods, and Real-Life Applications?" by Joakim Kavrestad.
2. REPORT APPENDICES AND CODIFICATION
You should attach all relevant findings as your appendices. Note that you are not required to attach the real artifacts and evidences; creating and providing fictional screenshots, tables, hash lists can be used to represent the artifacts and evidences.
There are two options you can choose to complete this part. NOTE: you MUST state your option in the submission.
OPTION X: Generate a set of fictional forensic artifacts on your own based on the fictional story you wrote on your Assignment 1. The forensic artefacts should be reasonably closely related to the case, but it does not need to be overly complicated and should not be offensive (no illegal material is allowed). Note that the presented artefacts should be forensically sound. This means that you also need to attach proofs of integrity and originality of the artefacts.
OPTION Y: Create a fictional story based on the image file assigned to you on Assignment 1, as if the image file was a part of your fictional story. Utilize FTK's reporting features to assist you in presenting the related forensic artifacts you discover on the image file to support your report. Refer to Week 9 tutorial about finding related artefacts and generating reports. The FTK report may contain system information, bookmarks, and other related information to support your case.
B. DIGITAL FORENSIC ACADEMIC PAPER
1. CHOOSING A PAPER
You are required to take at least one published peer-reviewed academic paper/article. The paper needs to be published in a good conference venue or journal. The paper needs to be either published in recent years or fundamentally important for its field. You are not allowed to take any articles from Wikipedia or regular webpages. Patent documents are also allowed.
The field of the paper should be in any digital forensics branch that is not covered in our current FIT3168 syllabus. It means any disk-based forensics, Windows forensics, and network forensics paper is not permitted for selection. You can discuss your selection with your tutor.
The areas you can select including (but not limited to): cloud, Android, iOS, smart TV, gaming consoles (XBOX, PS3, PS4, etc), copier, scanner, CCTV, image, video, audio, digital cameras, etc.
You can select more than one papers if you think it is necessary (e.g. to create comparisons, etc).
The information of the paper needs to be clearly described :
- Title, authors, affiliation, publishing year, publisher, conference/journal name.
- Extra information such as number of citations, conference rank, etc.
- The reason why you pick the paper (e.g. fresh/new ideas, fundamental ideas, etc).
2. PAPER DESCRIPTION
Using your own words, describe how the paper presents the ideas.
The subtopics/subheadings on your report should include:
- Introduction
- Background/preliminaries
- Related works
- The main technique/process
- Experimental result/comparison
- Conclusion
- References (if you are referencing to other articles/sources)
3. PAPER CRITICAL ANALYSIS
You are required to write your analysis on the paper you have chosen and described. The topics should include:
- What you understand from the paper (key ideas, etc).
- Analysis whether the forensic technique from the paper is similar to disk-based or network-based forensics that you have learned.
- How unique the proposed technique is.
- How applicable the proposed technique is in a real world scenario.
- The possible and potential weaknesses/drawbacks/overheads of the proposed technique.
- Your ideas on how the approach can be improved.
Note - Only the answer to part B is needed. The MINIMUM word limit for Part B combined is 2,000 words.
Attachment:- IT Forensics Assignment File.rar