User Account

All Pages

ICT30010 eForensic Fundamentals Assignment

Assignment Help Other Subject
Reference no: EM133155403

ICT30010 eForensic Fundamentals - Swinburne University of Technology

Introduction: In this lab, we will examine a forensic image taken of a computer that has been seized by Police in the continuing investigation of Imanuel Leet-Hacker.

Background: In October, 2010, a warrant was executed on the residence of Imanuel Leet-Hacker (aka Ima Hacker), after police received numerous reports of hacking activities tracing back to his IP address. The computer you'll be examining today is believed to be the computer he has used in the majority of his hacking activities.

The police have created a forensic image of the computer that was seized and have outsourced the forensic investigation to you to complete, you will be provided with a download link to access the forensic image for your investigation.

Along with the forensic image, Police have also provided you with two exhibits they have obtained that may be relevant to your investigation.

Your colleague Troy has reviewed the forensic image and has generated a detailed timeline of system events for you to utilise in your investigation in the form of a "Timescanner Super Timeline". The Super Timeline contains operating system artefacts and internet history that may be relevant to your investigation, this will be provided to you via email from your colleague.

The alleged hacking events are as follows:

• The company "Hackable" (hackable.com.au) has provided logs to police which suggest their website was hacked on 4th May, 2010. The IP address has traced back to Ima Hacker. It is up to you to find additional evidence to support this charge.

• Another similar website attack occurred on 4th March, 2009 at 2:22am. Ima Hacker has stated that he was out shopping at a local 24-hour convenience store at the time, and has no knowledge of the attack. Can you locate evidence on his computer to support this claim? What was Ima Hacker doing on his computer just before and just after this attack?

• A person named Somepoor Victim has also approached police regarding the unauthorised access of their Facebook account (ID: 100002369565636) on 6th August, 2010. This has been traced to a Hotel in Brisbane, in which Ima Hacker was staying at the time. The hotel was unfortunately unable to provide details of which guest performed the attack. Thus, it is up to you to prove it was Ima Hacker.

• There has also been some suggestion that Ima Hacker may be involved with a collaborator. This collaborator is believed to use the website hidemyass.com as an email dropbox, where friends/other hackers can communicate with him. Locate the email address for Ima Hacker's collaborator, and any email communication you can find.

8. Since Ima Hacker uses Yahoo! Mail, he may also check his email online. Keyword searches for the username part of his email address may be helpful in locating these fragments, if they exist. Come up with a list of keywords from the police report. You may also want to add to this list as you discover new things.

9. Your colleague Troy has provided a diagram which may help you navigate the Sleuth Kit commands:

10. Prefetch files may be interesting - particularly if he's using hacking tools. The prefetch files may tell you when the tools were run. If you see programs you're not sure about, try googling to see what they are. Timescanner will include these files, as will the timeline analysis in Autopsy.

11. The hacker seems to like Wireshark. He may have captured some of his attacks in pcap files. These could definitely be worth examining.

12. The provided "super timeline" relates predominantly to event and log timelines, consider supplementing this by creating a filesystem timeline within autopsy.

13. You will need to do your own research to understand the evidence items and their relevance to the investigation.

14. Don't forget to take lots of notes as you're going, and export/save copies of any files that may contain evidence (e.g. emails, reports from timelining tools, graphic images or HTML files) to include in your report.

15. It may make sense to break the report into smaller logical sections for each scenario. It will be difficult to present the findings in chronological order as your investigation is likely to cross over scenarios.

Forensic Report

For this final Capstone Lab you need to write a report to the police outlining your findings including how you found the relevant evidence, the report should also include copies of any relevant evidently items.

The report may be used in court if the police believe there is enough evidence to prosecute Ima Hacker. It is important that you explain how the evidence located and is relevance to the investigation.

Your report should be factual, and include enough information for another forensic examiner to replicate your results, but does not need to detail exact settings and commands issued to obtain the information (in other words, "I used a forensic tool to determine the created date of the file" is better than "I ran the command ‘istat -o 63 lab3.dd 123'"). The audience for your report will be police, lawyers, judges and other non-technical people.

It is important that opinions and other suppositions are not part of your report. Statements like "Ima Hacker saved the file at 12:03pm" is a conclusion not based entirely on the evidence you were provided. A better statement might be "the file had a created date of 12:03pm".

You will be marked on:

1. Your explanation of all the evidence received from the Police, how and when it was received and how you handled continuity (chain of custody) of the digital evidence.

2. Your explanation of the item received from your colleague Troy, how and when it was received and how you handled continuity (chain of custody) of the item.

3. Details of the partition contained within the image, and determination of the seized devices time zone

4. Evidence and explanation for the alleged "Hackable" attack

5. Relevant evidence and the explanation of your findings that supports or refutes the hacker's alibi for the alleged "second" website attack

6. Evidence and explanation for the alleged Facebook account takeover

7. Explanation of the communication method between the hacker and the collaborator including an assessment regarding the use of hidemyass

8. The inclusion of relevant evidence from Timescanner super timeline in your findings

9. Your ability to stick to the facts, and explain your processes and findings in non-technical (but still accurate!) language (.5 Reduction for each non-factual statement)

10. Overall presentation of your report

Attachment:- eForensic Fundamentals.rar

Reference no: EM133155403

Questions Cloud

Technology development and innovation strategy : Auto driving is a new technology development trend that will reshape a new industry. Search the technology development and innovation strategy context that focu
What are the key elements that should be considered : Biofuels can be described as one of two major types. Bioethanol, which has a global production of some 50 billion liters and which can be blended with gasoline
Criminal analysts in apprehension of criminal perpetrators : Explain the various roles that crime victims serve in assisting criminal analysts in the apprehension of criminal perpetrators.
Perspective of the major record labels : Read the attached case and answer the following questions in full paragraph/sentence form. There are no specific line-spacing or font requirements.
ICT30010 eForensic Fundamentals Assignment : ICT30010 eForensic Fundamentals Assignment Help and Solution, Swinburne University of Technology - Assessment Writing Service
Option for organizations in order to reduce costs : Outsourcing is often an option for organizations in order to reduce costs. Choose whether you are for outsourcing or against outsourcing. In this position paper
Additional information about the property : A client, Mick Burrows, emails you looking to lease 45/6 Forward Ave, Springfield, which is a commercial property with a floor area of 109sqm. It has been liste
How much simple interest will she have earned : If the bank pays 4 percent interest per year without compounding, how much simple interest will she have earned and how much money will she have
Discuss how a business can use information technology : Discuss how a business can use information technology to increase switching costs and lock in its customers and suppliers. use business examples to support your

Reviews

len3155403

5/31/2022 3:06:18 AM

CAPSTONE LAB thats report writing of an forensic analysis i will provide the details and the necessary configuration commands I'm providing the report writing sample And other commands This lab is completely restricted with turnitin plagiarism So take extra care I need all new UNIQUE work we need to work on sans shift workstation and use this file for the report writing if any help needed related to the commands or work you can go through these labs

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd