User Account

All Pages

ICT30010 eForensic Fundamentals Assignment

Assignment Help Other Subject
Reference no: EM133155403

ICT30010 eForensic Fundamentals - Swinburne University of Technology

Introduction: In this lab, we will examine a forensic image taken of a computer that has been seized by Police in the continuing investigation of Imanuel Leet-Hacker.

Background: In October, 2010, a warrant was executed on the residence of Imanuel Leet-Hacker (aka Ima Hacker), after police received numerous reports of hacking activities tracing back to his IP address. The computer you'll be examining today is believed to be the computer he has used in the majority of his hacking activities.

The police have created a forensic image of the computer that was seized and have outsourced the forensic investigation to you to complete, you will be provided with a download link to access the forensic image for your investigation.

Along with the forensic image, Police have also provided you with two exhibits they have obtained that may be relevant to your investigation.

Your colleague Troy has reviewed the forensic image and has generated a detailed timeline of system events for you to utilise in your investigation in the form of a "Timescanner Super Timeline". The Super Timeline contains operating system artefacts and internet history that may be relevant to your investigation, this will be provided to you via email from your colleague.

The alleged hacking events are as follows:

• The company "Hackable" (hackable.com.au) has provided logs to police which suggest their website was hacked on 4th May, 2010. The IP address has traced back to Ima Hacker. It is up to you to find additional evidence to support this charge.

• Another similar website attack occurred on 4th March, 2009 at 2:22am. Ima Hacker has stated that he was out shopping at a local 24-hour convenience store at the time, and has no knowledge of the attack. Can you locate evidence on his computer to support this claim? What was Ima Hacker doing on his computer just before and just after this attack?

• A person named Somepoor Victim has also approached police regarding the unauthorised access of their Facebook account (ID: 100002369565636) on 6th August, 2010. This has been traced to a Hotel in Brisbane, in which Ima Hacker was staying at the time. The hotel was unfortunately unable to provide details of which guest performed the attack. Thus, it is up to you to prove it was Ima Hacker.

• There has also been some suggestion that Ima Hacker may be involved with a collaborator. This collaborator is believed to use the website hidemyass.com as an email dropbox, where friends/other hackers can communicate with him. Locate the email address for Ima Hacker's collaborator, and any email communication you can find.

8. Since Ima Hacker uses Yahoo! Mail, he may also check his email online. Keyword searches for the username part of his email address may be helpful in locating these fragments, if they exist. Come up with a list of keywords from the police report. You may also want to add to this list as you discover new things.

9. Your colleague Troy has provided a diagram which may help you navigate the Sleuth Kit commands:

10. Prefetch files may be interesting - particularly if he's using hacking tools. The prefetch files may tell you when the tools were run. If you see programs you're not sure about, try googling to see what they are. Timescanner will include these files, as will the timeline analysis in Autopsy.

11. The hacker seems to like Wireshark. He may have captured some of his attacks in pcap files. These could definitely be worth examining.

12. The provided "super timeline" relates predominantly to event and log timelines, consider supplementing this by creating a filesystem timeline within autopsy.

13. You will need to do your own research to understand the evidence items and their relevance to the investigation.

14. Don't forget to take lots of notes as you're going, and export/save copies of any files that may contain evidence (e.g. emails, reports from timelining tools, graphic images or HTML files) to include in your report.

15. It may make sense to break the report into smaller logical sections for each scenario. It will be difficult to present the findings in chronological order as your investigation is likely to cross over scenarios.

Forensic Report

For this final Capstone Lab you need to write a report to the police outlining your findings including how you found the relevant evidence, the report should also include copies of any relevant evidently items.

The report may be used in court if the police believe there is enough evidence to prosecute Ima Hacker. It is important that you explain how the evidence located and is relevance to the investigation.

Your report should be factual, and include enough information for another forensic examiner to replicate your results, but does not need to detail exact settings and commands issued to obtain the information (in other words, "I used a forensic tool to determine the created date of the file" is better than "I ran the command ‘istat -o 63 lab3.dd 123'"). The audience for your report will be police, lawyers, judges and other non-technical people.

It is important that opinions and other suppositions are not part of your report. Statements like "Ima Hacker saved the file at 12:03pm" is a conclusion not based entirely on the evidence you were provided. A better statement might be "the file had a created date of 12:03pm".

You will be marked on:

1. Your explanation of all the evidence received from the Police, how and when it was received and how you handled continuity (chain of custody) of the digital evidence.

2. Your explanation of the item received from your colleague Troy, how and when it was received and how you handled continuity (chain of custody) of the item.

3. Details of the partition contained within the image, and determination of the seized devices time zone

4. Evidence and explanation for the alleged "Hackable" attack

5. Relevant evidence and the explanation of your findings that supports or refutes the hacker's alibi for the alleged "second" website attack

6. Evidence and explanation for the alleged Facebook account takeover

7. Explanation of the communication method between the hacker and the collaborator including an assessment regarding the use of hidemyass

8. The inclusion of relevant evidence from Timescanner super timeline in your findings

9. Your ability to stick to the facts, and explain your processes and findings in non-technical (but still accurate!) language (.5 Reduction for each non-factual statement)

10. Overall presentation of your report

Attachment:- eForensic Fundamentals.rar

Reference no: EM133155403

Questions Cloud

Technology development and innovation strategy : Auto driving is a new technology development trend that will reshape a new industry. Search the technology development and innovation strategy context that focu
What are the key elements that should be considered : Biofuels can be described as one of two major types. Bioethanol, which has a global production of some 50 billion liters and which can be blended with gasoline
Criminal analysts in apprehension of criminal perpetrators : Explain the various roles that crime victims serve in assisting criminal analysts in the apprehension of criminal perpetrators.
Perspective of the major record labels : Read the attached case and answer the following questions in full paragraph/sentence form. There are no specific line-spacing or font requirements.
ICT30010 eForensic Fundamentals Assignment : ICT30010 eForensic Fundamentals Assignment Help and Solution, Swinburne University of Technology - Assessment Writing Service
Option for organizations in order to reduce costs : Outsourcing is often an option for organizations in order to reduce costs. Choose whether you are for outsourcing or against outsourcing. In this position paper
Additional information about the property : A client, Mick Burrows, emails you looking to lease 45/6 Forward Ave, Springfield, which is a commercial property with a floor area of 109sqm. It has been liste
How much simple interest will she have earned : If the bank pays 4 percent interest per year without compounding, how much simple interest will she have earned and how much money will she have
Discuss how a business can use information technology : Discuss how a business can use information technology to increase switching costs and lock in its customers and suppliers. use business examples to support your

Reviews

len3155403

5/31/2022 3:06:18 AM

CAPSTONE LAB thats report writing of an forensic analysis i will provide the details and the necessary configuration commands I'm providing the report writing sample And other commands This lab is completely restricted with turnitin plagiarism So take extra care I need all new UNIQUE work we need to work on sans shift workstation and use this file for the report writing if any help needed related to the commands or work you can go through these labs

Write a Review

Other Subject Questions & Answers

  Describe your vision of the research experiment

First, you should start with an introduction that allows the readers to fully understand your intent and the main points of the research you are contemplating.

  Gina grasscutter has small lawncare business

Gina Grasscutter has a small lawncare business. Her husband, Hank Hubby, helps her from time to time.

  What would you do as jasmine director

Jasmine, a teacher for toddlers, is scheduled to start her day in the classroom at 6:30 a.m. On Monday, Jasmine arrived at 6:45, and on Tuesday, she showed up at 7:05. What would you do as Jasmine's director

  Create a consulting contract that defines the boundaries

Create a consulting contract that defines the boundaries of your analysis and objectives of the project. Explain the kinds of information you seek.

  Discuss topic related to logistics engineering - management

demonstrate critical thinking at a higher-level as noted in APUS's Assignment Rubrics for Undergraduate 300-400 level work.

  Describe the impact of the current digital age

Explain why you relate to these theories. Describe the impact of the current digital age on the concept of self, including the impact of social media.

  Define a bureaucratic organization

Include the following in your presentation: Define a bureaucratic organization. List the characteristics of a bureaucratic organization. Identify the main principles of a bureaucratic organization

  What is meant by term transmission models of communication

Briefly define what is meant by the term transmission models of communication

  Warehouse to accommodate five-day supply of cell phones

A factory produces 15,000 cellular phones per day. The dimensions of each cell phone are 5 x 2.5 x 2.5 inches. Management wishes to have a one-week (five-day) supply in stock. One hundred cell phones are packed in a carton, and cartons may be stacked..

  What diagnostic possibilities does ben case present

What diagnostic possibilities does Ben's case present? (Must be diagnostic possibilities from DSM-5) and What have you read in the case history so far that presents these possibilities for you

  Create a presentation on employee involvement and safety

Create a presentation on the topic of Employee Involvement and Safety and Health Inspections. You may use various sources, including your textbook. Be sure to cite any sources used in a reference slide with proper APA formatting.

  Describe how people communicate nonverbally

Describe how people communicate nonverbally. Is nonverbal the same in all cultures? Give an example of how gestures and facial expressions mean different things in different cultures.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd