Prepare a forensic image with the record of data deletion

Assignment Help Other Subject

Reference no: EM132420750

BN309 - Computer Forensics - Melbourne Institute of Technology

Assignment - Validating and Testing Computer Forensics Tools and Evidence - Part 1

Purpose of the assessment - This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them.
a. Systematically collect evidence at private-sector incident scenes.
b. Document evidence and report on computer forensics findings.
c. Implement a number of methodologies for validating and testing computer forensics tools and evidence.

Assignment Questions:

Objective: The objective of the assignment is to acquire data from a drive, perform data recovery using different techniques and tools, analysing it and finally performing the validation of acquired data. In addition, students are required to properly document all steps in a report, the report should be formal so that it can be used in a legal process. Marks will be awarded based on the sophistication and the difficulties of the techniques explored.

Case Study: You have been assigned a case of embezzlement. A USB is found from the suspect's office, and it is expected to have very important information related to the case. The USB contains several Excel files, a couple of image files and some text files.

Assignment Specification:

Prepare a report on the following sections related to the case study scenario.

Data Preparation: You need to use your own USB to create/delete files as mentioned in the scenario below and perform the digital forensics investigation:

Question 1. You need to create six files of type pdf, excel and word documents, where you need to name these files as follow: yourname-BN309-Assig1, where * depends of the file type. In addition, you need to change the attribute of these files to describe the Metadata which holds data such as your name as an author, organization name "MIT", computer name "based on your terminal name", date/time created, and comments such as "created for Assignmentl of BN309".

Question 2. Modify the extension of one of the doc file to .jpeg

Question 3. Then you need to delete 3 files including the file you have modified its extension, one of each type. Provide the list of references using IEEE referencing style at the end of the report.

Section 1: Data Acquisition
Prepare a forensic image (bit stream copy) with the record of data deletion. Explain the method and tool you used for acquiring data. You will need this image to perform the consecutive tasks. Please submit this image with your assignment. You need to cover the challenges to make a successful acquisition, and what are the relevant format to use and why. Describe steps required for search and seizure. (400 words)

Section 2: Data Recovery
The suspect has deleted three image files from the USB, recover these files and explain the method (with screenshots) and tool you used. (300 words)
In addition, recover the data from recycle bin, explain the procedure with screenshots. You need to recover the metadata of these files (200 words)

Section 3: Data Analysis
Inspect all files in the USB, use a hex editor and analyse if there is any hidden data in these files. Provide screenshots of your analysis. Describe the tools that can be used for analysing the deleted files, and also describe the benefit(s) for conducting a window registry analysis (300 words)

Section 4: Data Validation
Explain different methods of data validation and use one of them to validate data on USB. Explain how to verify the file extension if it has been altered using relevant tools. Demonstrate with snapshots the data validation as well as detecting the file extension alteration. (400 words)

Reference no: EM132420750

Questions Cloud

Determine the correct inventory amount : Tri-state bank and trust is considering giving Sheridan company a loan. before doing so, management decides that further discussions with Sheridan's accountant

Discuss practices for incident response in the cloud : Discuss in 500 words or more the best practices for incident response in the cloud. Discuss in 500 words or more the top 5 details that should be included.

Define and describe the elements andpotential benefit of imc : Which product or service have you recently encountered that would be particularly suited for multichannel or interactive marketing? Why?

What is the critical path for the project : Construct a network schedule (Gantt chart) in Microsoft Project 2019 for the stadium project, using the information provided in the case.

Prepare a forensic image with the record of data deletion : Prepare a forensic image (bit stream copy) with the record of data deletion. Explain the method and tool you used for acquiring data. You will need this image

What is roger adjusted gross income : Roger received a salary of $50,000. He has a deductible IRA contribution of $5,500, moving expenses of $400, mortgage interest of $4,000 and charitable gifts of

Discuss one benefit and one potential drawback of each idea : Discuss two ways in which technology has transformed the way you either learn, work, or live. Explain how these technologies have made your life easier or more.

Describe both the push and pull promotion strategies : Research two companies that are making successful use of both promotion mix strategies?Describe the activities of the companies.

How would you build a personal network of contacts : Write a 350- to 525-word response to the following questions: How would you build a personal network of contacts with those service providers?

User Account

All Pages