Reference no: EM132755786

BN309 Computer Forensics - Melbourne Institute of Technology

Assessment - Validating and Testing Computer Forensics Tools and Evidence

Learning Outcome 1: Document evidence and report on computer forensics findings;

Learning Outcome 2: Exhibit and understand forensics ethical behaviour and professional conduct;

Learning Outcome 3: Implement a process to support the administration and management of computer forensics

Assignment Questions:

Objective:

The objectives of this assignment are to gain theoretical and practical knowledge and skills in different computer forensics and anti-forensics techniques such as image acquiring, analysis of email headers, temporary internet files and low-level text search of entire contents of the computer hard drive. The students should apply appropriate computer forensics tools and techniques, and write a report on their findings. Marks will be awarded based on the sophistication and in-depth exploration of the selected techniques.

Case Study:
A suspect was under investigation by police for a serious offence. The suspect based his innocence on an alibi stating that he could not have been present at the scene of the crime as he was at work using his computer to surf the internet when the crime took place. The validity of this alibi was questioned. Computers were forensically imaged and examined. Five sources of information were used to identify user activity. These included file data and time properties, program log files, email data files, internet usage, and text files containing relevant dates. Analysis of times and dates in email headers on the computer and the server failed to show any activity for the specific times. Examination of temporary internet files revealed that none had been created with the relevant time stamps. A low-level text search was conducted across the entire contents of all the computer hard drives to locate any reference to these critical dates. No records or test references could be found on any areas of the hard drive to support use of the computer for the times in question. In conclusion, the analysis strongly indicated that the computer was not used during the critical period. This was corroborated by records from the suspect's Internet Service Provider (ISP). The individual was convicted at trial of the criminal offence. The electronic evidence was a key factor in the proceedings

Assignment Specification:

Prepare a report and video demonstration on the following sections related to the case study. You can use your own files for data hiding and analysis. Provide the list of references using IEEE referencing style at the end of the report.

Section 1: Forensic imaging and examinations

Do an Internet search to list out effective tools for the above case study. Choose one of the tools to examine the forensic image and explain with screenshots how the tool can be useful. (250 words)

Section 2: Forensic analysis and validation

Write a report describing the procedures to retrieve the evidence with your selected forensics tools. Explain how to identify and analyse file data and time properties, program log files, email data files, internet usage, and text files containing relevant dates. Also explain how temporary internet files and low level text search were carried out in this investigation. (500 words)

Section 3: Anti-forensics

Research on anti-forensics techniques and write a report on your findings on these techniques. Compare the pros and cons of these techniques in different contexts. Use one of the anti-forensic technique on your files and explain how useful it is. Please explain your methods with the help of screenshots. (750 words)

Demonstration:
Demonstrate your work. You should appear in the video (You Tube or similar) at the first and last 30 secs to introduce yourself and draw a conclusion on your experience with the different computer forensics and anti-forensics techniques.

Attachment:- Computer Forensics.rar