Cardiff School of Computer Science and Informatics Coursework Assessment Pro-forma Module Code: CMT216 Module Title: Computer and Network Forensics Assessment Title: Computer and Network Forensics Coursework Assessment Number: 1 If you have been granted an extension for Extenuating Circumstances, then the submission deadline and return date will be 1 week later than that stated above. If you have been granted a deferral for Extenuating Circumstances, then you will be assessed in the summer resit period (assuming all other constraints are met). This assignment is worth 50% of the total marks available for this module. If coursework is submitted late (and where there are no extenuating circumstances): 1 If the assessment is submitted no later than 24 hours after the deadline, the mark for the assessment will be capped at the minimum pass mark. 2 If the assessment is submitted more than 24 hours after the deadline, a mark of 0 will be given for the assessment. Extensions to the coursework submission date can only be requested using the Extenuating Circumstances procedure. Only students with approved extenuating circumstances may use the extenuating circumstances submission deadline. Any coursework submitted after the initial submission deadline without *approved* extenuating circumstances will be treated as late. More information on the extenuating circumstances procedure can be found on the Intranet: https://intranet.cardiff.ac.uk/students/study/exams-and- assessment/extenuating-circumstances By submitting this assignment you are accepting the terms of the following declaration: I hereby declare that my submission (or my contribution to it in the case of group submissions) is all my own work, that it has not previously been submitted for assessment and that I have not knowingly allowed it to be copied by another student. I understand that deceiving or attempting to deceive examiners by passing off the work of another writer, as one’s own is plagiarism. I also understand that plagiarising another’s work or knowingly allowing another student to plagiarise from my work is against the University regulations and that doing so will result in loss of marks and possible disciplinary proceedings1. 1 https://intranet.cardiff.ac.uk/students/study/exams-and-assessment/academic-integrity/cheating-and- academic-misconduct Assignment 1. Scenarios Taurus Smith and her accomplice may be involved in illegal activity. The suspect’s address was searched by the local police officers. In Taurus Smith’s house, one mobile phone, clothing, some cooking books, toiletries, and a USB flash drive were found. In a further investigation of Taurus Smith’s mobile phone (Exhibit A) and USB flash drive, it is found that the mobile phone is liquid damaged, and the USB flash drive includes an image of a laptop hard drive. Taurus Smith refused to answer any questions. You are a forensic investigator and will be given the image of USB flash drive. You need to conduct examination and identify the relationship between Taurus and her accomplice and any other supporting evidence that pertains to the case. 2. Supplied Materials • Instructions • Scenario • Taurus’ laptop image on a USB flash drive 3. Basic Requirements You are required to examine the Laptop image it is suggested that you use the FTK Imager or Autopsy Tool on Windows (Or you can use Kali VMs or SIFT VMs, in which Autopsy was pre-installed), but you can use any method you wish. If you are using Autopsy you will first need to download and install Autopsy on your Windows, or LINUX machine. The URL can be found below. https://www.sleuthkit.org/autopsy/ You are expected to show that you have followed the basic Forensic Methodology we have gone through to examine the USB image, and produce a scientific report that defines the methods you have used, the results obtained and answers the following questions: 1. Is there anyone else implicated? If so, who? Show any evidence supporting your findings. 2. Where was Taurus Smith planning to travel to? Show any evidence supporting your findings. 3. Can you find all user accounts on Taurus Smith’s laptop? How was this hidden and how did you recover it? 4. Please identify the recipe for ‘Honey Duff Donuts’ and what techniques were used to hide it in the laptop? 5. What other recipes can you find from the suspects laptop image? Hints: 1. Look for deleted data. 2. Look for suspicious emails or files. 3. Build a “dirty word list” and search the image. 4. Look for artefacts from different browsers, google search, Bin files, etc. Basic steps to follow: If you are starting the case in AUTOPSY. Then here are a few steps to get you started. 1. When it asks for an image use the [image name].dd or (.E01) supplied. 2. Ensure you select “partition”. 3. Although you have not been given a specific time you should still revise the steps given in the lectures and create a timeline. 4. Then start the analysis. All this can be done through the AUTOPSY interface. Remember that it uses all the tools we have covered. Deliverables: You are required to write two reports: a full scientific Technical report identifying your methods, reasons, results, and conclusions; and a Court report with summary of your findings. The technical report should contain a section outlining the scientific method you took to arrive at your conclusions. It should also indicate how you extracted the evidence. Remember that another examiner should be able to reproduce your results using the method you describe. You should also remember the Chain of Custody (CoC) and show your evidence has not been tampered with. Regarding the court report, you are also required to produce a summary of your findings in layman terms that could be used in court. This should be a short separate report from your main technical report. Any problems feel free to email me: [email protected]. Learning Outcomes Assessed LO3, LO4, LO6 Criteria for assessment The course work is worth 50%, as a guide In the Technical report (35%): • 10 Marks allocated to Investigation process, including appropriate choice and use of tools, complete examination process. • 10 Marks for evidence presentation with sufficient details. • 10 Marks allocated to technical report structure, results and summary. • 5 Marks for finding and documenting all the evidence. In the Court report (15%): • 5 Marks court report structure • 5 Marks appropriate use of language and presentation. • 5 Marks for clear and appropriate summary/conclusions. Postgraduate Distinction (70-100%) Merit (60-69%) Pass (50-59%) Fail (0-50) Submission Instructions The coursework needs to be submitted via LC and detailed submission instructions will be announced on LC. Description Type Name R1 Compulsory One PDF (.pdf) or Word file (.doc R1_[student number] Technical or .docx) Report.pdf/doc/docx R2 Compulsory One PDF (.pdf) file R2_[student number] Court Report.pdf Staff reserve the right to invite students to a meeting to discuss coursework submissions Support for assessment Questions about the assessment can be asked on https://stackoverflow.com/c/comsc/ and tagged with ‘CMT216’, or by email.
Tags: alwaysopen, assignmenthelpaustralia, assignmenthelpmelbourne, assignmenthelpsydney, assignmenthelpwebsites, london, londonstudent, melbourne, myassignmenthelp, plagiarismfreework, studentassignmenthelp