Digital Forensics

128 views 10:38 am 0 Comments June 6, 2023

Question 1.

In topic 1 of this subject, you learnt about the investigations triangle that emphasis on the role of other fields with digital forensics. Explain in your own words, the functions and responsibilities of each group from each side of the triangle. Why do you think it is important for these three groups to work as a team for an organisation?

Question 2.

A2Z ForensicsĀ is a digital forensics investigation firm that conducts forensic investigations for public as well as private sectors. You are working in this firm as a forensics specialist for a number of years now. The firm is establishing a new forensics lab to meet the future requirements. You have been asked to prepare a business case for this new lab. Your job is to focus on three aspects of the new lab which are hardware, software and lab security. Based on the knowledge of topic 2, prepare a brief business case, summarise and justify the equipment (both hardware and software) you recommend for this new lab that will meet future requirements. Also, briefly explain the security measures you recommend for this new lab.

Question 3.

As a private sector investigator, you are investigating an important case for an office. You have been given access to the office computer network and the computers that may contain some important information related to the case. You are allowed to speak the network administrator. In this scenario, what data acquisition method will you prefer to use? Justify your answer.

Also, outline the problems you expect to encounter and explain how to rectify them describing your solution. Identify any potential customer privacy issues that should be considered.

Question 4.

A2Z ForensicsĀ has hired you to investigate an email that has been received by one of their employee. This email looks suspicious to the company and they want to know the information such as from where and when this email was generated and also any other related information.

They have provided you the email header as shown in the figure below. You have been asked to analyse this email header and describe the information while evaluating this header file. The company also wants to trace back the origin of this email. In this scenario, what would you recommend the company in order to trace back this email?

Figure for Question 4: An e-mail header with line numbers added (The e- mail addresses are not real addresses.)

Question 5.

Assume you have been given a scrambled text file with some hidden text data similar to the one in your assessment. What will be the best method that you will use to unscramble the file and why would you choose this method? Justify your answer. [5 marks]

You have collected a digital evidence from a crime scene and calculated its hash value using WinHex editor with MD5 algorithm. You have stored the evidence in a forensics lab. After a week, when you started analysing the evidence, you again calculated the hash value of the evidence using Autopsy and with SHA-1 algorithm. You found that the hash value of the evidence is now changed. Describe why the hash value now is different than the one you calculated when you acquired the evidence? [5 marks] END OF EXAMINATION

Tags: , , , , , , , , , , , , , , , , , , , , , , , ,