7906ICT Digital Forensics A3 Assessment Specification

7906ICT Assignment Specification
1
CRICOS No. 00233E
7906ICT Digital Forensics A3 Assessment Specification
Due Date: 12th October 2020
Weighting: 35%
This assignment is worth 35% of the total assessment for 7906ICT. It is individual work. While you can discuss the assignment with your peers, your submission should be your own work. You should provide evidence of your own work incorporated in your submission.
The objective of this assignment is to gain knowledge and understanding of digital forensics through research and practical experience. This understanding is to be demonstrated by submission of a formal technical report of an analysis of digital forensics artefacts and a brief essay on recent advanced in digital forensics and a Digital Forensics Investigator’s report for non-technical audiences.
Scenario
In Albuquerque, New Mexico, there has been a mass shooting at the Welker Compound on Daniel Road with over 10 casualties. The owners of the property have long been suspected to be a criminal gang with white supremist ideologies. The compound had been under police surveillance with network traffic for the day of the shooting captured by the ISP. A damaged laptop was discovered at the scene and a memory dump was made but the disk image was unrecoverable. There has also been a mobile phone found near the body of the gang leader and several other suspected criminals.1
Task 1
You are a digital forensics analyst for the Albuquerque Police Department. You have been tasked with examining any digital forensic evidence found at the scene as well as the network capture. The case supervisor suggests you address the following questions.
1. Who are the suspects in the transmission? When does the first communication begin?
2. What browsers are the suspects using and on what operating systems?
3. Are there undercover DEA agents within the gang? If so, who are they?
4. What was sent for Jesse to collect?
5. Is Jesse a DEA agent?
6. What applications are running on the memory dump computer?
7. What web pages has the memory dump computer visited recently?
8. What is email address of the owner of the memory dump computer? 1 The story, all names, characters, and incidents portrayed in this assignment are fictitious. No identification with actual persons (fictitious, living or deceased), places, buildings, events, and motion pictures is intended or should be inferred. No person or entity associated with this assignment received payment or anything of value, or entered into any agreement, in connection with the depiction of tobacco products. No animals were harmed in the making of this assignment.
7906ICT Assignment Specification
2
CRICOS No. 00233E
9. What is password of the memory dump computer?
10. Create a detailed timeline of the significant events that take place on the memory dump computer.
11. What are the non-stock applications installed on the phone?
12. Who is in the contacts list?
13. What messages and calls have been sent and received by the phone?
14. What Internet searches has the owner of the phone made?
15. Is there a link between this phone and the disk image provided in Assessment A2. If so what is it?
As part of the answer for each of these questions you must include:
• A clear description of the evidence and reasoning for your answer.
• A detailed description of the process that you followed and the tools that you used to obtain the evidence. It is expected that you will include screenshots in your description.
Evidence Details
DestroyedLaptopMemory.zip (md5sum: 02094d46e9b3277b5f653000e3dee4b1)
welkercapture.zip (md5sum: 480b054a95e589861ed2566a561aaee6)
victimphone.zip (md5sum: 274ec2b5afdbbe562728315c56581ae3)
Evidence for this assessment can be downloaded at the following links:
DestroyedLaptopMemory.zip (https://cloudstor.aarnet.edu.au/plus/s/4MwGA9ULsXgwzKN)
welkercapture.zip (https://cloudstor.aarnet.edu.au/plus/s/bHZGk4t2MeuPB0z)
victimphone.zip (https://cloudstor.aarnet.edu.au/plus/s/mYHz4qKKmUJaKOw)
If you are using the SIFT workstation on the Griffith Cyber Range you can download it from the following link if you are logged into the SIFT workstation. This link is only accessible if you are logged into the SIFT workstation.
http://7906ICTAssignment.griffith.internal/A3/
Task 2
As it appears that survivors of this incident will be prosecuted, you must complete a digital forensic report for the police department. However, it must be written for a non-IT audience and may be used in court proceedings. This report should follow the recommended report structure and be addressed to non-technical possibly legal staff. Your answers for Task 1 should make up the appendix of this report.
Your report on the investigation should include the following main headings:
• Introduction and Executive Summary – Provide an overview of the case, the relevance of the evidential media being examined, who requested the forensic analysis, and what was requested.
• Evidence Summary – Describe the items of digital evidence that were analysed, providing details such as MD5 values, make and models of equipment
7906ICT Assignment Specification
3
CRICOS No. 00233E
• Examination Summary – Provide an overview of the critical findings relating to the investigation, an executive summary, with any recommendations or conclusions in short form
• Forensic Analysis and Findings – Provide a detailed description of the forensic analysis performed and the resulting findings, along with supporting evidence.
• Conclusions – A summary of conclusions should follow logically from previous sections in the report and should reference supporting evidence.
Submission
Please submit your assignment via the 7906ICT Blackboard web site under the Assessment section. Reports should be submitted as a single docx or pdf file. Task 2 which should be written for a non-technical audience, should be the main body of the report. Task 1 which should be written for a technical audience should be detailed in the Appendix.
The quality of the presentation of a formal technical report is as important as the quality of the technical content of the report in the profession. Your assignment will be assessed on:
1. The body text of your report for Task 2 should be no more than 2500 words or 5 pages in length. Task 1 should be no more than 15 pages in length.
2. The text of your report should be in 12-point Times New Roman or 11-point Arial font or something equivalent, and in single space;
3. Page size is A4 with 2cm in margins on all sides;


Buy plagiarism free, original and professional custom paper online now at a cheaper price. Submit your order proudly with us

Essay Hope