User Account

All Pages

Critically evaluate the tools and techniques used

Assignment Help Other Subject
Reference no: EM134013447

Digital Forensics

Assessment:

Introduction
You will submit work in project activities during the study period. This is a group assessment.

This is a group project of 4 students per group. The scenario is fictitious. You are members of a digital forensics response team engaged by an organisation to investigate a suspected insider data exfiltration and policy violation incident. You are required to complete a professional Digital Forensic Investigation Report suitable for executive review and possible court use. It is expected that you will use multiple tools, techniques, and sources of evidence to establish your conclusions in areas related to Computer Science.

Project Scenario: Operation ShadowSync
A biotechnology company, HelixNova Labs, is preparing to file a high-value patent. Three days before a senior systems engineer resigns, the company's security team detects unusual activity involving:

Late-night access to confidential project folders
Large file compression and encryption activity on a corporate Windows laptop
USB device connections not previously seen on the system
Outbound traffic to a personal cloud storage account
Suspicious emails sent to external addresses with attachments and links
Evidence that a mobile device may have been used to coordinate activity
Browser artefacts suggesting use of private webmail, cloud portals, and anti-forensics searches
Log data indicating remote access and unusual VPN activity

The organisation has seized the relevant devices and exported associated logs. Your team must determine:

What happened
When it happened
What data was targeted or exfiltrated
Which artefacts support the findings
Whether the activity appears accidental, negligent, or deliberate
What limitations remain in the investigation

Evidence Package Provided
Your group will be provided with a case package that may include:

A forensic image of a Windows workstation or laptop
Selected memory artefacts or live response outputs
USB history and registry-related artefacts
Browser history and download records
Email export files and/or email headers
VPN, firewall, proxy, or packet capture logs
Cloud sync or cloud access logs
A mobile device logical extraction or backup
User profile information and case background notes

Evidence Package (found in Moodle)
windows-ftkimager-first.E01
windows-ftkimager-second.E01

Project Requirements
Your group must investigate the scenario as a multi-source forensic case. The project is intentionally designed so that the workload is substantial enough for 4 students, and each member must take responsibility for a distinct investigation stream while contributing to the overall report and presentation.

Required Group Role Allocation
Each group member must lead one of the following streams:

Endpoint and File-System Lead
Responsible for:

Windows artefacts
File system examination
Deleted files, timestamps, Prefetch, Recycle Bin, registry traces
USB artefacts
Local evidence of compression, encryption, or staging using concepts related to Operating System analysis.

Network and Cloud Lead
Responsible for:

VPN, firewall, proxy, DNS, or PCAP analysis
Network timeline reconstruction
Cloud service access evidence
Data transfer patterns
Correlation between user activity and remote services using Data Communication And Networking principles.

Mobile and Communications Lead
Responsible for:

Mobile device artefacts or backup analysis
Email artefacts and headers
Messaging or communication evidence
Linkage between device usage and incident timing
Possible coordination or intent indicators

Validation, Correlation, and Reporting Lead
Responsible for:

Chain of custody summary
Hash verification and validation of evidence handling
Master timeline correlation across all streams
Quality assurance and consistency checks
Final report integration and preparation for testimony/presentation

Note: Although each student leads one stream, the final conclusions must be developed collaboratively.

Tasks

Investigation Planning
Your group must prepare an investigation plan that includes:

Case scope and objectives
Initial hypotheses
Evidence sources and likely relevance
Tools selected for each stream
Validation and integrity strategy
Group role allocation and responsibilities

Evidence Acquisition and Validation
Your group must document how the evidence would be acquired, preserved, and validated, including:

Acquisition method(s) used or assumed
Integrity verification process (hashing/validation)
Handling of seized data
Chain of custody considerations
Any limitations in the provided evidence set

Multi-Source Forensic Analysis
Your group must analyse the evidence and produce findings across the four investigation streams.

At minimum, the analysis must address:

Endpoint evidence: user activity, file handling, deleted data, USB traces, local staging, execution artefacts
Network evidence: remote access, suspicious traffic, timing correlations, potential exfiltration paths
Cloud evidence: synchronisation, uploads, access to external accounts, browser/cloud artefacts
Mobile and communication evidence: emails, mobile artefacts, possible coordination, supporting intent indicators

Your group must identify and explain:

Key artefacts
Their evidential value
How they relate to the incident
Whether the evidence supports deliberate insider exfiltration

Timeline Reconstruction
Your group must create a master timeline of events that integrates artefacts from all streams.

Tool Evaluation and Critical Reflection
Your group must critically evaluate the tools and techniques used, including the use of Database Management Dbms and related forensic analysis tools where applicable.

Professional Investigation Report
Your report must include all required sections outlined in the assessment brief.

Presentation (10%) Session 13
Each group must deliver a 10-minute presentation, followed by 5 minutes of questions.

Minimum Expectations for a Strong Submission
A strong project should demonstrate:

Use of multiple tools or techniques
Clear separation and integration of investigation streams
Evidence-based reasoning rather than unsupported assumptions
A defensible conclusion supported by artefacts
Professional-quality reporting and presentation
Meaningful contribution from all 4 members, including knowledge of Software Engineering practices where relevant.

Reference no: EM134013447

Questions Cloud

Arterial hypertension with bad eating habits and sedentary : Make a story about a healthy person who was detected with arterial hypertension with bad eating habits and sedentary.
Primary quantitative research : Use the Galen library database to find one primary quantitative research article on any topic related to nursing recently published this year.
Share how do your selections lend themselves : Study their premise then share how do your selections lend themselves to understanding aspects of cybercrime or the cyber-criminal?
Introduction on definition and meaning social responsibility : Introduction on the definition and meaning social responsibility.
Critically evaluate the tools and techniques used : ITSC3004 Digital Forensics - critically evaluate the tools and techniques used, including the use of Database Management Dbms and related forensic analysis tool
Describe vision for the overall culture : Describe a vision for the overall culture you aspire to develop in your organization, relative to the employees being one of the most important company assets.
Which is most likely a goal of a service-style department : In the context of the 3 styles of law enforcement agencies identified by James Q. Wilson, which is most likely a goal of a service-style department?
What makes affordable and inclusive healthcare delivery : What Makes Affordable and Inclusive Healthcare Delivery Such a Divisive Issue Both Politically and Economically?
How scientific inquiry can overcome them in public safety : Describe three examples of these errors and explain how scientific inquiry can overcome them in public safety.

Reviews

len4013447

5/26/2026 9:33:51 AM

ITSC3004 Digital Forensics Assessment Details for Assessment Item 3 Project report and PPT Presentation; possible Qs and Ans.

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd