Reference no: EM133959084 , Length: Word Count:3000

Digital Forensics

Assessment - Artefact Research Report

Background
You sit at your desk, pleased with the outcome of your investigation as lead investigator of your first compromise. If only you could visit your less experienced past self, letting them know the career satisfaction that was ahead of them. "It's been worth all the hard work", you tell your fictional past self.

Your boss drops by to congratulate you on a job well done. You cautiously accept her gratitude, knowing she always has a hidden agenda. "Well done. The client was very happy. Happy clients make for tidy profit margins", she quips.

"Here it comes", you think to yourself.

"As a senior staff member, I have expectations of you beyond merely completing accurate forensic investigations", she states. "Remember that time when I asked you to write that research essay for me about high-level forensic methodologies?", she asks. "Well, now I need you to do some technical research for me. This is a forward leaning company after all, and I'm always on the lookout for new and exciting forensic artefacts to exploit during our investigations. I'd like you to pick a forensic artefact to research and write a report on it for me. I expect the report to be of high enough quality to be included in our research knowledgebase, so make sure you do a good job."

Her office phone rings yet again, and your discussion instantly becomes a lower priority. "Here, take this list and pick something," she orders, abruptly leaving the room, heading for her office. "If you can think of something else, then make sure you run it past me first."

Artefacts That Need Research
You return to your desk and examine the list. "Microsoft Windows artefacts that need researching for integration into our forensic investigations", the list reads.

A bulleted list of Microsoft Windows artefacts follows:
Prefetch
ShimCache

The Research Report
This is the third assessment, and it's worth 25% of the total course grade. It'll require you to select one (1) Microsoft Windows artefact from the list provided above and then conduct your own research about how the selected artefact can be exploited for information during a digital forensic investigation. As this assessment is post your first investigation, you're expected to conduct some of your own independent technical research to demonstrate your understanding of the artefact. This should complement any existing research you find regarding the artefact. Don't forget to detail the internals of the artefact. Get AI-free online assignment help from experienced academic experts.

NB: both artefacts within the list have already been thoroughly researched and documented within the open-source community. Once complete, you are to compile your research into a research report of approximately five (5) to six (6) pages in length.

Aims
On completion of this assessment, you should be able to demonstrate the following Learning Outcomes:
LO2: Demonstrate how to utilise contemporary open-source tools, techniques, and procedures to conduct forensic analysis
LO3: Demonstrate your ability to derive and exploit the forensic value of atomic operating system artefacts using first principles

Furthermore, through the successful completion of this assessment you'll progress the development of the following graduate attributes:
The ability to engage in independent and reflective learning
The skills to locate, evaluate, and use relevant information
The skills to effectively communicate

Constraints
The deliverable for this assessment must conform to a defined research report format. This report must include the following compulsory sections:
Abstract (~300 words in length)
Introduction (~400 words in length)
Technical Analysis (~2000 words in length)
Limitations (~300 words in length)
References

Your report should be a single Microsoft Word document consisting of 3,000 words total (±5%), which equates to approximately five (5) to six (6) pages in length. Please note, a title page, tables and figures, and any appendices are not included in the word count. You should cite at least five
(5) good research sources in your report. Please use the APA 6 / Chicago 16B referencing style1.

Assessment Criteria
Assessment of the research report will be based on the assessment criteria guide as below:

Quality of the Abstract:
Did the abstract clearly and concisely summarise your research?
Was the overall purpose of the research articulated?
Were the major findings of your analysis included?
Was there a brief summary of your interpretations and conclusions?

Quality of the Introduction:
Did the introduction clearly and concisely summarise the artefact's background information, including its actual purpose within the Microsoft Windows operating system?
Was the scope, context, and significance of the research established?

Quality of the Technical Analysis:
Did the technical analysis clearly and concisely describe the internal data structures and/or technical implementations of the selected artefact?
Was the forensic importance of the artefact's internal structures and technical implementations clearly and concisely articulated?
Was the technical analysis complete, within the predefined scope?
Was the technical analysis accurate, absent of fabricated analysis outcomes?

Quality of the Limitations:
Did the limitations clearly and concisely articulate the forensic boundaries of the artefact?

Quality of the Citations:
Did the citations support an accurate technical analysis?
Was the APA citation style used in both the text and bibliography?
Was an appropriate number of citations provided (at least five)?

Quality of Communication:
Was the report free of spelling and grammatical errors?
Was the report of an appropriate length?
If applicable, was any auxiliary content (i.e. figures, referenced data, tables etc.) used effectively?