Implement a number of methodologies

Assignment Help Computer Network Security

Reference no: EM132876900 , Length: word count:1400

BN309 Computer Forensics - Validating and Testing Computer Forensics Tools and Evidence

Learning Outcome 1: Systematically collect evidence at private-sector incident scenes.
Learning Outcome 2: Document evidence and report on computer forensics findings.
Learning Outcome 3: Implement a number of methodologies for validating and testing computer forensics tools and evidence.

Assignment Detail:

Objective: The objective of the assignment is using/comparing Computer Forensics Tools for a given case. The assignment require you to acquire data from a USB drive, perform data recovery using different techniques and tools, analyzing it and finally performing the validation of acquired data. In addition, students are required to document all steps in a report, and the report should be formal so that it can be used in a legal proceeding. Marks will be awarded based on the sophistication and in-depth presentation of the techniques explored.

Case Study: Working as a forensic analyst, you have been assigned a case of embezzlement. A 32GB storage drive (for example a USB) is found from the suspect's office, the USB may have data with digital clues that may be related to the case. The USB contains different types of files for example Doc files, Excel files, a couple of image files, and some text files.

Assignment Specification:
Prepare a report on the following sections related to the case study.

The assignment consists of two parts.

In Part A, you will install and compare two Computer Forensics Tools required to complete this report.

Data Preparation: You need to use your own USB to create/delete files as mentioned in the scenario below and perform the digital forensics investigation:

1. You need to create six files of type pdf, excel and word documents, where you need to name these files as follows: YourMITID_BN309_Assignment01.*, where * depends on the file type. In addition, you need to change the attribute of these files to describe the Metadata which holds data such as your name as an author, organization name "MIT", computer name "based on your terminal name", date/time created, and comments such as "created for Assignment1 of BN309".

2. Modify the extension of one of the doc files to .jpeg.

3. Then you need to delete 3 files including the file you have modified its extension, one of each type.
Take the screenshot of each step and include these in your final report. Provide the list of references using IEEE referencing style at the end of the report.

In Part B, you will use the feedback from Part A to extend your report further to address the following requirements:

Section 1: Data Acquisition

Prepare a forensic image (bit stream copy) using any two standard tools from Table 1 with the record of data deletion. In the report, you need to include the screenshots of each step. You will need this image to perform consecutive tasks. You need to cover the challenges to and make a successful acquisition what are the relevant format to use and why. Describe steps required for search and seizure. (400 words)

Section 2: Data Recovery

The suspect has deleted three image files from the USB, recover these files and explain the method (with screenshots) and tool you used. (300 words)

In addition, recover the data from recycle bin, explain the procedure with screenshots. You need to recover the metadata of these files. (200 words)

Section 3: Data Analysis

Inspect all files in the USB, use a hex editor and analyze if there is any hidden data in these files. Provide screenshots of your analysis. Describe the tools that can be used for analyzing the deleted files, and also describe the benefit(s) for conducting a window registry analysis. (300 words)

Section 4: Data Validation

Explain different methods of data validation and use one of them to validate data on USB. Explain how to verify the file extension if it has been altered using relevant tools. Demonstrate with snapshots the data validation as well as detecting the file extension alteration. (400 words)

Attachment:- Computer Forensics.rar

Reference no: EM132876900

Questions Cloud

Principle events of process and thread : Discuss the principle events of PROCESS AND THREAD used in both the hosting OS and the OS management of the appropriate QUEUES.

Advantages of informal sector in developing countries : 2. Explain four conditions that must hold for devaluation of a currency to be effective in developing countries

Explain the issues of runway incursions : Explain the issues of runway incursions, and address some of the safety management challenges in mitigating these incursions, facilities, and infrastructure.

What would be the residual income resulting from the upgrade : If the company has a minimum required return on investment of 8.0%, what would be the residual income resulting from the upgrade

Implement a number of methodologies : Implement a number of methodologies for validating and testing computer forensics tools and evidence - Systematically collect evidence at private-sector

Economic development of developing countries : 1. Outline six contributions of industries in the economic development of developing countries

Analyze the subjective portion of the note : Would you reject/accept the current diagnosis? Why or why not? Identify three possible conditions that may be considered as a differential diagnosis

What were the product costs and period costs for last year : In addition, the company suffered a $20,200 uninsured factory fire loss during the year. What were the product costs and period costs for last year

Crypto project that highlights thesis : A crypto project that highlights a thesis and research,

User Account

All Pages