Reference no: EM132876958 , Length: word count:1400

BN309 Computer Forensics - Validating and Testing Computer Forensics Tools and Evidence

Learning Outcome 1: Document evidence and report on computer forensics findings;

Learning Outcome 2: Exhibit and understand forensics ethical behaviour and professional conduct;

Learning Outcome 3: Implement a process to support the administration and management of computer forensics

Assignment Questions:

Objective:

The objectives of this assignment are to gain theoretical and practical knowledge and skills in different computer forensics and anti-forensics techniques such as image acquiring, analysis of email headers, temporary internet files, and low-level text search of entire contents of the computer hard drive. The students should apply appropriate computer forensics tools and techniques, and write a report on their findings. Marks will be awarded based on the sophistication and in-depth exploration of the selected techniques.

Case Study:
A large organisation was experiencing difficulties with the circulation of anonymous Hotmail email messages to its employees. The email included allegations that were defamatory to senior management. A study of the email message headers identified the Sydney-based ISP to which the suspect was connected at the time the messages were sent.

A search of company telephone call information stored by their PABX identified that one call had been made to this ISP from a telephone port within the organisation on the same day and during the same period in which the last Hotmail message was sent. The data port from which the telephone call was made was located in a communal area of a specific business unit within the organisation.

Computers were forensically imaged from this area. A series of keyword searches across the images identified one computer containing a reference to the Hotmail account in question. It was also identified that this computer had recently been de-fragmented, a process that can permanently destroy potential evidence.

Assignment Specification:

Prepare a report and video demonstration on the following sections related to the case study. You can use your own files for data hiding and analysis. Provide the list of references using IEEE referencing style at the end of the report.

Section 1: Forensic imaging and examinations

Do an Internet search to list out effective tools for the above case study. Choose one of the tools to examine the forensic image and explain with screenshots how the tool can be useful. (250 words)

Section 2: Forensic analysis and validation

Write a report describing the procedures to retrieve the evidence with your selected forensics tools. Explain how to identify and analyse email message headers, file data and time properties, internet usage, and call information files. Also explain how computers were forensically imaged, identified for de-fragmentation, and low level text search were carried out in this investigation. (500 words)

Section 3: Anti-forensics

Research on anti-forensics techniques and write a report on your findings on these

techniques. Compare the pros and cons of these techniques in different contexts. Use one of the anti-forensic techniques on your files and explain how useful it is. Please explain your methods with the help of screenshots. (750 words)

Demonstration:
Demonstrate your work. You should appear in the video (You Tube or similar) at the first and last 30 secs to introduce yourself and draw a conclusion on your experience with the different computer forensics and anti-forensics techniques.

Attachment:- Computer Forensics.rar