Validating and testing computer forensics tools and evidence

Assignment Help Other Subject

Reference no: EM132491394

BN309 Computer Forensics -Melbourne Institute of Technology

Validating and Testing Computer Forensics Tools and Evidence

Learning Outcome 1: Systematically collect evidence at private-sector incident scenes.
Learning Outcome 2: Document evidence and report on computer forensics findings.
Learning Outcome 3: Implement a number of methodologies for validating and testing computer forensics tools and evidence.

Objective: The objective of the assignment is to compare Computer Forensics Tools and Techniques that can acquire data from a drive, perform data recovery, analyse it and finally validate the acquired data. In addition, students are required to document all steps in a report, the report should be formal so that it can be used in a legal process. Marks will be awarded based on the sophistication and the difficulties of the techniques explored.

Case Study: You have been assigned a case of embezzlement. A 16GB USB is found from the suspect's office, and it is expected to have very important information related to the case. The USB contains several Doc files, Excel files, a couple of image files, and some text files.

Assignment Specification:
Prepare a report on the following Parts related to the case study scenario.

The assignment consists of two parts.
In Part A, you will install and compare two Computer Forensics Tools required to complete this report. You will report briefly on their uses only.

In Part B, you will use the feedback from Part A to extend your report further to address the following requirements:

Data Preparation: You need to use your own USB to create/delete files as mentioned in the scenario below and perform the digital forensics investigation:
1. You need to create six files of type pdf, excel and word documents, where you need to name these files as follow: yourname-BN309-Assig1.*, where * depends of the file type. In addition, you need to change the attribute of these files to describe the Metadata which holds data such as your name as an author, organization name "MIT", computer name "based on your terminal name", date/time created, and comments such as "created for Assignment1 of BN309".
2. Modify the extension of one of the doc file to .jpeg
3. Then you need to delete 3 files including the file you have modified its extension, one of each type. Provide the list of references using IEEE referencing style at the end of the report.

Part 1: Data Acquisition
Prepare a forensic image (bit stream copy) with the record of data deletion. Explain the method and tool you have used in acquiring data. You will need this image to perform the consecutive tasks. Please submit this image with your assignment. You need to cover the challenges to make a successful acquisition, and what are the relevant formats to use and why. Describe the steps required for search and seizure. (400 words)

Part 2: Data Recovery

The suspect has deleted three image files from the USB, your task is to recover these files and explain how you performed this task (with screenshots) and explain the tools you have used. (300 words)

In addition, recover the data from the recycle bin, explain the procedure with your own screenshots. You need to recover the metadata of these files (200 words)

Part 3: Data Analysis
Inspect all files in the USB, use a hex editor and analyse if there is any hidden data in these files. Provide screenshots of your analysis. Describe the tools that can be used for analysing the deleted files, and also describe the benefit(s) for conducting a window registry analysis (300 words)

Part 4: Data Validation
Explain different methods of data validation and use one of them to validate data on USB. Explain how to verify the file extension if it has been altered using relevant tools. Demonstrate with snapshots the data validation as well as detecting the file extension alteration. (400 words)

Attachment:- Computer Forensics.rar

Reference no: EM132491394

Questions Cloud

Determine and describe the type of promotional methods : Conduct an environmental analysis that looks at and comments on your local area and your network of business contacts, competitors and customers

Draw the profit diagram at expiration : If you plan to hold the options positions to expiration, devise a zero-net-investment arbitrage strategy to exploit the pricing anomaly.

Explain the staging of end-stage renal disease : Explain the staging of end-stage renal disease (ESRD) and contributing factors to consider. Consider ESRD prevention and health promotion opportunities.

What is the maximum profit and loss : What is the maximum profit and loss for this position? Draw the profit and loss diagram for this strategy as a function of the stock price at expiration.

Validating and testing computer forensics tools and evidence : Validating and Testing Computer Forensics Tools and Evidence Assignment help and solution - Implement a number of methodologies for validating and testing

Why you have chosen to apply to madonna university program : The letter should be written in the first person, typed, double-spaced and not exceed two pages. It should include a plan for completing any remaining.

Finding a new product to launch in toyota : What are the needs/wants of the customer in automobile sector you are trying to fulfill? finding a new product to launch in Toyota

Month call option at an exercise price : The current price of the stock is $100 per share, and the price of a 3-month call option at an exercise price of $100 is $10.

Appreciate substantially in value in the next 6 months : Suppose you think FedEx stock is going to appreciate substantially in value in the next 6 months. Say the stock's current price, S0, is $100, and the call optio

User Account

All Pages