代写COIT12201、代做Digital Forensics、Java，c/c++，Python程序语言代做

日期：2020-09-17 11:04

COIT12201 Electronic Crime and Digital Forensics – T2, 2020 Assessment 2 Page: 1 / 8

COIT12201 - Assessment Item 2

Written Assessment- Digital Forensic Investigation

This assessment item requires you to work in a group (2-3 students per group).

Due date: Due in Week 10 Friday (25 September 2020) 11:55 PM AEST

Weighting: 30% [15 % (Part A) + 15% (Part B)]

Length: Maximum 4000 words (excluding the cover page, table of content, references and

appendix)

Objectives

1. Analyze a case to identify appropriate course of action to investigate.

2. Use appropriate tools and techniques to investigate a digital forensic case.

3. Apply digital forensics methodologies to a forensic investigation.

4. Appraise the legal issues involved in a forensic investigation.

5. Prepare an outline of a professional digital forensic plan and an investigation report.

Overview

In this assessment, you will work in a digital forensic team to investigate a case. Each member of

your group will have specific digital evidence to investigate individually. The group needs to work

together to discuss issues relevant to the entire case. Finally, the group needs to combine individual

investigations and group discussions into a report.

Submit the group report on Moodle for marking. Only one member from the group needs to

upload the report onto Moodle.

Perform the following tasks to complete the assignment:

1. Create a group – no more than 3 members per group;

2. Select one (1) case study to investigate as a group (case study is provided on the Appendix of

this document);

3. Individually, select and complete investigation activities within the case study;

4. As a group, discuss investigation issues and outcome within the case study;

5. Prepare and submit the group report containing both individual and group parts.

These tasks are further described below.

1. Creating a Group - This is a group assignment; hence, it is expected that each student will be

part of a group. A group can have minimum two (2) or maximum three (3) members. Table 1

shows activity requirements based on the size of different groups.

You will organise your own group of three (3) members maximum. Organise your group during the

online tutorial/lab session in weeks before Week 5. You must provide your Tutor (for Distance

Education students, the Unit Coordinator is your tutor) with the details of the members of your group

by end of week 5. Moodle groups will be created using this information which is essential for

submitting the assignment via Moodle submission link.

If for some special circumstances, you must work on your own, you must get written permission via

E-mail from your Unit Coordinator before Week 5. There is no guarantee that your request will be

COIT12201 Electronic Crime and Digital Forensics – T2, 2020 Assessment 2 Page: 2 / 8

approved as it will depend on the particular circumstance (e.g., “I don’t want to work with others” will

not be considered as a valid reason). Bear in mind that the investigations for the case will require

substantial work and carrying out the work on your own can be quite heavy. Due to the nature of the

required level of investigation, it will not be possible to adjust the work load for students working on

their own (subject to approval from the Unit Coordinator) as it may not be sufficient to answer the

questions raised in the case.

Table 1: Required activities based on the size of the group

Student 1 Student 2 Student 3

Group Size 3 Activity1

Discussion

Activity2

Discussion

Activity3

Discussion

Group Size 2 Activity1

Discussion

Activity2

Discussion

N/A

Group Size 1 Activity1

Activity2

Discussion

N/A N/A

As suggested in Table 1, if the group is with 2 students (Group Size 2), student 1 must select and

complete an activity, student 2 must select and complete a different activity (e.g., student 1 does

activity 2 and student 2 does activity 3, etc.), and both students must work together to discuss the

investigation issues and prepare the report.

Issues with Group and group members: Groups have to be created on or before week 5. It

is the group’s responsibility to manage the work in a coordinated manner to achieve the goal.

2. Selecting a Case Study – Each group needs to choose one (1) case study and perform

activities on that case study. The list of case studies is below, with details on Page 5.

? Case One: Exfiltration of corporate Intellectual Property

? Case Two: Electronic Eavesdropping

? Case Three – Illegal digital materials

3. Performing Investigation Activities - Perform your investigation to answer questions given in the

case document. Your investigation should aim to answer questions asked in your chosen case.

Your answers should be supported by evidence found in your investigation and with detailed

justifications. Your individual activity may not answer all questions, but your group activities

together should answer all the questions. Therefore, collaborate effectively with your group

members.

If your individual activity did not answer any questions for your chosen case, you must

present evidence relevant to your case and/or other possible crime(s) not listed in your

case. Use the forensic software you have learnt in the lab for this investigation. If necessary, you

can use other freely available (or trial version of) forensic tools.

3.1 Individual section: choose your activities based on your group size and activity rules shown

in Table 1.

3.1.1 Activity One - Investigate following digital data acquired from the crime scene

mentioned in your case study and prepare a report.

? charlie-2009-12-11.E01

COIT12201 Electronic Crime and Digital Forensics – T2, 2020 Assessment 2 Page: 3 / 8

? charlie-work-usb-2009-12-11.E01

? charlie-2009-12-11.mddramimage.zip

3.1.2 Activity Two - Investigate following digital data acquired from the crime scene

mentioned in your case study and prepare a report.

? pat-2009-12-11.E01

? pat-2009-12-11.mddramimage.zip

? jo-work-usb-2009-12-11.E01

3.1.3 Activity Three - Investigate following digital data acquired from the crime scene

mentioned in your case study and prepare a report.

? terry-2009-12-11-002.E01

? jo-2009-12-11-002.E01

? jo-2009-12-11.mddramimage.zip

3.2 Group discussion: Every group needs to address all points given in this sub-section based

on their individual investigation process to include in the report.

? Details of digital forensic methodologies and process flow used to investigate this case.

? Write appropriate justifications to support your chosen methodologies and process.

? Provide appropriate screenshots to show detailed process of the investigation.

? Identify ethical and legal issues applicable for the case you are working on.

? Justification of choosing ethical and legal issues that are relevant to the case.

4. Submit your report – Prepare and submit your investigation report as a group. A group together

must submit only one report.

Only one member from the group needs to upload the report onto Moodle.

4.1 Expected report structure

I. Introduction

II. Activity 1 (include member’s name who carried out this activity)

III. Activity 2 (include member’s name who carried out this activity)

IV. Activity 3 (only for groups of 3) (include member’s name who carried out this activity)

V. Group Discussion

VI. Conclusion

VII. References

Feel free to add sub-headings for sections II to V. You could choose subheadings but make sure

you check the marking guide to assist you for this. For example, for individual activities, subheadings

could be: tools used, process followed for the investigation, evidence found,

questions answered by identified evidence and justification.

4.2 What to submit: You must upload a single Word document per group using assignment two

submission link on Moodle. Any screenshots or images must be incorporated into the report, not

submitted as separate files. No other files are to be submitted.

5. Other Resources

Required evidence can be downloaded from:

Download link for hard drive images: http://downloads.digitalcorpora.org/corpora/scenarios/2009- m57-

patents/drives-redacted/

Download link for RAM dumps: http://downloads.digitalcorpora.org/corpora/scenarios/2009-m57-

patents/ram/

Download link for USB drives: http://downloads.digitalcorpora.org/corpora/scenarios/2009-m57-

patents/usb/

COIT12201 Electronic Crime and Digital Forensics – T2, 2020 Assessment 2 Page: 4 / 8

Useful Tools: OSForensics, FTK, SleuthKit, autopsy, ProDiscover Basic and Volatility can be really

helpful to investigate this case.

If you are using a Mac computer or Linux, you are advised to install Oracle VirtualBox. You will

need to install Windows virtual machine on the Virtual box and then install these tools on your

Windows virtual machine on the VirtualBox.

Acknowledgement

The case scenario used in this document has been adapted from

http://digitalcorpora.org/corpora/scenarios/m57-patents-scenario for education purpose.

COIT12201 – Assignment 2

Marking Guide

You will be marked individually for your individual activity. Your group discussion will be marked same for

your entire group. Your total mark will be: your individual contribution mark + group mark

Student ID & Name: ____________________________________________________

Marker / Date: _________________________________________________________

Part A: 3.1 Individual section (15 marks)

Marks Comments

1. Depth of the investigation:

? Did students apply all possible

avenues to find evidence? (2 marks)

? Did they reveal all evidence present

in digital data? (2 marks)

/4

2. Appropriateness of tools and techniques:

? How appropriate was the choice of tools

and techniques used for investigation? (3

marks)

? How well does the report detail the

investigation process? (3 marks)

/6

3. Presentation of the evidence

? Was the evidence found presented

appropriately to support answers of the

questions from case study? (2.5 marks)

? How well is the detailed justification

presented? (2.5 marks)

/5

Part B: 3.2 Group work (15 marks) – same marks

for entire group

COIT12201 Electronic Crime and Digital Forensics – T2, 2020 Assessment 2 Page: 5 / 8

Group discussion: (1.5 marks for each)

? Details of digital forensic methodologies and

process flow used to investigate this case.

? Write appropriate justifications to support your

chosen methodologies and process.

? Provide appropriate screenshots to show detail

process of the investigation.

? Identify ethical and legal issues applicable for the

case you are working on.

? Justification of choosing ethical and legal issues

that are relevant to the case.

/7.5

Report preparation and submission -

? The group prepared a single report which is

presented cohesively covering the whole

investigation (2.5 marks)

? The entire group has submitted only one copy of

the report in Moodle. (2.5 marks)

/5

Report quality:

? Is the report easy to follow? (0.5 mark)

? How well is the flow of the investigation

sequentially presented in the report (1 mark)

? Does it prepare with formal report writing style

such as table of content, page numbers,

appropriate referencing (if any), cover page

and so on. (1 mark)

/2.5

Late submission deduction –

/5%( 1.5

marks) for

each day

Total Marks: /30

The case details appear on the next page.

COIT12201 Electronic Crime and Digital Forensics – T2, 2020 Assessment 2 Page: 6 / 8

Appendix: Case Details

Common to all case studies:

Company Details

M57.biz is a new company that researches patent information for clients. The company currently has

one (1) CEO/President, and three (3) additional employees. The company is planning to recruit more

employees, so they have a lot of inventory on hand (computers, printers, etc.).

Table 2: M57 personnel details.

Personnel Electronic Identity

Pat McGoo (President/CEO) pat@m57.biz (email password: mcgoo01)

Terry Johnson (IT Administrator) terry@m57.biz (email password: johnson01)

Jo Smith (Patent Researcher) jo@m57.biz (email password: smith01)

Charlie Brown (Patent Researcher) charlie@m57.biz (email password: brown01)

Employees work onsite and conduct most business exchanges over email. All of the employees work in

Windows environments, although each employee prefers different software (e.g. Outlook vs.

Thunderbird). Figure 1 shows the network configuration of the company.

Figure 1: Network configuration for M57.biz

Note: In the above figure “DOMEX” is the local server managing external network access and email.

You can find further information (such as a copy of the detective reports, along with the search

warrant and affidavit) about this case in the link below.

http://digitalcorpora.org/corpora/scenarios/m57-patents-scenario

Case One - Exfiltration of corporate Intellectual Property

One of the employees in M57 is stealing proprietary research on patent information from the company and

passing it on to an outside entity. This employee has taken some measures to cover their tracks, but

COIT12201 Electronic Crime and Digital Forensics – T2, 2020 Assessment 2 Page: 7 / 8

probably did not count on the company machines being imaged in the ongoing investigation of other

criminal activity.

You are tasked with determining the following:

? Who is exfiltrating the patent search data?

? How are they doing it? Can you identify the specific items they have stolen? What is required to

access the data?

? Who is the outside contact?

? Is there anything in your analysis to suggest that this person might be charged with more than one

criminal offense?

At the end of your investigation you should prepare a report based on the details provided in the

assignment two.

Case Two – Electronic Eavesdropping

One of the M57 employees is spying on the boss (Pat McGoo) electronically. This employee is concerned

that Pat may find out about certain activities they have engaged in - activities that may be related (directly

or indirectly) to another ongoing investigation.

You are tasked with determining the following:

? Who is spying on Pat?

? How are they doing it? Can you identify specific methods or software they have used to facilitate this?

? Why is the employee spying on Pat?

? Is anyone else involved? Would you characterize them as accomplices?

At the end of your investigation you should prepare a report based on the details provided in the

assignment two.

Case Three - Illegal digital materials

It was found that a functioning workstation originally belonging to m57.biz was purchased on the secondary

market. Aaron Greene, the buyer realises that the previous owner of the computer had not erased the drive

and finds illegal digital images and videos on it. Aaron reports this to the police, who take possession of

the computer. Police forensics investigators determine the following:

? The computer originally belonged to m57.biz

? The computer was used by Jo Smith, an M57 employee, as a work computer.

Police contact Pat McGoo, the CEO of m57.biz. Pat authorises imaging of all other computer equipment

onsite at M57 to support additional investigation. Police further pursue a warrant to seize a personal thumb

drive (USB) belonging to Jo. You are given disk images from all of the computers and USB devices found

onsite at M57, along with a USB thumb drive belonging to Jo. You are also provided with four detective

reports and a search warrant and affidavit associated with seizure of the USB drive.

? For the purposes of the scenario, illegal images have been simulated with pictures and videos of cats

produced exclusively for this corpus.

COIT12201 Electronic Crime and Digital Forensics – T2, 2020 Assessment 2 Page: 8 / 8

Questions to answer:

? Is Jo the owner of these files? What evidence is there to confirm or reject this?

? How did the computer come to be sold on the secondary market?

? Who (if anyone) was involved in the sale (theft?) of the computer?

? Were any attempts made to hide these activities (the possession of illegal digital material)?

At the end of your investigation you should prepare a report based on the details provided in the

assignment two.

End of Assessment item 2 specification document.