辅导COIT12201程序、写作Digital Forensics作程序

” 辅导COIT12201程序、写作Digital Forensics作程序COIT12201 Electronic Crime and Digital Forensics T2, 2020 Assessment 2 Page: 1 / 8COIT12201 – Assessment Item 2Written Assessment- Digital Forensic InvestigationThis assessment item requires you to work in a group (2-3 students per group).Due date: Due in Week 10 Friday (25 September 2020) 11:55 PM AESTWeighting: 30% [15 % (Part A) + 15% (Part B)]Length: Maximum 4000 words (excluding the cover page, table of content, references andappendix)Objectives1. Analyze a case to identify appropriate course of action to investigate.2. Use appropriate tools and techniques to investigate a digital forensic case.3. Apply digital forensics methodologies to a forensic investigation.4. Appraise the legal issues involved in a forensic investigation.5. Prepare an outline of a professional digital forensic plan and an investigation report.OverviewIn this assessment, you will work in a digital forensic team to investigate a case. Each member ofyour group will have specific Digital evidence to investigate individually. The group needs to worktogether to discuss issues relevant to the entire case. Finally, the group needs to combine individualinvestigations and group discussions into a report.Submit the group report on Moodle for marking. Only one member from the group needs toupload the report onto Moodle.Perform the following tasks to complete the assignment:1. Create a group no more than 3 members per group;2. Select one (1) case study to investigate as a group (case study is provided on the Appendix ofthis document);3. Individually, select and complete investigation activities within the case study;4. As a group, discuss investigation issues and outcome within the case study;5. Prepare and submit the group report containing both individual and group parts.These tasks are further described below. 辅导COIT12201作业、写作Digital Forensics作业1. Creating a Group – This is a group assignment; hence, it is expected that each student will bepart of a group. A group can have minimum two (2) or maximum three (3) members. Table 1shows activity requirements based on the size of different groups.You will organise your own group of three (3) members maximum. Organise your group during theonline tutorial/lab session in weeks before Week 5. You must provide your Tutor (for DistanceEducation students, the Unit Coordinator is your tutor) with the details of the members of your groupby end of week 5. Moodle groups will be created using this information which is essential forsubmitting the Assignment via Moodle submission link.If for some special circumstances, you must work on your own, you must get written permission viaE-mail from your Unit Coordinator before Week 5. There is no guarantee that your request will beCOIT12201 Electronic Crime and Digital Forensics T2, 2020 Assessment 2 Page: 2 / 8approved as it will depend on the particular circumstance (e.g., I dont want to work with others willnot be considered as a valid reason). Bear in mind that the investigations for the case will requiresubstantial work and carrying out the work on your own can be quite heavy. Due to the nature of therequired level of investigation, it will not be possible to adjust the work load for students working ontheir own (subject to approval from the Unit Coordinator) as it may not be sufficient to answer thequestions raised In the case.Table 1: Required activities based on the size of the groupStudent 1 Student 2 Student 3Group Size 3 Activity1DiscussionActivity2DiscussionActivity3DiscussionGroup Size 2 Activity1DiscussionActivity2DiscussionN/AGroup Size 1 Activity1Activity2DiscussionN/A N/AAs suggested in Table 1, if the group is with 2 students (Group Size 2), student 1 must select andcomplete an activity, student 2 must select and complete a different activity (e.g., student 1 doesactivity 2 and student 2 does activity 3, etc.), and both students must work together to discuss theinvestigation issues and prepare the report.Issues with Group and group members: Groups have to be created on or before week 5. Itis the groups responsibility to manage the work in a coordinated manner to achieve the goal.2. Selecting a Case Study Each group needs to choose one (1) case study and performactivities on that case study. The list of case studies is below, with details on Page 5. Case One: Exfiltration of corporate Intellectual Property Case Two: Electronic Eavesdropping Case Three Illegal digital materials3. Performing Investigation Activities – Perform your investigation to answer questions given in thecase document. Your investigation should aim to answer questions asked in your chosen case.Your answers should be supported by evidence found in your investigation and with detailedjustifications. Your individual activity may not answer all questions, but your group activitiestogether should Answer all the questions. Therefore, collaborate effectively with your groupmembers.If your individual activity did not answer any questions for your chosen case, you mustpresent evidence relevant to your case and/or other possible crime(s) not listed in yourcase. Use the forensic software you have learnt in the lab for this investigation. If necessary, youcan use other freely available (or trial version of) forensic tools.3.1 Individual section: choose your activities based on your group size and activity rules shownin Table 1.3.1.1 Activity One – Investigate following digital data acquired from the crime scenementioned in your case study and prepare a report. charlie-2009-12-11.E01COIT12201 Electronic Crime and Digital Forensics T2, 2020 Assessment 2 Page: 3 / 8 charlie-work-usb-2009-12-11.E01 charlie-2009-12-11.mddramimage.zip3.1.2 Activity Two – Investigate following digital data acquired from the crime scenementioned in your case study and prepare a report. pat-2009-12-11.E01 pat-2009-12-11.mddramimage.zip jo-work-usb-2009-12-11.E013.1.3 Activity Three – Investigate following digital data acquired from the crime scenementioned in Your case study and prepare a report. terry-2009-12-11-002.E01 jo-2009-12-11-002.E01 jo-2009-12-11.mddramimage.zip3.2 Group discussion: Every group needs to address all points given in this sub-section basedon their individual investigation process to include in the report. Details of digital forensic methodologies and process flow used to investigate this case. Write appropriate justifications to support your chosen methodologies and process. Provide appropriate screenshots to show detailed process of the investigation. Identify ethical and legal issues applicable for the case you are working on. Justification of choosing ethical and legal issues that are relevant to the case.4. Submit your report Prepare and submit your investigation report as a group. A group togethermust submit only one report.Only one member from the group needs to upload the report onto Moodle.4.1 Expected report structureI. IntroductionII. Activity 1 (include members name who carried out this activity)III. Activity 2 (include members name who carried out this activity)IV. Activity 3 (only For groups of 3) (include members name who carried out this activity)V. Group DiscussionVI. ConclusionVII. ReferencesFeel free to add sub-headings for sections II to V. You could choose subheadings but make sureyou check the marking guide to assist you for this. For example, for individual activities, subheadingscould be: tools used, process followed for the investigation, evidence found,questions answered by identified evidence and justification.4.2 What to submit: You must upload a single Word document per group using assignment twosubmission link on Moodle. Any screenshots or images must be incorporated into the report, notsubmitted as separate files. No other files are to be submitted.5. Other ResourcesRequired evidence can be downloaded from:Download link for hard drive images: https://downloads.digitalcorpora.org/corpora/scenarios/2009- m57-patents/drives-redacted/Download link For RAM dumps: https://downloads.digitalcorpora.org/corpora/scenarios/2009-m57-patents/ram/Download link for USB drives: https://downloads.digitalcorpora.org/corpora/scenarios/2009-m57-patents/usb/COIT12201 Electronic Crime and Digital Forensics T2, 2020 Assessment 2 Page: 4 / 8Useful Tools: OSForensics, FTK, SleuthKit, autopsy, ProDiscover Basic and Volatility can be reallyhelpful to investigate this case.If you are using a Mac computer or Linux, you are advised to install Oracle VirtualBox. You willneed to install Windows virtual machine on the Virtual box and then install these tools on yourWindows virtual machine on the VirtualBox.AcknowledgementThe case scenario used in this document has been adapted from https://digitalcorpora.org/corpora/scenarios/m57-patents-scenario for education purpose.COIT12201 Assignment 2Marking GuideYou will be marked individually for your individual activity. Your group discussion will be marked same foryour entire group. Your total mark will be: your individual contribution mark + group markStudent ID Name: ____________________________________________________Marker / Date: _________________________________________________________Part A: 3.1 Individual section (15 marks)Marks Comments1. Depth of the investigation: Did students apply all possibleavenues to find evidence? (2 marks) Did they reveal all evidence presentin digital data? (2 marks)/42. Appropriateness of tools and techniques: How appropriate was the choice of toolsand techniques used for investigation? (3marks) How well does the report detail theinvestigation process? (3 marks)/63. Presentation of the evidence Was the evidence found presentedappropriately to support answers of thequestions from case study? (2.5 marks) How well is The detailed justificationpresented? (2.5 marks)/5Part B: 3.2 Group work (15 marks) same marksfor entire groupCOIT12201 Electronic Crime and Digital Forensics T2, 2020 Assessment 2 Page: 5 / 8Group discussion: (1.5 marks for each) Details of digital forensic methodologies andprocess flow used to investigate this case. Write appropriate justifications to support yourchosen methodologies and process. Provide appropriate screenshots to show detailprocess of the investigation. Identify ethical and legal issues applicable for thecase you are working on. Justification of choosing ethical and legal issuesthat are relevant to the case./7.5Report Preparation and submission – The group prepared a single report which ispresented cohesively covering the wholeinvestigation (2.5 marks) The entire group has submitted only one copy ofthe report in Moodle. (2.5 marks)/5Report quality: Is the report easy to follow? (0.5 mark) How well is the flow of the investigationsequentially presented in the report (1 mark) Does it prepare with formal report writing stylesuch as table of content, page numbers,appropriate referencing (if any), cover pageand so on. (1 mark)/2.5Late submission deduction /5%( 1.5marks) foreach dayTotal Marks: /30The case details appear on the next page.COIT12201 Electronic Crime and Digital Forensics T2, 2020 Assessment 2 Page: 6 / 8Appendix: Case DetailsCommon to all case studies:Company DetailsM57.biz is a new company that researches patent information for clients. The company currently hasone (1) CEO/President, and three (3) additional employees. The company is planning to recruit moreemployees, so they have a lot of inventory on hand (computers, printers, etc.).Table 2: M57 personnel details.Personnel Electronic IdentityPat McGoo (President/CEO) pat@m57.biz (email password: mcgoo01)Terry Johnson (IT Administrator) terry@m57.biz (email password: johnson01)Jo Smith (Patent Researcher) jo@m57.biz (email password: smith01)Charlie Brown (Patent Researcher) charlie@m57.biz (email password: brown01)Employees work onsite and conduct most business exchanges over email. All of the employees work inWindows environments, although each employee prefers different software (e.g. Outlook vs.Thunderbird). Figure 1 shows the network configuration of the company.Figure 1: Network configuration for M57.bizNote: In the above figure DOMEX is the local server managing external network access and email.You can find further Information (such as a copy of the detective reports, along with the searchwarrant and affidavit) about this case in the link below. https://digitalcorpora.org/corpora/scenarios/m57-patents-scenarioCase One – Exfiltration of corporate Intellectual PropertyOne of the employees in M57 is stealing proprietary research on patent information from the company andpassing it on to an outside entity. This employee has taken some measures to cover their tracks, butCOIT12201 Electronic Crime and Digital Forensics T2, 2020 Assessment 2 Page: 7 / 8probably did not count on the company machines being imaged in the ongoing investigation of othercriminal activity.You are tasked with determining the following: Who is exfiltrating the patent search data? How are they doing it? Can you identify the specific items they have stolen? What is required toaccess the data? Who is the outside contact? Is there anything in your analysis to suggest that this person might be charged with more than onecriminal offense?At the end of your investigation you should prepare a report based on the details provided in theassignment two.Case Two Electronic EavesdroppingOne of the M57 employees is spying on the boss (Pat McGoo) electronically. This employee is concernedthat Pat may find out about certain activities they have engaged in – activities that may be related (directlyor indirectly) to another ongoing investigation.You are tasked with determining the following: Who is spying on Pat? How are they doing it? Can you identify specific methods or software they have used to facilitate this? Why is the employee spying on Pat? Is anyone else involved? Would you characterize them as accomplices?At the end of your investigation you should prepare a report based on the details provided in theassignment two.Case Three – Illegal digital materialsIt was found that a functioning workstation originally belonging to m57.biz was purchased on the secondarymarket. Aaron Greene, the buyer realises that the previous owner of the computer had not erased the driveand finds illegal digital images and videos on it. Aaron reports this to the police, who take possession ofthe computer. Police forensics investigators determine the following: The computer originally belonged to m57.biz The computer was used by Jo Smith, an M57 employee, as a work computer.Police contact Pat McGoo, the CEO of m57.biz. Pat authorises imaging of all other computer equipmentonsite at M57 to Support additional investigation. Police further pursue a warrant to seize a personal thumbdrive (USB) belonging to Jo. You are given disk images from all of the computers and USB devices foundonsite at M57, along with a USB thumb drive belonging to Jo. You are also provided with four detectivereports and a search warrant and affidavit associated with seizure of the USB drive. For the purposes of the scenario, illegal images have been simulated with pictures and videos of catsproduced exclusively for this corpus.COIT12201 Electronic Crime and Digital Forensics T2, 2020 Assessment 2 Page: 8 / 8Questions to answer: Is Jo the owner Of these files? What evidence is there to confirm or reject this? How did the computer come to be sold on the secondary market? Who (if anyone) was involved in the sale (theft?) of the computer? Were any attempts made to hide these activities (the possession of illegal digital material)?At the end of your investigation you should prepare a report based on the details provided in theassignment two.End of Assessment item 2 specification document.如有需要，请加QQ：99515681 或邮箱：99515681@qq.com

“