微信客服:xiaoxionga100
微信客服:ITCS521
ICOM7125-无代写
时间:2023-04-28
ICOM7125 Digital Forensics
Homework #1 (60% of the Final Grade)
Due: 11pm, 22 April 2023
Digital Investigation
Name:__________________ Student ID: __________________
In Part I of this assignment (20% of the final grade), you are required to create a
hypothetical case scenario and digital “clues” in relation to the scenario.
Your scenario may be of a private (corporate) or public nature and you are required
to write a brief fact of the scenario (at least 500 words) by referring to the elements
asked in the “Guidelines for Designing the Hypothetical Case Scenario”.
Along with your case scenario, you are required to create the related digital clues
on a flash/thumb drive with at least 50 digital files. Thereafter, please utilize the
FTK imager to make a forensic image (less than 3 Gb) of the flash/thumb drive,
and recorded the hash value of the forensic image.
Your digital clues must include the following type of files: -
• Hidden file
• Deleted file
• Email
• Graphic and Video file
• Password-protected file
• Compressed file
In Part II of this assignment (40% of the final grade),, you will perform as a digital
investigator and analyze the forensic image created in Part I. Thereafter please
write an expert report (at least 2,000 words) containing the below items:
I. Abstract (Summary paragraph of the report)
II. Body of Report
a. Background of the case scenario
b. Procedures of the examination (Data acquisition, Steps of
analysis)
c. What devices/file systems were examined?
d. What specific files were examined? (type of files and count of
each type)
e. What content was observed in the files?
f. How are the content and digital timestamp of each file related
to the case?
III. Conclusion – include your Opinions about all files examined and
whether the owner of the flash/thumb drive committed any malpractice or
criminal offence.
IV. References (if applicable)
V. Appendix, e.g. photos of the exhibits, photos/sketches of the
environment where you seized the exhibits
Here are the tools that you may use for conducting the examination: -
• AccessData FTK Imager (For conducting data cloning, previewing and
recovering evidence file content).
• MD5/SHA1 hash calculator to calculate the hash value of the extracted file.
• Other software that could open the relevant file type, e.g. Microsoft office
files, graphic type file, compressed file, etc.
******
You are required to submit 1) a brief fact of the scenario, 2) a forensic image of the
flash/thumb drive (less than 3 Gb) and 3) an expert report, to the moodle system
before 11pm, 22 April 2023.
Guidelines for Designing the Hypothetical Case Scenario
Synopsis of Case
Is this a case to be investigated by a Private or Public (e.g. law enforcement) organization?
Victim(s)
Who is/are victim(s)?
What happened to victim(s)?
Incident
What was the incident?
When did the incident take place?
Where did the incident take place?
Who was involved in the incident?
Case/Incident Scene
What was the case/incident scene?
Where was the case/incident scene? (You are
required to provide a sketch and crime scene
photos)
Evidence
What evidence was collected?
How was the evidence collected and turned
over to investigators?
Suspect(s)
Are there any suspects related to this incident?
If so, who is/are the suspect(s)?
Has/have the suspect(s) been charged?
If so, with what case or violation?
Homework #1 (60% of the Final Grade)
Due: 11pm, 22 April 2023
Digital Investigation
Name:__________________ Student ID: __________________
In Part I of this assignment (20% of the final grade), you are required to create a
hypothetical case scenario and digital “clues” in relation to the scenario.
Your scenario may be of a private (corporate) or public nature and you are required
to write a brief fact of the scenario (at least 500 words) by referring to the elements
asked in the “Guidelines for Designing the Hypothetical Case Scenario”.
Along with your case scenario, you are required to create the related digital clues
on a flash/thumb drive with at least 50 digital files. Thereafter, please utilize the
FTK imager to make a forensic image (less than 3 Gb) of the flash/thumb drive,
and recorded the hash value of the forensic image.
Your digital clues must include the following type of files: -
• Hidden file
• Deleted file
• Graphic and Video file
• Password-protected file
• Compressed file
In Part II of this assignment (40% of the final grade),, you will perform as a digital
investigator and analyze the forensic image created in Part I. Thereafter please
write an expert report (at least 2,000 words) containing the below items:
I. Abstract (Summary paragraph of the report)
II. Body of Report
a. Background of the case scenario
b. Procedures of the examination (Data acquisition, Steps of
analysis)
c. What devices/file systems were examined?
d. What specific files were examined? (type of files and count of
each type)
e. What content was observed in the files?
f. How are the content and digital timestamp of each file related
to the case?
III. Conclusion – include your Opinions about all files examined and
whether the owner of the flash/thumb drive committed any malpractice or
criminal offence.
IV. References (if applicable)
V. Appendix, e.g. photos of the exhibits, photos/sketches of the
environment where you seized the exhibits
Here are the tools that you may use for conducting the examination: -
• AccessData FTK Imager (For conducting data cloning, previewing and
recovering evidence file content).
• MD5/SHA1 hash calculator to calculate the hash value of the extracted file.
• Other software that could open the relevant file type, e.g. Microsoft office
files, graphic type file, compressed file, etc.
******
You are required to submit 1) a brief fact of the scenario, 2) a forensic image of the
flash/thumb drive (less than 3 Gb) and 3) an expert report, to the moodle system
before 11pm, 22 April 2023.
Guidelines for Designing the Hypothetical Case Scenario
Synopsis of Case
Is this a case to be investigated by a Private or Public (e.g. law enforcement) organization?
Victim(s)
Who is/are victim(s)?
What happened to victim(s)?
Incident
What was the incident?
When did the incident take place?
Where did the incident take place?
Who was involved in the incident?
Case/Incident Scene
What was the case/incident scene?
Where was the case/incident scene? (You are
required to provide a sketch and crime scene
photos)
Evidence
What evidence was collected?
How was the evidence collected and turned
over to investigators?
Suspect(s)
Are there any suspects related to this incident?
If so, who is/are the suspect(s)?
Has/have the suspect(s) been charged?
If so, with what case or violation?
