Prepared by: ABM Russel Moderated by: Tony Jan May, 2020
| Assessment Details and Submission Guidelines | |
| Unit Code | BN309 |
| Unit Title | Computer Forensics |
| Assessment Type | Individual Assignment |
| Assessment Title | Validating and Testing Computer Forensics Tools and Evidence – Part 2 |
| Purpose of the assessment (with ULO Mapping) |
This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them. • Systematically collect evidence at private-sector incident scenes. • Document evidence and report on computer forensics findings. • Implement a number of methodologies for validating and testing computer forensics tools and evidence • Understand the cross-examination of a legal process |
| Weight | 25% |
| Total Marks | 100 |
| Word limit | See the instructions. |
| Due Date | Tuesday 11:55pm i.e. 2nd June 2020 |
| Submission Guidelines |
• All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. • The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. • Reference sources must be cited in the text of the report, and listed appropriately at the end in a reference list using IEEE referencing style. |
| Extension | • If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School’s Administration Officer, in Melbourne on Level 6 or in Sydney on Level 7. You must submit this application three working days prior to the due date of the assignment. Further information is available at: http://www.mit.edu.au/about-mit/institute-publications/policies-procedures-and guidelines/specialconsiderationdeferment |
| Academic Misconduct |
• Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at: http://www.mit.edu.au/about-mit/institute publications/policies-procedures-and-guidelines/Plagiarism-Academic Misconduct-Policy-Procedure. For further information, please refer to the Academic Integrity Section in your Unit Description. |
Prepared by: ABM Russel Moderated by: Tony Jan May, 2020
Assignment Questions:
Objective:
The objectives of this assignment is to gain theoretical and practical knowledge in different
computer forensics and anti-forensics techniques such as image acquiring and data hiding. The
students should apply appropriate computer forensics tools and techniques and write a report on
their findings. Marks will be awarded based on the sophistication and the in-depth exploration of the
techniques.
Case Study:
You are investigating a murder case related to drug dealing. You have acquired the USB drive from
the crime scene.
Assignment Specification:
Prepare a report and video demonstration on the following sections related to the case study. You can
use your own files for data hiding and analysis. Provide the list of references using IEEE referencing
style at the end of the report.
Section 1: Steganography
Use steganography to hide data in an image file. Explain each step with the help of
screenshots from the tool you used. (250 words)
Section 2: Data Hiding in Slack
File slack is the space between the end of a file and the end of the disk cluster it is stored in.
Hide a secret message into a file that contains slack space. Explain each step with the help
of screenshots from the tool you used. (500 words)
Section 3: Anti-forensics
Research on anti-forensics techniques and write a report on your findings on these
techniques. Compare the pros and cons of these techniques in different contexts. Use one of
the anti-forensic technique on your files and explain how useful it is. Please explain your
methods with the help of screenshots. (750 words)
Demonstration:
Demonstrate your work. You should appear in the video (You Tube or similar) at the first and
last 30 secs to introduce yourself and draw a conclusion on your experience with the
different computer forensics and anti-forensics techniques.
Prepared by: ABM Russel Moderated by: Tony Jan May, 2020
Marking Criteria:
| Questions | Description | Marks |
| Section 1 | Data hiding using steganography Explanation of procedure and screenshots |
10 10 |
| Section 2 | Data hiding in slack Explanation of procedure and screenshots |
10 10 |
| Section 3 | Anti-forensic techniques Pros and Cons Application of anti-forensic on files |
10 10 10 |
| Presentation | Writing quality, Coherence, Report Structure | 10 |
| Reference style | Follow IEEE reference style (should have both in-text citation and reference list) |
10 |
| Demonstration | Video demonstration | 10 |
| Total | 100 |
Marking Rubric:
| Sections | Excellent (80%-100%) | Good (70%-80%) | Fair (60%-70%) | Poor (50%-60%) |
| Section 1 | Appropriate requirements of the plan specified explained and Issues identified and listed |
Requirements for the plan specified and issues identified and listed |
Not a complete plan with a few Explanation of procedure and screenshots |
Did not address sub sections of the section |
| Section 2 | Addressed the three tools explained briefly as to how they work and the data hiding explained |
Addressed the three tools however with minimum explanation with data hiding |
Three tools selected but not explained and not provided a enough explanation for the justification of data hiding |
Not a complete list of security tools and missing explanation of data hiding |
| Section 3 | Explained the act and the important key points |
Provided an idea about the act with the key points |
Did not provide a clear picture of the act with the key points included |
Missing explanation and key points |
Prepared by: ABM Russel Moderated by: Tony Jan May, 2020
| Presentation | The presentation was a concise summary of the topic with all questions answered. Comprehensive and complete coverage of information. |
The presentation was a good summary of the topic. Most important information covered; little irrelevant info. |
The presentation was informative but several elements went unanswered. Much of the information irrelevant; coverage of some of major points. |
The presentation was a brief look at the topic but many questions were left unanswered. Majority of information irrelevant and significant points left out. |
| Demonstration | Very professional, clear and easy to follow. |
Professional, clear and easy to follow |
Clear and easy to follow but lacks professionalism |
Difficult to follow |
The post BN309 Computer Forensics appeared first on My Assignment Online.
