COMP2310 Digital Forensics

Faculty of Science & Engineering
COMP2310 Digital Forensics
Assignment 2 Description
LEARNING OUTCOME
This assignment deals with the recovery of digital evidence. On successful completion, you will be able to
• Engage with material learned in COMP2310;
• Adhere to highest ethical standards, obey the laws and follow procedures at all times when collecting
and dealing with digital evidence;
• Develop and follow suitable processes when performing incident response and conducting digital
forensics investigations;
• Evaluate a practical case with respect to digital forensic investigations;
• Use appropriate tools and techniques to collect and recover data from a variety of digital sources;
and
• Communicate effectively the results of an investigation following professional standards.
OVERVIEW
After a two-hour manhunt, AFP agents arrested an armed man in Macquarie Shopping Centre’s car park on
Thursday, 30 April 2020. Initial investigations revealed that the armed man was a violent extremist, motivated by racial and anti-government beliefs. AFP discovers that the man has planted a bomb somewhere in
Sydney CBD to cause “severe harm and mass casualties” amid coronavirus pandemic.
As a forensic expert, you have been asked by the AFP to help them in examining an image obtained from
a flash drive that belongs to the armed man. The AFP’s bomb response team believes the location of the
bomb is -33.86XX09, 151.206833 and the two-digit XX is hidden in the flash drive. An EnCase image of the
flash drive is available at Part 1 and Part 2. Find the remaining two digits XX and identify the location of
the bomb on Google Maps.
1
SUBMISSION
You need to prepare a forensic report with a maximum of 2000 words. Students need to explain the procedures they followed to find the location of the bomb.
• Acquisition – Describe the process in which you acquired evidence. You should be comprehensive
in detailing your process/methodology. It is typical to see some form of data validation listed, for
example, MD5/SHA1 values for the evidence collected.
• Analysis – This can vary based on the scope of your analysis, but you should describe what
tools/techniques you used as well as your results. If you used multiple tools you should provide
tool version numbers so your results can be cross-validated by another examiner. You should provide enough information so another examiner who was provided your evidence files should be able
to confirm/dispute your findings.
• Steps Taken – Be detailed. Remember, your results should be reproducible. Include software and
hardware used. Do not forget to include version numbers. You also need to include snapshots of
your practical analysis to demonstrate various steps of investigation.
• Evidence – This should include the GPS location and the picture of the area where the bomb is
placed.
EXPECTATION AND TIMELINE
• There is a 10% threshold for the word count. The maximum word length is 2000 words and the
minimum word length is 1800. There are penalties of 5% per 100 words over 2000 or under the 1800
word limit.
• No fancy fonts and 1.5 to double-spacing to be used at all times.
• All work submitted must be authored by the student submitting the work or where material from
other sources is included it must be referenced using IEEE referencing.
• Students found to have plagiarised will be dealt with according to university regulations.
• Students should submit a single word or pdf file.
• The assignment is to be submitted via iLearn.
• The assignment is due Saturday, 30 May, 9am.
MARKING
Marks will be available in iLearn by two weeks after the submission due date.
Marking guideline is as follows:

The post COMP2310 Digital Forensics appeared first on My Assignment Online.