Assignment 2 Introduction to Digital Forensics
Assignment Part 1: hands-on tasks
- On your virtual computer, please create a small hard disk of 84 MB, of the fixed size type and named by your student number.
- Please create 2 partitions on this newly created hard disk, 1 partition in the FAT file system and 1 partition in the NTFS file system. You can decide the size of each partition, ranging from 21 MB to 63 MB each. Note: depending on your choice in Step 6, you may need to create 3 partitions.
- Mount the 2 partitions to your virtual computer and format each of them.
- In the FAT partition, please randomly copy and delete the text files, in a few rounds, from the virtual hard disk “GutenbergText.vdi”, the zip file downloadable from the Canvas site. Some files are repeated by themselves to make the files very big (well, relatively big, under the context of a 84 MB hard disk).
- Do the same on the NTFS partition, and make sure that you have at least a non-resident file on the NTFS partition.
- Come up a unique string with the prefix “IDF2021_”, for example IDF2021_nice8secrecy. Please hide the string in 2 locations. Hint: you can hide the string in a hidden partition, a slack space, and a cluster of a deleted file. If you choose to hide the string in a hidden partition, you hard disk must have 3 partitions. The extra partition to be hidden is a FAT one. Please note that a NTFS partition can also be hidden. For the sake of being manageable within the scope of the assignment, the hidden partition, should it exist, is a FAT partition only.
- Shutdown your virtual computer and make a copy of this virtual disk file for a groupmate, who are going to use this hard disk to continue their hands-on tasks below. When passing on the hard disk file, please also provide the following information:
- the cluster number of an occupied cluster, on the FAT partition, which belongs to an active file in your newly created hard drive for this assignment purpose. Please report the number via DiskView. This is the active cluster number required in the cover page of the report.
- the cluster number of a cluster, on the FAT partition, which does not belong to any active file, but previously occupied, in your newly created hard drive for this assignment purpose. Please report the number via DiskView. This is the residual cluster number required in the cover page of the report.
- the name of a non-resident file on your NTFS partition. This is the specified non-resident file needed in the cover page of the report.
- Please also receive the virtual hard disk file produced by a groupmate, who has followed the aforementioned steps, with the same extra information - the 2 cluster numbers and the name of the non-resident file. Please continue the following investigation steps on the virtual hard disk you have just received from your group mate.
- Please make a forensic acquisition of the “hard disk” you have just received and restore the copy onto another newly create hard disk of yours, pretending that you have a write-blocker in the middle when you mount the received virtual hard disk. This another newly create hard disk is your work hard disk for your forensic investigation purpose.
- Please find out the hexadecimal values of the first 16 bytes of each cluster of the 2 clusters.
- Please find out the locations of the 2 hidden strings.
- Please find out the MFT record and the first data run of the non-resident file.
- You have now completed your hands-on tasks.
Assignment Part 2: the report
Part 2 forms the report body of your whole report. It has 2 section.
Section 1: your hard disk for the others’ to investigate (5 marks)
Please write a summary report on how you conduct the required hands-on tasks to create the hard disk for your groupmate. Your report should be reasonably self-contained. Without referring to this assignment sheet, by reading your report alone, one should have a good understanding on what you have performed. In your report, please make sure that you have the following:
- [1 mark] the hexadecimal numbers of the first 16 bytes of each of the 2 identified clusters in the right partition of your hard disk,
- [2 marks] the MFT record and the first data run of the identified non-resident file; for the MFT record, please provide a screen dump with a brief explanation; for the first data run, please provide the 3 hexadecimal numbers with the explanation of each number. Please also mark the data run in the MFT record screen dump.
- [2 marks] the secret string you have come up with and the 2 locations where you hide the string; wherever applicable, you should report the partitions and the cluster numbers, in addition to explaining the nature of the hidden locations.
Note: please do not provide this level of details to your groupmate, who is supposedly to investigate this hard disk of yours to independently find out the information.
Section 2 – your investigation and your findings (10 marks)
Please write a summary report on how you conduct the investigation hands-on tasks on the hard disk you have received from your groupmate. Your report should be reasonably self-contained. Without referring to this assignment sheet, by reading your report alone, one should have a good understanding on what you have performed. In your report, please make sure that you also have the following:
- [2 marks] making the forensic copy (bit-stream copy) of the hard disk you have received; this forensic copy is referred as the investigation hard disk in this section of your report.
- [2 marks] the hexadecimal numbers of the first 16 bytes of each of the 2 specified clusters in the right partition on the investigation hard disk; the 2 cluster numbers are specified by your groupmate. Please note that the cluster numbers are reported via DiskView, which has a different cluster numbering system to WinHex.
- [3 marks] the MFT record and the first data run of the specified non-resident file in the right partition on the investigation hard disk; The file name is specified by your groupmate. For the MFT record, please provide a screen dump with a brief explanation. For the first data run, please provide the 3 hexadecimal numbers with an explanation of each number. Please also mark the data run in the MFT record screen dump.
- [3 marks] the secret string your groupmate has come up with and the 2 locations where they hide the string; wherever applicable, you should report the partitions and the cluster numbers, in addition to explaining the nature of the hidden locations.
The marking rubrics for the report
|
Please note that a report is marked in its entirety based on the marking rubrics also in their entirety. A report cannot be marked by its individual keywords in isolation; nor can any individual marking rubric be applied in isolation by itself alone. For example, the irrelevant content in the report cannot be treated as if it does not exist. To the contrary, any irrelevant content weakens the logic flow and reduces the relevance of the report. |
|||||
|
85%-100% |
75%-84% |
65%-74% |
50%-64% |
<50% |
0% |
|
comprehensive understanding of the topics covered thoroughly coherent relevant and accurate with in-depth analysis convincible, sound, and smooth logic excellent writing, concise, clear, and complete all claims backed up by evidence or argument no irrelevant nor inaccurate statements |
good understanding of the topics covered well coherent relevant and accurate sound logic clear writing, concise, and complete majority claims backed up by evidence or argument no irrelevant nor inaccurate statements |
reasonable understanding of the topics covered coherent largely relevant and accurate good logic generally clear writing, reasonably concise, and mostly complete most claims backed up by evidence or argument occasionally irrelevant and inaccurate statements with little impact on the report in a whole |
basic understanding of the topics covered reasonably coherent relevant and accurate in general basic logic understandable writing, somewhat clear, and largely complete claims largely backed up by evidence or argument a few irrelevant and inaccurate statements with noticeable impact on the report in a whole |
little or no understanding of the topic, with irrelevant content, unstructured and unclear writing |
just a few keywords without meaningful sentences |
Diploma Universities Assignments
- Laureate International Universities Course
- Holmes Institute Course
- Tafe NSW
- Yes College Australia
- ACC508 Informatics and Financial Applications Task 2 T2, 2019
- ACC512 Accounting
- ACC520 Legal Regulation of Business Structures Semester 2, 2019
- ACCT20074 Contemporary Accounting Theory Term 2 Assessment 3
- AERO2463 Computational Engineering Analysis : Assignment 4
- B01DBFN212 Database Fundamentals Assessment 1
- BE01106 - Business Statistics Assignment
- BFA301 Advanced Financial Accounting
- BFA504 Accounting Systems Assessment 3
- BSB61015 Advanced Diploma of Leadership and Management
- BSBADV602 Develop an Advertising Campaign
- BSBCOM603 Plan and establish compliance management systems case study
- BSBCOM603 Plan and establish compliance management systems Assessment Task 1
- BSBCOM603 Plan and establish compliance management systems Assessment Task 2
- BSBCOM603 Plan and establish compliance management systems Assessment Task 3
- BSBFIM501 Manage Budgets And Financial Plans Assessment Task 1
- BSBHRM602 Manage Human Resources Strategic Planning
- BSBINM601 Manage Knowledge and Information
- BSBWOR501 Assessment Task 3 Plan Personal Development Plan Project
- BSBMGT517 Manage Operational Plan
- BSBWHS521 Ensure a Safe Workplace For a Work Area
- BSBWRK510 Manage employee relations
- BUSS1030 Accounting, Business and Society
- CAB202 Microprocessors and Digital Systems Course Help
- CHC40213 Certificate IV in Education Support
- CHCAGE001 Facilitate the empowerment of older people
- CHCAGE005 Provide support to people living with dementia
- CHCCCS023 Support independence and wellbeing
- CHCCCS025 Support relationships with carers and families
- CHCCOM005 Communicate and CHCLEG001 Work Legally Ethically
- CHCDIS002 Follow established person-centred behaviour supports
- CHCECE019 Early Childhood Education and Care
- CHCHCS001 Provide home and community support services
- COMP10002 Foundations of Algorithms
- COMP90038 Algorithms and Complexity
- COSC2633/2637 Big Data Processing
- COSC473 Introduction to Computer Systems
- CPCCBC5011A Manage Environmental Management Practices And Processes In Building And Construction
- CPCCBC5018A Apply structural Principles Medium rise Construction
- CSE3OSA Assignment 2019
- ELEC242 2019 Session 2
- ENN543 Data Analytics and Optimisation
- ENN543 Data Analytics and Optimisation Semester 2, 2019
- FINM202 Financial Management Assessment 3 Group Report
- Forensic Investigation Case Study ECU University
- HA2042 Accounting Information Systems T2 2019
- HC1010 Holmes Institute Accounting For Business
- HC2112 Service Marketing and Relationship Marketing Individual Assignment T2 2019
- HC2121 Comparative Business Ethics & Social Responsibility T2 2019
- HI5002 Holmes Institute Finance for Business
- HI5003 Economics for Business Trimester 2 2019
- HI5004 Marketing Management T1 2020 Individual Report
- HI5004 Marketing Management T1 2020 Group Report
- HI5004 Holmes Institute Marketing Management
- HI5014 International Business across Borders Assignment 1
- HI5014 International Business across Borders
- HI5017 Managerial Accounting T2 2019
- HI5017 Managerial Accounting T1 2019
- HI5019 Tutorial Questions 1
- HI5019 Strategic Information Systems for Business and Enterprise T1 2020
- HI5019 Holmes Institute Strategic Information Systems T2
- HI5019 T2 2019
- HI5019 T1 2019
- HI5020 Corporate Accounting T3 2019
- HI5020 Corporate Accounting T2 2019
- HI6005: Management and Organisations in a Global Environment
- HI6006 Tutorial questions
- HI6006 Competitive Strategy Individual T1 2020
- HI6006 Holmes Institute Competitive Strategy
- HI6006 Competitive Strategy T3 2019
- HI6007 Statistics for business decisions
- HI6007 Assessment 2 T1 2020
- HI6007 T1 2019
- HI6008 T2 2019
- HI6008 Holmes Institute Research Project
- HI6025 Accounting Theory and Current Issues
- HI6026 Audit, Assurance and Compliance Course Help
- HI6026 Audit, Assurance and Compliance
- HI6027 business and corporate law tutorial Assignment T1 2021
- HI6027 Business and Corporate Law T3 2019
- HI6027 Business and Corporate Law T2 2019
- HI6028 Taxation Theory, Practice and Law T2 2021
- Hi6028 taxation theory, practice and law Final Assessment t1 2021
- HI6028 Taxation Theory, Practice and Law T2 2019
- HI6028 Taxation Theory T1 2019
- HI6028 Taxation Law Holmes
- HLTAAP001 Recognise healthy body systems
- HLTWHS002 Follow safe practices for direct client care
- HOTL5003 Hotel Property and Operations
- HPS771 - Research Methods in Psychology A
- HS2021 Database Design
- ICTICT307 Customise packaged software applications for clients
- IFN619 Data Analytics for Strategic Decision Makers
- INF80028 Business Process Management Swinburne University
- ISY2005 Case Study Assessment 2
- ISYS326: Information Systems Security Assignment 2, Semester 2, 2019
- ITAP3010 Developing Data Access Solutions Project
- ITECH1103- Big Data and Analytics – Lab 3 – Working with Data Items
- ITECH1103- Big Data and Analytics Assignment Semester 1, 2020
- ITECH 5500 Professional Research and Communication
- Kent Institute Australia Assignment
- MA5830 Data Visualisation Assignment 2
- MGMT7020 Project Management Plan
- Mgt 301 Assessment 3
- MGT215 Project Management Individual Assignment
- MIS102 Data and Networking Course Help
- MITS4002 Object Oriented Software Development
- MITS5002 Software Engineering Methodology
- MKT01760 Tourism Planning Environments Assessment 4
- MKT01760 Tourism Planning Environments
- MKT01906 International Tourism Systems
- MKT5000 Marketing Management S2 2019
- MNG03236 Report Writing SCU
- MRE5003 Industrial Techniques In Maintenance Management Assignment 4
- MRE5003 Industrial Techniques In Maintenance Management Assignment 3
- MRE5003 Industrial Techniques In Maintenance Management
- Network Security and Mitigation Strategies Answers
- NIT2213 Software Engineering Course
- NSB231 Integrated Nursing Practice Assessment Task 1
- Science Literacy Assessment 4
- SIT323 Practical Software Development T 2, 2019
- SIT718 Using aggregation functions for data analysis
- SITXCOM002 Show Social and Cultural Sensitivity
- TLIL5055 Manage a supply chain
- TLIR5014 Manage Suppliers
- USQ ACC5502 Accounting and Financial Management
- UTS: 48370 Road and Transport Engineering Assessment 2
- CHCAGE001 Facilitate the empowerment of older people
- CHCAGE005 Provide support to people living with dementia
- CHCCCS011 Meet personal support needs
- CHCCCS015 Provide Individualised Support
- CHCCCS023 Support independence and wellbeing
- CHCCCS025 Support relationships with carers and families
- CHCCOM005 Communicate and work in health or community services
- CHCDIS001 Contribute to ongoing skills development
- CHCDIS002 Follow established person-centred behaviour supports
- CHCDIS003 Support community participation and social inclusion
- CHCDIS005 Develop and provide person-centred service responses
- CHCDIS007 Facilitate the empowerment of people with disability
- CHCDIS008 Facilitate community participation and social inclusion
- CHCDIS009 Facilitate ongoing skills development
- CHCDIS010 Provide person-centred services
- CHCDIV001 Work with diverse people
- CHCHCS001 Provide home and community support services
- CHCLEG001 Work legally and ethically
- CHCLEG003 Manage legal and ethical compliance
- HLTAAP001 Recognise healthy body systems
- HLTAID003 Provide First Aid
- HLTHPS007 Administer and monitor medications
- HLTWHS002 Follow safe work practices for direct client care
- CORPFIN 7101 managerial finance assignment answers
- Assignment 2 Introduction to Digital Forensics
- MGT603 Systems Thinking Assessment 1
- MGT603 Systems Thinking Assessment 2
- Hi5017 Managerial Accounting T1 2021
- HI6028 Taxation Theory, Practice and Law T1 2021
- OODP101 Assessment Task 3 T1 2021
- ITNE2003R Network Configuration and Management Project