support@assignmenthelp.net
+1-617-874-1011 (US)
+44-117-230-1145 (UK)
+61-7-5641-0117 (AU)
+44-117-230-1145 (UK)
+61-7-5641-0117 (AU)
In the state of Western Australia it is illegal to access, own or distribute digital content relating to ‘cats’. Jane, the network administrator for the Daily Planet was reviewing network traffic logs when she noticed that an employee may have been accessing digital content relating to cats. The network administrator informed their line manager (Ash), and Ash notified the police. A junior police officer attended the company’s premises and assessed the network traffic logs, confirming that there is a high probability that digital content relating to cats had been accessed via a computer owned by an individual named Clark. Police obtained the necessary documents and seized the equipment relating to the allegation.
The suspect Clark was formally interviewed and denied accessing any content relating to cats. To date, Clark does not have a criminal record. Paul Ekman was coincidentally onsite during the interview, and was asked to examine the video of the interview. Paul made a statement suggesting that Clark’s micro facial expressions didn’t quite “add up”. Clark was interviewed again, but this time used the malware defence. Paul Ekman and the forensic investigators concluded that “something wasn’t quite right”, and they concluded that this would be a suitable challenge for you, the new recruit within the department.
You have been assigned the task of examining a “forensic image” of the suspect’s laptop which was seized with the appropriate warrants and imaged using forensically sound practices. At this point in time, there is insufficient evidence to make any generalisations or conclusions regarding the case. The network logs conclusively suggest that Clark’s computer was used to access the illegal content.
Unfortunately, the junior forensic investigator who obtained a “forensic image” of the computer only performed a logical acquisition. To make matters worse, the junior investigator accidently, securely wipe the laptop’s entire hard drive. Fortunately, the logical acquisition was undertaken in a forensically sound manner and can still be used within the investigation. The MD5 hash of the forensic image is “044288459e2fd193e446eec8de0acdd9”.
Your task is to investigate the supplied forensic image using appropriate tools and forensic process and to develop and submit a written report on your findings. You may use any tools to undertake the investigation but you must justify all of your actions!
|
Cover Page Unit code and title, assignment title, your name, student number, campus and tutor’s name |
|
Table of Contents This must accurately reflect the content of your report and must be generated automatically in Microsoft Word with page numbers. |
|
Summary A succinct overview of the report. What were you looking for? How did you approach the investigation? What did you do? What did you find? What is the outcome of the investigation? Use numbers to support or extend the extent of any crimes that have been committed. |
|
Issue #1 – Presentation of content relating to offence A detailed representation of all content identified, extracted and analysed in the investigation. All evidence must characterised, explained and examined. What is the value of the evidence to the investigation? What does each piece of evidence mean? |
|
Issue #2 – Identification Detail all information relating to possible use/ownership of the evidence identified and extracted. How can you link the evidence to a particular owner? Is there any digital evidence which demonstrates ownership of the device or content? |
|
Issue #3 – Intent Was the content of interest purposefully accessed, downloaded, installed etc.? Was it accidental? What it a third party? Was it malicious software? Present all evidence to support your theory. |
|
Issue #4 – Quantity of Files How many files of every type were present. What percentage of these files relate to the offence? What does this mean for the overall investigation? |
|
Issue #5 – Installed Software What are the installed application relating to the investigation? What purpose do these application serve? Have they been used? Dates/times the application was used? What impact do these applications have on the investigation? |
|
Appendix A – Running Sheet A comprehensive running sheet of your actions in investigating the case study. The running sheet should be presented in table form. What did you? How did you do it? What was the outcome of your action? The running sheet should be more detailed than a recipe and allow someone to replicate your process and achieve the exact same outcome. |
|
Appendix B – Timeline of Events A comprehensive and chronological order of events representing the actions of an illegal nature. Be creative in how you present this data. Consider what is important to include and what serves no purpose. |
|
CRITERIA |
MARK |
|
Evidence (20 marks) |
|
|
‘Issues’ are adequately populated with appropriate evidence |
/8 |
|
Evidence is characterised (filenames, sector locations, file extensions, metadata, hashes, dates/times, allocation status etc.) |
/8 |
|
Evidence has been explained and analysed appropriately |
/4 |
|
Method and Timeline (20 marks) |
|
|
Comprehensive running sheet with clearly defined aims, methods and results |
/8 |
|
Clear use of forensic process which is repeatable and reproducible |
/6 |
|
Accurate and professional timeline of evidence |
/6 |
Assignment Service Australia | CDR Writing Help | TAFE Assignment Help | Perth Assignment Help | Melbourne Assignment Help | Darwin Assignment Help | Adelaide Assignment Help | Assignment Help Victoria | Sydney Assignment Help | Canberra Assignment Help | Brisbane Assignment Help | CDR for Australian immigration | Assignment For Australian History
Assignment Writing Help
Engineering Assignment Services
Do My Assignment Help
Write My Essay Services