Task: Practical Activities and Projects (15 Marks)
Complete the following hands-on projects from the textbook (Guide to Computer Forensics and Investigations, 6/e, Nelson, Phillips, & Steuart, 2019)
1. Hands-on Project 4-3, Examining M57 Patent Case (8 Marks)
In this project, you are examining ‘Terry’s work USB’ to find if Terry has been involved in anything illicit or against company policy. While your main focus will be investigating any images in the USB, you also should look if there is any other suspicious material/activity recorded on the USB. Write a report with the investigation screenshots and explain the importance of the files you examined and how might they affect the patent case. While providing screenshots of your work, include a short description of the information that is given in the screenshot. For example, if you did a keyword search to find any images in the USB and you got results, describe what was your search term. What did you find as a search result? With the screenshots of your work, show/include your i2 login and/or username at least in one of the screenshots as proof of your own work.
2. Hands-on Project 5-2, Exploring MFT and Exploring Metadata of File (7 Marks)
Note this project has the maximum marks in this task and requires advanced knowledge and skills of the topic. Write an MS Word report after completing this project describing what metadata you have discovered from the file you analysed using WinHex editor. Note that if you like, you can use any other Hex editor as well such as HxD or Neo. You are required to compare your results with the information provided in the textbook and comment on any discrepancies that you may have encountered. Provide screenshots of the steps completed in the project showing the results of the correct date and time values that you have recorded. Provide a brief description of each screenshot about the information it contains. Briefly describe the main steps that you think are necessary and important to locate date and time values while analysing the file.
Please see the naming mapping of chapter four data files and their numbering with the numeric numbers rather than Charlie, Jo Terry cases as mentioned in the hands-on activities and also in one of the assignment as well. Please read note the files names as follows.
1337568945_608346.zip ——– M57 Patent case
1337568945_608347.E01 ——– charlie work usb
1337568945_608348.E01 ——— jo vavourite usb
1337568945_608349.E01 ——- jo work usb
1337568945_608350.E01 —— terry work usb
Assessment 2 will be marked as per the following marking criteria. The total marks for this assignment are 15 and the assignment also carries 15% weightage towards the final grade.
Criteria
HD
(100% – 85%)
Hands-on project 4-3
(8 Marks)
The project is
completed, and evidence of all steps taken is provided in the form of
screenshots in the report. A clear and concise description of screenshots is
provided. A thorough search of digital media is done and evidence is shown in
the report. A brief summary of the investigation, the importance of files
examined, how these files affect a patent case and whether the person in the
investigation was involved or not.
Hands-on Project
5-2 (7 marks)
The project is
completed, evidence of all steps is provided, and the report includes
screenshots with excellent explanations of the steps taken. The Metadata of
the file is reported correctly.