BIT362 Digital Forensics
BIT362 Digital Forensics
Assessment 4 : Report 2 and Presentation ( 50%)
Due Date: Week 13
(see MOODLE for exact times)
Assignment Overview
You are required to forensically investigate how to identified (methods/techniques) sources of data on one of the categories listed in the following table. This involves you uploading, downloading and identify who can read data and determine how you can prove who uploads, downloads, watch/read content. You are to use spoofing techniques such as IP/MAC/email spoofing to see if you can still identify the source. Check timestamp issues. You must investigate five (5) forensics techniques throughout your investigation. It is expected to use multiple tools and techniques to establish the claim.
Report (40%) Must have these headings and if appropriate have sub-headings 20 pages not including appendices.
Cover Page: Name, Student ID, Subject Code.
Executive Summary must be a page long. Must cover the entire report. (1 Mark)
Introductions including network topology and configuration (5 Marks)
Methods and Techniques (describe 5 with appropriate screenshots) (5 marks x 5 = 25 Marks)
Conclusion (include lessons learnt) (1 mark)
Appendix any images, logs, graphs that are too big for the main body. (2 Marks)
1 Mark for neatness, grammar, spelling, layout, structure, etc.
Presentation (10%) 5 minutes + 2 minutes questions
Present your findings in a video (or in classes).
Must be available to answer questions.
Do NOT submit Googled keywords and give definitions
Do NOT engaged in questionable activities (either academic misconduct or illegal activities)
Always submit your own work (e.g. your contribution)
Make sure there is significant proof such as screenshots, video, logs with timestamp, etc of your own work.
You can use any tool(s). Such as Wireshark, Netminer, windows event viewer, logs, etc. Or it is beneficial to learn new tools.
Topics:
You must choose and have your lecturer/tutor approved and record your topic. No two student can do the same topic.
Topic Student No. Student Name
WhatsappBitcoin TOR BittorrentEmails Darknet Cloud Facebook LinkedIn Non-fungible tokens Gumtree JoraDropbox SugarSync NAT/PAT VPN Google Cloud Platform AWS Azure Docker Load Balancer Viruses RandomwareVirtual box OrangeHRMA1 HER SimpleHRMSentrifugoADempiereIceHRMOpenHRMApache OrBizOpenBoxesOpenLMISxTuple SuiteCRMOdoo X2CRM VitigerMoodle Ansible FreeCADSALOME TimelineJS KnightLabDatawrapper.de Round Cude (free Email Server) PacketFence (free NAC) Best Techniques:
Install the software under investigation in a sandbox like Cuckoo then, perform normal activities with it. Trace these actives with the sandbox and other forensics methods such as code conversion, network/packet sniffer, source code analysis, events/logs triggered, etc. Due Date & Submission
By the due date, you must submit:
Name your file with your student number
Softcopy of your video link to MOODLE. By submitting on MOODLE you agree that the work is yours unless properly cited.
Fail to submit may result in a fail.
Late submission of assignments will be penalised as follows:
For assignments 1 to 5 days late, a penalty of 5% (of total available marks) per day.
For assignments more than 5 days late, a penalty of 100% will apply.
Your submission must be compatible with the software (PDF/Word) in Melbourne Polytechnic, Computer Laboratories/Classrooms.
Extensions:Under normal circumstances extensions will not be granted. In case of extenuating circumstancessuch as illnessa Special Consideration form, accompanied by supporting documentation, must be received before 3 working days from the due date. If granted, an extension will be only granted only by the time period stated on the documentation; that is, if the illness medical certificate was for one day, an extension will be granted for one day only. Accordingly the student must submit within that time limit.
Penalties may apply for late submission without an approved extension.
Penalties:Academic misconduct such as cheating and plagiarism incur penalties ranging from a zero result to program exclusion.
ASSESSMENT OVERVIEW AND FEEDBACK SUMMARY
All assessments (except for final examination) and feedback are provided via the Moodle site and in classes.
Assessment Tasks: Due Date SLOs CLOs Weight Comments/Description
Activities: A range of 10 short in-class digital forensics exercises. Week 10 1, 2 A, B, C 10% Individual
(equivalent to 1,000 words)
Video Presentation:
A formal 10-minute video presentation on an assigned digital forensic image, with forensic analysis and interpretation of data Week 8 2-4 A, B, C, E 20% Individual
(equivalent to 1,000 words)
Report 1:
Research forensics techniques and apply them to a digital forensics image. Report on the implementation. Week 11 2, 3 B, C, D 20% Individual
(equivalent to 1,200 words)
Report 2:
A critical analysis of a case scenario problem, identifying evidence which could potentially assist the case investigation. Include industry and legal procedures for data acquisition, validation, analyses and presentation Week 13 1, 2, 3, 4 A, B, C, D, E 40% Individual (2,000 words)
Presentation:
A 15-minute presentation on the critical analysis of the case study in Task 4, responding to participant feedback and questions. Week 13 3, 4 B, C 10% Individual (equivalent to 1,500 words)
Marking criteria:
Marks are allocated as indicated on each question, taking the following aspects into account:
Aspects Description
Techniques (5 marks each) x 5 = 25 Marks Describe how to use these techniques presented. How they identify the sources? How sophisticated they are? How they can be circumvented? How difficult they are? How time consuming they are?
Presentation 5 Marks For presentation, style, objectivity, structure, grammar, etc.
Video 10 Marks Must have your face and your narration. Demonstrated the techniques. Showing how you did it. Remember to edit the video not to go over the 8 minute presentation limit.
Total: 40 Marks Must submit a video and report for the final assessment.
Must be able for questions and answers after submission (if needed).
Must stick to the agreed topic.
Marking Rubric for Exercise Answers
Grade
Mark HD
80%+ D
70%-79% CR
60%-69% P
50%-59% Fail
< 50%
Excellent Very Good Good Satisfactory Unsatisfactory
Analysis
Logic is clear and easy to follow with strong arguments Consistency logical and convincing Mostly consistent and convincing Adequate cohesion and conviction Argument is confused and disjointed
Effort/Difficulties/
Challenges The presented solution demonstrated an extreme degree of difficulty that would require an expert to implement. The presented solution demonstrated a high degree of difficulty that would be an advance professional to implement. The presented solution demonstrated an average degree of difficulty that would be an average professional to implement. The presented solution demonstrated a low degree of difficulty that would be easy to implement. The presented solution demonstrated a poor degree of difficulty that would be too easy to implement.
Explanation/
justification All elements are present and well integrated. Components present with good cohesion Components present and mostly well integrated Most components present Lacks structure.
Reference style Clear styles with excellent source of references. Clear referencing/ style Generally good referencing/style Unclear referencing/style Lacks consistency with many errors
Presentation Proper writing. Professionally presented Properly written, with some minor deficiencies Mostly good, but some structure or presentation problems Acceptable presentation Poor structure, careless presentation
