ICT378 Cyber Forensics and Information Technology

ICT378 Cyber Forensics and Information Technology

S1 2022 Group Assignment

Student Name and ID No: Manpreet Kaur 33906786

Final Total Mark /100: 18%

Marking Criteria Yes/No/Partially Marks Awarded

Detailed comments and Total Section Marks (/15)

No supporting evidence was given. Evidence listed should also identify from which source/directories did you find it from. Supporting evidence along with screenshots should also be provided.

As an investigator, you cannot declare if they are criminally involved. Someone being savvy and can use social media is not criminally involved. Evidence needs to be provided to show any intent or knowledge of criminal activity.Context on the assignment especially in orange is hard to understand. Proofread was not done. Many sentences do not have a meaning or explanation rather just words added to it (looks copy pasted from somewhere or paraphrased online. Also unsure what Digitech Inc is. 4

A) Discuss if there is any evidence of any theft and defacement. Explain your position on this. What evidence did you find if any? How sound / reliable do you believe your evidence collection to be?

[15 marks] (1) Discuss if there is there any evidence of theft and defacement. Explain your position on this. (/5) P 2

(2) What evidence did you find if any? (/5) P 2

(3) How sound or reliable do you believe your evidence collection to be? (/5) N 0

Detailed comments and Total Section Marks (/15)

Section is missing. 0

B.) Present any evidence in a timeline format, signposting the points where you believe any offence may have occurred and other significant dates/times in the case. Compare any evidence found and timeline information side by side with the different tools available to you (e.g. ProDiscover/ OSFOrensics/ FTK Imager/ Magnet Axiom/ Autopsy, etc) and highlight any differences. Be sure to state the pros and cons of using one tool over the other.

[15 marks] (1) Present any evidence in a timeline format, signposting the points where you believe any offence may have occurred and other significant dates/times in the case. (/5) N 0

(2) Compare any evidence found and timeline information side by side with the different tools available to you (e.g. ProDiscover/ OSFOrensics/ FTK Imager/ Magnet Axiom/ Autopsy, etc) and highlight any differences. (/5) N 0

(3) Be sure to state the pros and cons of using one tool over the other. (/5) N 0

Detailed comments and Total Section Marks (/15)

Section is missing. 0

C.) You were provided with some sets of hard drive images. What do you think has occurred here? What are the differences between the sets of the drive images? How do you think the sets of drive images were created?

[15 marks] (1) You were provided with some sets of hard drive images. What do you think has occurred here? (/5)

N 0

(2) What are the differences between the sets of the drive images? (/5) N 0

(3) How do you think the sets of drive images were created? (/5) N 0

Detailed comments and Total Section Marks (/10)

0

D.) A common defence is that the actions were committed unintentionally or that the perpetrator did not know the actions were illegal. With these possible defences in mind, address how you would respond to these defences. Are there any clues that indicate intent or knowledge of criminal activity?

[10 marks] (1) A common defence is that the actions were committed unintentionally or that the perpetrator did not know the actions were illegal. With these possible defences in mind, address how you would respond to these defences. (/5)

N 0

(2) Are there any clues that indicate intent or knowledge of criminal activity? (/5)

N 0

Detailed comments and Total Section Marks (/10)

Section is missing. 0

E.) Conduct some research into ways that image files (graphic images) could be tampered with. Are there ways that are undetectable, or difficult to detect? Present your findings in a short section written in a formal referenced style. You are only expected to have approximately 5 references (good quality: reputable journal or conference papers).

[10 marks] (1) Conduct some research into ways that image files (graphic images) could be tampered with. Are there ways that are undetectable, or difficult to detect? Present your findings in a short section written in a formal referenced style. (/5)

N 0

(2) You are only expected to have approximately 5 references (good quality: reputable journal or conference papers). (/5)

N 0

Detailed comments and Total Section Marks (/10)

Quality references [minimum 3] (/5)

Consistent formatting, captioning all figures/tables and explaining all throughout the main content (/5)

P 4

Methodology [10 marks]

Explaining all tools and the process of examining images with references (/10) P 2.5

Cover Page, Table of Contents and Executive summary [5 marks] P 2.5

(Summary and Appendix) [10 marks]

To be relevant to the main content, accurate findings (5 marks each)

P 5

Total Marks out of 100: 18

Late penalty 10% marks per day Total Marks with late penalty 18