Recent Question/Assignment
Assessment item 2
Assignment 2 - Tasks and Forensics Report
Value: 30 %
Due date: 05- Oct -2015
Return date: 26- Oct -2015
Submission method options Alternative submission method
Task
Task 1: Recovering scrambled bits (5 Marks)
For this task I will upload a text file with scrambled bits on the subject site closer to the assignment due date. You will be required to restore the scrambled bits to their original order and copy the plain text in your assignment.
Deliverable: Describe the process used in restoring the scrambled bits and insert plain text in the assignment.
Task 2: Revealing hidden information from an image (5 Marks)
For this task I will provide an image with hidden information in it. You will be required to reveal the hidden information.
Deliverable: Describe the process used to reveal the hidden information from the image and copy the revealed information in the assignment in plain text.
Task 3: Forensics Report (20 Marks)
In this major task you are assumed as a Digital Forensics Examiner. Considering a real or a hypothetical case you are required to produce a formal report consisting of facts from your findings to your attorney who has retained you. You are free to choose a forensics scenario which can be examination of a storage media (HDD, USB Drive etc), spoofed email, unscrambling bits, revealing information from an image or any other appropriate scenario you can think of.
Deliverable: A forensics report of 1800-2000 words.
Rationale
This assessment task covers data validation, e-discovery, steganography, reporting and presenting, and has been designed to ensure that you are engaging with the subject content on a regular basis. More specifically it seeks to assess your ability to:
determine the legal and ethical considerations for investigating and prosecuting digital crimes;
analyse data on storage media and various file systems; collect electronic evidence without compromising the original data;
evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab;
compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation; prepare and defend reports on the results of an investigation.
Marking criteria
Task 1: Recovering scrambled bits (5 Marks)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 50 % - 0
Successfully Scrambled bits are Scrambled bits are Scrambled bits are Scrambled bits Scrambled bits recovering the restored to the restored to the restored to the are restored to are restored but scrambled bits original text. Tool original text. Tool original text. Tool the original not matching to their used to decode the used to decode the used to decode the text. No with the original original order text is mentioned text is mentioned text is mentioned justification of text. Tool is not
(5 marks) and justification to but the justification but the justification tool used is mentioned and use the tool is also is not very is not very provided, process is not provided. The clear. The process clear. The process process seems to described.
process to restore to restore the to restore the be somewhat the scrambled bits is scrambled bits is scrambled bits is vague.
clearly described described with described but no with screenshots some screenshots. screenshots inserted of all steps. provided.
Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0
Task 2: Revealing hidden information from an image (5 Marks)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 50 % - 0
Successfully Hidden text is Hidden text is Hidden text is Hidden text is Hidden text is revealing revealed. Tool used revealed. Tool used revealed. Tool used revealed. No revealed but not
hidden text to reveal the text is to reveal the text is to reveal the text is justification of matching with from an image mentioned and mentioned but the mentioned but the tool used is the original
(5 marks) justification to use justification is not justification is not provided, text. Tool is not
the tool is also very clear. The very clear. The process seems to mentioned and provided. The process to restore process to restore be somewhat process is not process to reveal the text is described the text is described vague. described.
the text is clearly with some but no screenshots described with screenshots. provided. screenshots inserted of all steps.
Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0
Task 3: Forensics report (20 Marks)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 50 % - 0
Introduction: All elements are All elements are All elements are Most elements are Fails to satisfy Background, present, well present and present with few present possibly minimum scope of expressed, largely accurate inaccuracies. with some requirements of engagement, comprehensive and and well inaccuracies. introduction. tools and accurate. expressed. findings
(3 marks )
2.24 – 1.95 1.94 – 1.5 1.4 – 0 Analysis: Description of Description of Description of Description of Fails to satisfy relevant analysis is clear and analysis is clear analysis is clear analysis is not minimum
programs, appropriate and mostly and mostly completely requirements of techniques, programs and appropriate appropriate relevant. Little or analysis.
graphics techniques are programs and programs and no graphics image (5 marks) selected. Very good techniques are techniques are analysis provided. graphic image selected. Good selected. analysis. graphic image Reasonable
analysis. graphic image
analysis.
3.74 – 3.25 3.24 – 2.5 2.4 – 0
Findings: A greater detail of Findings are Findings are Findings are Fails to satisfy specific findings is provided, provided, some provided but are minimum
files/images, provided. Keywords keywords and keywords are somewhat vague. requirements type of searches, and string searches string searchers listed. Evidence Keywords and providing type of evidence, are listed very are listed. is reasonable strings are not findings. indicators of clearly. Evidence Evidence is which relates to very clear. ownership found is very sound. the ownership. Evidence found
(5 marks) convincing. Ownership is may be Indication of clear. questionable. ownership is very clear.
Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0
Conclusion: High level summary Well summarised Good summary Satisfies the Fails to satisfy
Summary, of results is results and of results. minimum minimum
Results provided which is mostly consistent Able to relate the requirements. requirements of
(3 marks) consistent with the with the findings. results with Results are not summarising the report. findings. No new really consistent results.
material is with the findings. included.
Possible marks 3.0 – 2.55 2.54 – 2.25 2.24 – 1.95 1.94 – 1.5 1.4 – 0
References: APA 6th edition APA 6th edition APA 6th edition APA 6th edition Referencing not Must cite referencing applied referencing referencing referencing done to the APA references to all to a range of applied to a applied to a range applied to a range 6 th edition material used as relevant resources. range of relevant of relevant of relevant standard.
sources for the No referencing resources. No resources. No resources. No Over-use of direct content errors. Direct quotes more than 2 more than 3 more than 4 quotes. Range of (2 marks) used sparingly. referencing errors. Direct errors. Direct sources used is
Sources all errors. quotes used quotes used not appropriate
documented. Direct quotes in-context. in-context. Some and/or not used sparingly. Sources all sources documented.
Sources all documented. documented. documented.
Possible marks 2.0 – 1.7 1.6 – 1.5 1.4 – 1.3 1.2 – 1.0 0.9 – 0
Glossary / Glossary of Glossary of Glossary of some Glossary of some Most
Appendices: technical terms used technical terms technical terms technical terms terminologies are (2 marks) in the report is used in the report used in the report used in the report missing.
provided which has is provided is provided is provided Appendices are generally acceptable which has mostly which has mostly however terms either not source of definition acceptable source acceptable source are not generally provided or are of the terms and of definition of of definition of common and irrelevant.
Possible marks 3.0 – 2.55 2.54 – 2.25
Possible marks 5.0 – 4.25 4.24 – 3.75
appropriate the terms and the terms and some references references are appropriate appropriate are missing. Some included. Relevant references are references are supporting supporting material included. Some included. Some material is
is provided in supporting supporting provided in appendices to material is material is appendices.
demonstrate the provided in provided in evidence. appendices to appendices to
demonstrate the demonstrate the evidence. evidence.
Possible marks 2.0 – 1.7 1.6 – 1.5 1.4 – 1.3 1.2 – 1.0 0.9 – 0
Presentation
Following should be included as minimum requirements in the report structure:
Executive Summary or Abstract. This section provide a brief overview of the case, your involvement as an examiner, authorisation, major findings and conclusion
Table of Content
Introduction . Background, scope of engagement, forensics tools used and summary of findings
Analysis Conducted
Description of relevant programs on the examined items
Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions etc Graphic image analysis
Findings . This section should describe in greater detail the results of the examinations and may include:
Specific files related to the request
Other files, including deleted files that support the findings
String searches, keyword searches, and text string searches
Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news group activity
Indicators of ownership, which could include program registration data.
Conclusion. Summary of the report and results obtained
References. You must cite references to all material you have used as sources for the content of your work
Glossary . A glossary should assist the reader in understanding any technical terms used in the report. Use a generally accepted source for the definition of the terms and include appropriate references.
Appendices. You can attach any supporting material such as printouts of particular items of evidence, digital copies of evidence, and chain of custody documentation.
Follow the referencing guidelines for APA 6 as specified in Referencing Guides. ( http://student.csu.edu.au/study/referencing-at-csu )
Submit the assignment in ONE word or pdf file on Turnitin. Please do not submit *.zip or *.rar or multiple files.
Assignment 2 - Tasks and Forensics Report
Value: 30 %
Due date: 05- Oct -2015
Return date: 26- Oct -2015
Submission method options Alternative submission method
Task
Task 1: Recovering scrambled bits (5 Marks)
For this task I will upload a text file with scrambled bits on the subject site closer to the assignment due date. You will be required to restore the scrambled bits to their original order and copy the plain text in your assignment.
Deliverable: Describe the process used in restoring the scrambled bits and insert plain text in the assignment.
Task 2: Revealing hidden information from an image (5 Marks)
For this task I will provide an image with hidden information in it. You will be required to reveal the hidden information.
Deliverable: Describe the process used to reveal the hidden information from the image and copy the revealed information in the assignment in plain text.
Task 3: Forensics Report (20 Marks)
In this major task you are assumed as a Digital Forensics Examiner. Considering a real or a hypothetical case you are required to produce a formal report consisting of facts from your findings to your attorney who has retained you. You are free to choose a forensics scenario which can be examination of a storage media (HDD, USB Drive etc), spoofed email, unscrambling bits, revealing information from an image or any other appropriate scenario you can think of.
Deliverable: A forensics report of 1800-2000 words.
Rationale
This assessment task covers data validation, e-discovery, steganography, reporting and presenting, and has been designed to ensure that you are engaging with the subject content on a regular basis. More specifically it seeks to assess your ability to:
determine the legal and ethical considerations for investigating and prosecuting digital crimes;
analyse data on storage media and various file systems; collect electronic evidence without compromising the original data;
evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab;
compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation; prepare and defend reports on the results of an investigation.
Marking criteria
Task 1: Recovering scrambled bits (5 Marks)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 50 % - 0
Successfully Scrambled bits are Scrambled bits are Scrambled bits are Scrambled bits Scrambled bits recovering the restored to the restored to the restored to the are restored to are restored but scrambled bits original text. Tool original text. Tool original text. Tool the original not matching to their used to decode the used to decode the used to decode the text. No with the original original order text is mentioned text is mentioned text is mentioned justification of text. Tool is not
(5 marks) and justification to but the justification but the justification tool used is mentioned and use the tool is also is not very is not very provided, process is not provided. The clear. The process clear. The process process seems to described.
process to restore to restore the to restore the be somewhat the scrambled bits is scrambled bits is scrambled bits is vague.
clearly described described with described but no with screenshots some screenshots. screenshots inserted of all steps. provided.
Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0
Task 2: Revealing hidden information from an image (5 Marks)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 50 % - 0
Successfully Hidden text is Hidden text is Hidden text is Hidden text is Hidden text is revealing revealed. Tool used revealed. Tool used revealed. Tool used revealed. No revealed but not
hidden text to reveal the text is to reveal the text is to reveal the text is justification of matching with from an image mentioned and mentioned but the mentioned but the tool used is the original
(5 marks) justification to use justification is not justification is not provided, text. Tool is not
the tool is also very clear. The very clear. The process seems to mentioned and provided. The process to restore process to restore be somewhat process is not process to reveal the text is described the text is described vague. described.
the text is clearly with some but no screenshots described with screenshots. provided. screenshots inserted of all steps.
Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0
Task 3: Forensics report (20 Marks)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 50 % - 0
Introduction: All elements are All elements are All elements are Most elements are Fails to satisfy Background, present, well present and present with few present possibly minimum scope of expressed, largely accurate inaccuracies. with some requirements of engagement, comprehensive and and well inaccuracies. introduction. tools and accurate. expressed. findings
(3 marks )
2.24 – 1.95 1.94 – 1.5 1.4 – 0 Analysis: Description of Description of Description of Description of Fails to satisfy relevant analysis is clear and analysis is clear analysis is clear analysis is not minimum
programs, appropriate and mostly and mostly completely requirements of techniques, programs and appropriate appropriate relevant. Little or analysis.
graphics techniques are programs and programs and no graphics image (5 marks) selected. Very good techniques are techniques are analysis provided. graphic image selected. Good selected. analysis. graphic image Reasonable
analysis. graphic image
analysis.
3.74 – 3.25 3.24 – 2.5 2.4 – 0
Findings: A greater detail of Findings are Findings are Findings are Fails to satisfy specific findings is provided, provided, some provided but are minimum
files/images, provided. Keywords keywords and keywords are somewhat vague. requirements type of searches, and string searches string searchers listed. Evidence Keywords and providing type of evidence, are listed very are listed. is reasonable strings are not findings. indicators of clearly. Evidence Evidence is which relates to very clear. ownership found is very sound. the ownership. Evidence found
(5 marks) convincing. Ownership is may be Indication of clear. questionable. ownership is very clear.
Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0
Conclusion: High level summary Well summarised Good summary Satisfies the Fails to satisfy
Summary, of results is results and of results. minimum minimum
Results provided which is mostly consistent Able to relate the requirements. requirements of
(3 marks) consistent with the with the findings. results with Results are not summarising the report. findings. No new really consistent results.
material is with the findings. included.
Possible marks 3.0 – 2.55 2.54 – 2.25 2.24 – 1.95 1.94 – 1.5 1.4 – 0
References: APA 6th edition APA 6th edition APA 6th edition APA 6th edition Referencing not Must cite referencing applied referencing referencing referencing done to the APA references to all to a range of applied to a applied to a range applied to a range 6 th edition material used as relevant resources. range of relevant of relevant of relevant standard.
sources for the No referencing resources. No resources. No resources. No Over-use of direct content errors. Direct quotes more than 2 more than 3 more than 4 quotes. Range of (2 marks) used sparingly. referencing errors. Direct errors. Direct sources used is
Sources all errors. quotes used quotes used not appropriate
documented. Direct quotes in-context. in-context. Some and/or not used sparingly. Sources all sources documented.
Sources all documented. documented. documented.
Possible marks 2.0 – 1.7 1.6 – 1.5 1.4 – 1.3 1.2 – 1.0 0.9 – 0
Glossary / Glossary of Glossary of Glossary of some Glossary of some Most
Appendices: technical terms used technical terms technical terms technical terms terminologies are (2 marks) in the report is used in the report used in the report used in the report missing.
provided which has is provided is provided is provided Appendices are generally acceptable which has mostly which has mostly however terms either not source of definition acceptable source acceptable source are not generally provided or are of the terms and of definition of of definition of common and irrelevant.
Possible marks 3.0 – 2.55 2.54 – 2.25
Possible marks 5.0 – 4.25 4.24 – 3.75
appropriate the terms and the terms and some references references are appropriate appropriate are missing. Some included. Relevant references are references are supporting supporting material included. Some included. Some material is
is provided in supporting supporting provided in appendices to material is material is appendices.
demonstrate the provided in provided in evidence. appendices to appendices to
demonstrate the demonstrate the evidence. evidence.
Possible marks 2.0 – 1.7 1.6 – 1.5 1.4 – 1.3 1.2 – 1.0 0.9 – 0
Presentation
Following should be included as minimum requirements in the report structure:
Executive Summary or Abstract. This section provide a brief overview of the case, your involvement as an examiner, authorisation, major findings and conclusion
Table of Content
Introduction . Background, scope of engagement, forensics tools used and summary of findings
Analysis Conducted
Description of relevant programs on the examined items
Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions etc Graphic image analysis
Findings . This section should describe in greater detail the results of the examinations and may include:
Specific files related to the request
Other files, including deleted files that support the findings
String searches, keyword searches, and text string searches
Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news group activity
Indicators of ownership, which could include program registration data.
Conclusion. Summary of the report and results obtained
References. You must cite references to all material you have used as sources for the content of your work
Glossary . A glossary should assist the reader in understanding any technical terms used in the report. Use a generally accepted source for the definition of the terms and include appropriate references.
Appendices. You can attach any supporting material such as printouts of particular items of evidence, digital copies of evidence, and chain of custody documentation.
Follow the referencing guidelines for APA 6 as specified in Referencing Guides. ( http://student.csu.edu.au/study/referencing-at-csu )
Submit the assignment in ONE word or pdf file on Turnitin. Please do not submit *.zip or *.rar or multiple files.
Looking for answers ?
Recent Questions
Word limit: 1500 - 2000Objectives:The purpose of this assignment is to:1. Familiarise yourself with best practice in engineering sustainability in a particular field by conducting a thorough literature...Module code: BMA4005-20Module title: Professional PracticeAssignment: A1. Digital PosterWord count: 500Contribution to module mark: 40% of overall gradeAssessment type: IndividualWeight 40%Submission deadline:...Assessment Criteria for Written Report (20%)• Submission of a minimum 1500 to maximum 1800-words written report due from week 9. You will submit your written report one week after you have undertaken the...Assessment 2: (20%) Case Study Presentation Due Date weeks 10This assessment builds on your theoretical knowledge and tests your ability to apply this knowledge to practice.you are required to formulate...Assessment 2Assessment 2Report: 30%Word count: 1400 – 1600 wordsDue date: Sunday of Week 8DescriptionYou are playing the role of a community service worker supporting a young adult son who is 18 years...1500-1800 wordsInstructions From TutorPlease download the eTask3 spreadsheet from Canvas and save the eTask spread as an Excel file. The main content of the force method is taught in Lectures 6,7&8.eTask3.1 is a...Show All Questions