Recent Question/Assignment

Assessment item 2—Case study
Due date: 1:00pm AEST, Thursday, Week 11 ASSESSMENT
Weighting: 30%
Length: 2000-2500 words excluding references and appendices 2
Objectives
This assessment item relates to the course learning outcome 1 to 6 as stated on page 3 of the course profile.
Enabling objectives
1. Apply the digital forensics methodologies.
2. Write an analysis of a case study.
3. Prepare an outline of a professional digital forensic plan.
Task instructions: Developing a digital forensic investigation plan
The Case Summary:
Max Smarter* was sitting at his desk in Ctl Copy Corp, working on his proposal to set up a computer forensic team and laboratory. Max had just returned after completing his basic training in computer forensics. Bill Wonkie, the president of Ctl Copy Corp, had been concerned with information security in the company for some time, especially with the media reporting on the increase of spam, electronic crime and industrial espionage. The recent “Redmind Affair” in Ctl Copy Corp relating to employee termination involving Internet and email misuse was not well handled because the company lacked the required expertise. The resulting bad press had tarnished the reputation of the company. Bill then decided to have the IT department organise the creation of a specialist team to handle such cases.
~ . ~
Assignment considerations: What should Max consider in setting up a computer forensic team and laboratory? If you are to write this report for Max, what would you include in the report for the necessary equipment, facility requirements, needed skill of the team members and the budget for this project? Propose a minimal setup for the forensic team and facility. Assume that you are primarily dealing with Microsoft Windows desktops/laptops and Unix server systems. Your report should give inline references (Harvard style) to specific materials and facts cited.
~ . ~
The phone on Max desk rang. It was his manager, summoning Max to his office. “Yes, Chief! Right away!” Max replied.
“Chief, the report is almost ready” said Max as he entered the office.
“Take a look at this, Max” interrupted Chief, pointing to the newspapers on his desk. Chief looked worried.
“Ah, yes! The Koaz report!” responded Max. “But what does it mean?” continued Max, as he passed the broadsheets back to his manager. “It means that someone in Ctl Copy Corp has been leaking information to the media without authorization!” Chief replied, looking serious. “Only nine persons from the Special Projects Section in the company know anything about this Advanced Prototype Project, and you are not one of them, Max!” said Chief. “Mr. Wonkie wants us to go through ALL the computers in the company to find the person responsible,” Chief said, “and I want YOU to get to the bottom of this!”
“And Max,” Chief said as Max was leaving Chief’s office, “include in your report on how we should go about the investigation. I need to let Mr. Wonkie know what we are doing. After the Redmind Affair, Mr. Wonkie is careful about doing everything legally above board. You can contact Angela from the legal department for assistance if needed.”
~ . ~
Assignment considerations: How should Max approach the investigation? If the investigation is limited to the five main offices within the state and not beyond, what possible methods can be considered by Max?
A common email server for these offices is located in the server room on the floor above Max’s room. Are there legal issues that Max need to consider before accessing the email server and other electronic material in the network?
Assume that networks at each office location are independently administered with their own servers, and that there is an intranet which connects these networks together.
Would there be any changes to the investigation approach if out-of-state offices were to be included in the investigation? Explain. Are there be any significant issues to be considered (apart from physical distance) if the email server was located in an out-ofstate office?
If possible criminal activity were to be uncovered in the investigation, would Max’s approach to the investigation be altered? Why or why not? Clearly explain this in your report.
~ . ~
Max dialled his mouse-shaped phone. “Chief,” said Max, “the report is ready!”
“Excellent, Max!” said Chief. “Submit it right way.”
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
* All characters, organisations, events, names and objects appearing in this narrative are fictitious. The situation in the narrative was specifically created to provide context to the assessment questions. Any resemblance to real persons, living or dead, or to organisations, events, names or objects, historic, existing or planned, is purely coincidental.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =
~ * ~
Requirements:
For this assignment, you are tasked to prepare a report on the investigative plan. This report has four sub-sections: (a) the investigation plan to determine the source of the confidential information leak in the company, (b) the resources and budget required for this investigation, (c) the expertise of the computer forensic team to be assembled, and (d) the collection and validation process for the digital evidence gathered in the investigation.
Before activating the investigation team, you need to understand the background to the case, and the purpose of the investigation. This will help you define the scope, duration, and focus of the investigation when you brief your team. The clarity of purpose for the investigation is important, and any constrains, whether legal, technical or budgetary should be highlighted. Remember that an investigation may uncover information that could affect your initial plan where you may have to consult with the legal department and request authorisation to alter/modify your initial investigation scope. So keep your initial investigation plan focused, clear, systematic and manageable. This should be reflected in your investigation plan.
In the first section, include the explanation of possible investigation methods that can be used for this case, and the selection of the method to be used. Those reading your report, usually the upper management, may not be familiar with the process governing investigation protocols. Explore and clearly discuss issues that may hinder or facilitate your progress in the investigation. Justify your selection. In the next section, identify and examine any equipment and supporting resources needed for this. In your proposal to set up a computer forensic laboratory, specify the basic requirements for such a facility and its associated budget suitable for this case. Clearly justify your proposal in the given context. The required equipment and related specifications should be listed separately in the appendix.
The discussion in the third section should include the justification for and the composition of the forensic investigation team members, their required expertise and associated responsibilities. Discuss any interesting complementary functions in the composition of the team. In the final section, give an outline of evidence collection, the analysis and validation procedure. Clearly specify the basis (or any relevant assumptions) used.
Your report should be written in the third person, and have an executive summary, and an introduction, and conclusion with required (minimum 5) references. Other sections in the report should include Methods, Resources & Budget, Expertise, and Validation relating to your proposed plan. Clearly identify these sections with suitable section headings. Refer to the given marking criteria and apply where relevant. The Harvard Referencing style is to be used in the report.
A cover sheet (student’s name & ID, course name & number, term & year, date & teaching week due, campus location/Flex, lecturer’s/tutor’s name, information on extension granted - if any) should precede the executive summary. The report length requirement is given on the first page. This assessment item is to be electronically submitted as a single MS Word document. Refer to the instruction on the course page for submission details.
~ * * * ~

Looking for answers ?