All the details are in the assignment ...You should use Autospy and add screenshots to all answers
BIT362 Digital Forensics
Assignment 2 (20%)
Due Date: Tuesday of Week 12
For this assignment you will be given a digital Image. Fail to use this image will result in a zero for the entire assignment. You are not allowed to change the image.
Your task is to complete and write Digital Forensics Examiners Report that addresses the following case scenario:
Your Role: Digital Forensics Examiner
Request for Digital Forensic Analysis
Suspect: Mantooth, Wes
Seizure Date: 25 March 2020
Case Number: 20200325-Mantooth
Requesting Organization: Melbourne Police, CyberCrime Division
Evidence Image: Mantooth.E01
Digital forensics Tool: Autopsy
You need to 1) download and install the Autopsy, 2) download the Mantooth.E01 image using your MP email, 3) start your investigation using Autopsy. 4) Write a Case Narrative Digital Forensics Examiner Report Document and describe your process (with screenshot) to answer the following questions:
1. What is the image hash?
2. What operating system was used on the computer?
3. When was the install date?
4. What is the timezone settings?
5. Who is the registered owner?
6. What is the computer account name?
7. What is the primary domain name?
8. When was the last recorded computer shutdown date/time?
9. How many accounts are recorded (total number)?
10. What is the account name of the user who mostly uses the computer?
11. Who was the last user to logon to the computer?
12. A search for the name of “Wes Mantooth” reveals multiple hits. One of these proves that Wes Mantooth is the administrator of this computer. What file is it?
13. List the network cards used by this computer
14. Find installed programs that may be used for Digital forensics/hacking.
15. Which Email client is used by Mantooth?
16. How many executable files are in the recycle bin?
17. How many files are actually reported to be deleted by the file system?
18. Are there any viruses on the computer?
19. There is encryption software installed on the Mantooth computer?
20. What the most visited Internet domain and how many times it was visited ?
All used sources must be properly acknowledged with references and citations, if you did not create it. Quotations and paraphrasing are allowed but the sources must be acknowledged. Failure to do so is regarded as plagiarism and the minimum penalty for plagiarism is failure for the assignment. The act of given your assignment to another student is classified as a plagiarism offence. Copying large chucks and supplying a reference will result in zero marks as you have not contributed to the report.
Due Date & Submission
The report is due at Week 12
By the due date, you must submit: Softcopy of your Report (with your name and student number) to MOODLE. By submitting on MOODLE you agree that the work is yours unless properly cited.
Late submission of assignments will be penalised as follows:
• For assignments 1 to 5 days late, a penalty of 10% (of total available marks) per day.
• For assignments more than 5 days late, a penalty of 100% will apply.
Your submission must be compatible with the software (PDF/Word) in MIT, Computer Laboratories/Classrooms.
Extensions: Under normal circumstances extensions will not be granted. In case of extenuating circumstances—such as illness—a Special Consideration form, accompanied by supporting documentation, must be received before 3 working days from the due date. If granted, an extension will be only granted only by the time period stated on the documentation; that is, if the illness medical certificate was for one day, an extension will be granted for one day only. Accordingly the student must submit within that time limit.
Penalties may apply for late submission without an approved extension.
Penalties: Academic misconduct such as cheating and plagiarism incur penalties ranging from a zero result to program exclusion. Marking criteria:
Marks are allocated as indicated on each question, taking the following aspects into account:
Analysis (if appropriate) Investigation, comparison, discussion
Explanation/justification Description/answer to the question
Presentation Inadequate structure, careless presentation, poor writing
Reference style Proper referencing if required
Plagiarism Copy from another student, copy from internet source/textbook, copy from other sources without proper acknowledgement
Marking Rubric for Exercise Answers
Grade Mark HD 80%+ D
Excellent Very Good Good Satisfactory Unsatisfactory
Logic is clear and Consistency Argument is
Analysis Mostly consistent Adequate cohesion
easy to follow with logical and confused and
and convincing and conviction
strong arguments convincing disjointed
Challenges The presented solution demonstrated an extreme degree of difficulty that would require an expert to implement. The presented solution demonstrated a high degree of difficulty that would be an advance professional to implement. The presented solution demonstrated an average degree of difficulty that would be an average professional to implement. The presented solution demonstrated a low degree of difficulty that would be easy to implement. The presented solution demonstrated a poor degree of difficulty that would be too easy to implement.
All elements are Components Components
Explanation/ Most components
present and well present with present and mostly Lacks structure.
integrated. good cohesion well integrated
Reference style Clear styles with excellent source of references. Clear referencing/ style Generally good referencing/style Unclear referencing/style Lacks consistency with many errors
Mostly good, but
Proper writing. Properly written, Poor structure,
some structure or Acceptable
Presentation Professionally with some minor careless
presented deficiencies presentation problems