COIT12201 Digital Forensic Investigation

COIT12201 Digital Forensic Investigation Assignment
Word Count : 4000
Weight : 40%
Length : There is no strict word limit, but ideally aim for around 4000 words. However, don’t worry if your submission exceeds this limit. Note that the word count excludes the cover page, table of contents, references, and appendix.

Objectives
1. Analyse a case to determine the most suitable course of action for investigation.
2. Utilise relevant tools and techniques to conduct a digital forensic investigation.
3. Apply established digital forensics methodologies to carry out the investigation.
4. Evaluate the legal considerations and implications associated with a forensic investigation.
5. Develop a comprehensive professional digital forensic plan and investigation report outline.

Tasks to Complete
• Form a group consisting of 3 to 4 members, including yourself.
• As a group, select one (1) case study provided in Appendix-A for the group investigation.
• Individually complete investigation activities (1 activity per member) specific to the chosen case study.
• Engage in group discussions to address investigation issues and outcomes related to the case study.
• Prepare and submit the group report, which includes both individual and group components.

COIT12201 Digital Forensic Investigation

Digital Forensic Investigation

Group Management:
Creating a Group: Since this assignment is a group task, each student must participate in a group consisting ideally of three (3) members. If a group of four (4) members is necessary, written permission from the unit coordinator is required. Please consult Table 1 for group activity details on Page 2 of this document. Group formation guidelines were available on the unit’s Moodle site. Group details must be confirmed by Week 3 to ensure adequate time for completing the task. Assignment submission groups on Moodle will be organized according to the finalized group information.
In exceptional circumstances requiring working individually, written permission from the Unit Coordinator must be obtained via email before Week 4. Approval is not guaranteed and will depend on the circumstances. Requests based on personal preference (e.g., “I don’t want to work with others”) will not be considered valid reasons. Please note that the case investigations require significant effort, and handling the workload alone can be challenging. Adjustments to workload for students working alone will not be possible due to the level of investigation required, as it will not sufficiently address the questions raised in the case.

Group Members’ Responsibilities: Each member must take personal accountability for their workload, participate actively, and communicate effectively. Set clear expectations, distribute tasks fairly, and work collaboratively to achieve the common goal for a productive and harmonious teamwork environment.

Further Task Descriptions:
Each student in a group will undertake one (1) activity as per the below list and Table 1.

COIT12201 Digital Forensic Investigation

Activity One – Investigate following digital data acquired from the crime scene mentioned in your case study:
• charlie-2009-12-11.E01
• charlie-work-usb-2009-12-11.E01
• charlie-2009-12-11.mddramimage.zip

Activity Two – Investigate following digital data acquired from the crime scene mentioned in your case study:
• pat-2009-12-11.E01
• pat-2009-12-11.mddramimage.zip
• jo-work-usb-2009-12-11.E01

Activity Three – Investigate following digital data acquired from the crime scene mentioned in your case study:
• terry-2009-12-11-002.E01
• jo-2009-12-11-002.E01
• jo-2009-12-11.mddramimage.zip

Activity Four [ONLY to be done if there is a 4th member in the group]- Investigate digital data from the crime scene and create a report. Focus on recovering email messages from the provided hard drive images and reconstructing a chain of events related to criminal activity at M57 Patents via email. Identify unknown personas in the email histories of Terry, Jo, Charlie, and Pat McGoo, and determine if they are involved in the crime. The investigation will support other group members in their tasks and help confirm or find additional evidence.
Concentrate on identifying external individuals involved in criminal activity at M57 Patents through email investigation. Report any relevant evidence found in the emails in your individual part of the report.
• jo-2009-12-11-002.E01
• terry-2009-12-11-002.E01
• pat-2009-12-11.E01
• charlie-2009-12-11.E01

Table 1: In this task, we assign activities to groups based on group size (3 to 4 members per group). If
forming groups of 3 or 4 is not possible, we’ll use alternative arrangements for smaller groups. Within
a group, no activity will be repeated (e.g., no two students will do the same activity, like activity 1).

……

COIT12201 Digital Forensic Investigation

Digital Forensic Investigation

1. Selecting a Case Study: Each group must choose one (1) case study from the list provided and
work together on its activities. Group members should avoid selecting the same activities and
instead choose different ones within the selected case study. The list of case studies is available
below, with more details on Page 7.

• Case One: Exfiltration of corporate Intellectual Property
• Case Two: Theft of company property
• Case Three – Illegal digital materials

Performing Investigation Activities: Conduct your investigation to address the case document’s questions. Support your answers with evidence and detailed justifications. While individual activities may not cover all questions, ensure the group’s activities collectively address them. Regularly communicate with group members to ensure coordination.
You may use the forensic software taught in labs by installing it on your computer. With approval from your unit coordinator, you can also use other freely available or trial versions of forensic tools if necessary. Even if your findings do not directly address specific questions about the chosen case, present all relevant evidence you discover, including potential crimes not initially listed.

a. Individual section- PART A of report: Refer to the provided marking guide on Page 5 for your individual section of the group report. Note that Part A will contain each member’s individual part. Your responsibilities as a team member are to:

• Conduct Individual Investigation: Each student must perform an individual investigation of the digital data acquired from the assigned crime scene mentioned in their case study.
• Choose Activity: Select one activity from the provided list for your investigation. Ensure it aligns with your assigned case. Make sure to avoid overlapping activities in the group.
• Provide Investigation Details: In your designated section of the group report (clearly labeled with your name), describe your investigation process. Explain the steps you followed and the techniques you used. Use screenshots to illustrate key steps and techniques employed during your investigation.
• Present Evidence with Screenshots: Include all relevant evidence you found during your investigation. Use screenshots to support your findings. Present the digital data that supports your conclusions.
• Address Questions: The group report should collectively address the questions related to your chosen case. However, in your individual part, focus on the specific questions your chosen activity addresses. Provide clear and detailed answers supported by evidence.
• Contribute to Group Report: Remember that your individual section is part of the overall group report. Ensure your contribution complements and fits cohesively with the rest of the group’s findings.
• Collaborate and Discuss: Maintain open communication with your group members throughout the process. Share your individual findings, discuss the overall progress, and contribute to answering the case-related questions as a team.

b. Group discussion- PART B of report: Each group must address all points given in this sub-section based on their collective investigation processes for inclusion in the report. Refer to the provided marking guide for guidance on the group work section of the report, and ensure you answer all questions listed in the Part B: Group work (15 marks) section of the marking guide on Page 5.

2. Submit your report – Prepare and submit your investigation report as a group. A group together must submit only one report. Only one member from the group needs to upload the report onto Moodle. Expected report structure is provided below:
I. Introduction
II. Activity 1 (include member’s name who carried out this activity)
III. Activity 2 (include member’s name who carried out this activity)
IV. Activity 3 (For groups of 3) (include member’s name who carried out this activity)
V. Activity 4 (For groups of 4) (include member’s name who carried out this activity)
VI. Group Discussion
VII. Conclusion
VIII. References

COIT12201 Digital Forensic Investigation

Feel free to add sub-headings for sections II to VI in your report. Refer to the marking guide for guidance. For example, sub-headings for individual activities could be “Tools Used,” “Investigation Process,” “Evidence Found,” “Questions Answered,” and “Justification.” For each section, ensure you include the required information according to the marking guide. For instance, remember to include ethical considerations in the Discussion part. Submit a single Word document per group using the assignment two submission link on Moodle. Incorporate screenshots or images directly into the report, avoiding separate file submissions. Do not submit any additional files.

To Be Continuous….

Excellent Assignment Help

We Aim At:

  • Lowest Price.
  • 100% Uniqueness.
  • Assignment Fastest Delivery.
Call Now : +61 363 877 039