Validating and Testing Computer Forensics Tools and Evidence
Learning Outcomes:
1: Systematically collect evidence at private-sector incident scenes.
2: Document evidence and report on computer forensics findings.
3: Implement a number of methodologies for validating and testing computer forensics tools and evidence.
Objective: The objective of the assignment is to compare Computer Forensics Tools and Techniques that can acquire data from a drive, perform data recovery, analyze it and finally validate the acquired data. In addition, students are required to document all steps in a report; the report should be formal so that it can be used in a legal process. Marks will be awarded based on the sophistication and the difficulties of the techniques explored.
Case Study: You have been assigned a case of embezzlement. A 16GB USB is found from the suspect's office, and it is expected to have very important information related to the case. The USB contains several Doc files, Excel files, a couple of image files, and some text files.
Assignment Specification:
Prepare a report on the following Parts related to the case study scenario.
The assignment consists of two parts.
In Part A, you will install and compare two Computer Forensics Tools required to complete this report. You will report briefly on their uses only.
In Part B, you will use the feedback from Part A to extend your report further to address the following requirements:
Data Preparation: You need to use your own USB to create/delete files as mentioned in the scenario below and perform the digital forensics investigation:
1. You need to create six files of type pdf, excel and word documents, where you need to name these files as follow: yourname-BN309-Assig1.*, where * depends of the file type. In addition, you need to change the attribute of these files to describe the Metadata which holds data such as your name as an author, organization name "MIT", computer name "based on your terminal name", date/time created, and comments such as "created for Assignment1 of BN309".
2. Modify the extension of one of the doc file to .jpeg
3. Then you need to delete 3 files including the file you have modified its extension, one of each type. Provide the list of references using IEEE referencing style at the end of the report.
Part 1: Data Acquisition
Prepare a forensic image (bit stream copy) with the record of data deletion. Explain the method and tool you have used in acquiring data. You will need this image to perform the consecutive tasks. Please submit this image with your assignment. You need to cover the challenges to make a successful acquisition, and what are the relevant formats to use and why. Describe the steps required for search and seizure. (400 words)
Part 2: Data Recovery
The suspect has deleted three image files from the USB, your task is to recover these files and explain how you performed this task (with screenshots) and explain the tools you have used. (300 words)
In addition, recover the data from the recycle bin, explain the procedure with your own screenshots. You need to recover the metadata of these files (200 words)
Part 3: Data Analysis
Inspect all files in the USB, use a hex editor and analyze if there is any hidden data in these files. Provide screenshots of your analysis. Describe the tools that can be used for analyzing the deleted files, and also describe the benefit(s) for conducting a window registry analysis (300 words)
Part 4: Data Validation
Explain different methods of data validation and use one of them to validate data on USB. Explain how to verify the file extension if it has been altered using relevant tools. Demonstrate with snapshots the data validation as well as detecting the file extension alteration. (400 words)
Tired of Computer Forensics assignments and homework? Computer Forensics Assignment Help, Homework Help will relieve you at the most affordable price range!
Tags: Computer Forensics Assignment Help, Computer Forensics Homework Help, Computer Forensics Coursework, Computer Forensics Solved Assignments
Attachment:- Computer Forensics.rar