ICT378: You should follow forensics procedures, such as taking a hash of the image before using it and checking regularly to ensure you have not modified it: Cyber Forensics & Information Technology Report, MU

Task Description

You should follow forensics procedures, such as taking a hash of the image before using it and checking regularly to ensure you have not modified it. You can select and use any proprietary or open-source tools that you have been introduced to or find yourselves to perform the analysis and extract any evidence present.

Your report should detail the investigation process and the findings (including copies of relevant evidence), including obstacles and problems that you encountered and how you
overcame them. You can assume that the reader has a light understanding of digital forensics, so any complicated terms/techniques/etc should be explained.

You must include some screenshots in your reports with the output of the tools or the processes and when necessary to support/show how you reached your conclusions. Screenshots should not be used to excess – they merely serve to demonstrate your understanding of the tools/processes and should be used to support written explanations (not in place of).

You will be marked based on the evidence you extract, the use of appropriate tools, the detail of the process, the explanation of its relevance to the case, and documentation. Remember, your report should present the information in an unbiased way. Improper handling/validation of evidence would result in loss of marks except where accurately identified and corrected.

Your report should highlight the following areas 

A. Discuss if there is any evidence of any theft and defacement. Explain your position on this. What evidence did you find if any? How sound/reliable do you believe your evidence collection to be?

B. Present any evidence in a timeline format, signposting the points where you believe any offence may have occurred and other significant dates/times in the case. Compare any evidence found and timeline information side by side with the different tools available to you (e.g. ProDiscover/ OSFOrensics/ FTK Imager/ Magnet Axiom/ Autopsy, etc) and highlight any differences. Be sure to state the pros and cons of using one tool over the other.

C. You were provided with some sets of hard drive images. What do you think has occurred here? What are the differences between the sets of the drive images? How do you think the sets of drive images were created?

D. A common defence is that the actions were committed unintentionally or that the perpetrator did not know the actions were illegal. With these possible defences in mind, address how you would respond to these defences. Are there any clues that indicate intent or knowledge of criminal activity?

E. Conduct some research into ways that image files (graphic images) could be “tampered with”. Are there ways that are undetectable, or difficult to detect? Present your findings in a short section – written in a formal referenced style. You are only expected to have approximately 5 references

References:

Your report should be your own, and you should use appropriate citation and referencing formats. All sources that you use as supporting material to your reports must be referenced according to the convention. Failure to do so will result in the loss of marks! You should use APA as a referencing style. The IEEE format is also acceptable.

The post ICT378: You should follow forensics procedures, such as taking a hash of the image before using it and checking regularly to ensure you have not modified it: Cyber Forensics & Information Technology Report, MU appeared first on Assignment Help Singapore No 1 : Essay & Dissertation Writers, SG.