Forensics Report (20 Marks)
In this major task you are assumed as a Digital Forensics Examiner. Considering a real or a hypothetical case you are required to produce a formal report consisting of facts from your findings to your attorney who has retained you. You are free to choose a forensics scenario which can be examination of a storage media (HDD, USB Drive etc), spoofed email, unscrambling bits, revealing information from an image or any other appropriate scenario you can think of.
Deliverable: A forensics report of 1800-2000 words.
This assessment task covers data validation, e-discovery, steganography, reporting and presenting, and has been designed to ensure that you are engaging with the subject content on a regular basis. More specifically it seeks to assess your ability to:
determine the legal and ethical considerations for investigating and prosecuting digital crimes
analyze data on storage media and various file systems
collect electronic evidence without compromising the original data;
evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab;
compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation;
prepare and defend reports on the results of an investigation
Following should be included as minimum requirements in the report structure:
• Executive Summary or Abstract
This section provides a brief overview of the case, your involvement as an examiner, authorization, major findings and conclusion.
• Table of Content
Background, scope of engagement, forensics tools used and summary of findings
• Analysis Conducted
o Description of relevant programs on the examined items
o Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions etc
o Graphic image analysis
This section should describe in greater detail the results of the examinations and may include:
o Specific files related to the request
o Other files, including deleted files that support the findings
o String searches, keyword searches, and text string searches
o Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news group activity
o Indicators of ownership, which could include program registration data.
Summary of the report and results obtained
you must cite references to all material you have used as sources for the content of your work
A glossary should assist the reader in understanding any technical terms used in the report. Use a generally accepted source for the definition of the terms and include appropriate references.
You can attach any supporting material such as printouts of particular items of evidence, digital copies of evidence, and chain of custody documentation.
Follow the referencing guidelines for APA 6