(Untitled)

Computer Forensics Investigation of a Seized Pen Drive

Format MLA

Academic Level: –

Volume of 12 pages (3300 words)

Assignment type : Coursework

Description
The coursework is to be completed in groups of 2. This is to simulate team working that would be present in the Computer Forensics industry. Each group will need to complete a peer assessment form to document the contribution from each group member. You can complete the coursework as an individual but you must accept that you would have an increased workload.

Part 1. Evidence identification. You are required to analyse and interpret the data contained on the pen drive. In particular, you are looking for evidence related to identifying who the pen drive belongs to. If any potential crimes have been committed then what they are and evidence to support your claims. A section called Evidence will be included in your final report and should contain items such as:

• Metadata for each of the files found on the pen drive. You need to decide what metadata needs to be recorded for each file type. Marks are awarded for choosing the correct metadata categories and for stating the correct information for the chosen metadata categories;
• You need to include a reference for each of the applications used in your investigation;

Part 2. Report. In addition to your Evidence section, you are required to present your methodology and findings within your report. Your methodology is the steps you took in the solving of the case. You are required to demonstrate that your evidence is robust and maintains integrity. You should include an overview of your methodology and the programs you used during the investigation. In addition, you must detail any findings and recommendations gained from your analysis with supporting evidence.

Your report will be assessed on the following criteria:
• Quality of the report. Ensure that the report is laid out in a logical order and that any figures or tables are clear to read. Please ensure that you have spell checked your work before submission;
• An overview of your methodology. How did you recover the information that you have used as metadata. You need to explain the process for each file type on the pen drive;
• Identification of relevant files. This should be a list of the files that are evidence and include an explanation as to why they are evidence;
• The findings and recommendations of your analysis. You need to decide whether there is enough evidence to arrest the suspect for possession, distribution and creation of images of Penguins. Also need to give ideas for further investigation as to what else you would seize, investigate and those you would want to interview.

To undertake the investigation, make use of tools and techniques that you have been introduced to in lectures, tutorial and lab sessions, such as the Forensics Toolkit.

Faculty of Engineering and Technology
Coursework Title: A digital forensics investigation of a seized pen drive.

Introduction
Scenario: The UK government have decided that images of Penguins are illegal and their possession, creation or distribution is illegal. The first person to be arrested under this new law has had a pen drive and a Galaxy S6 phone taken from them for analysis. In groups of 2, your task is to analyse the contents of the pen drive and document any metadata in the files present. From your findings you must decide if a crime has been committed, the level of the offence and support your claims with evidence. A forensic image of the suspects pen drive can be found on Canvas.

Learning Outcome to be assessed

1 Identify suitable methods and tools for developing solutions to problems in computer forensics.
2 Demonstrate knowledge of the investigative skills in computer forensics.

Detail of the task
The coursework is to be completed in groups of 2. This is to simulate team working that would be present in the Computer Forensics industry. Each group will need to complete a peer assessment form to document the contribution from each group member. You can complete the coursework as an individual but you must accept that you would have an increased workload.

Part 1. Evidence identification. You are required to analyse and interpret the data contained on the pen drive. In particular, you are looking for evidence related to identifying who the pen drive belongs to. If any potential crimes have been committed then what they are and evidence to support your claims. A section called Evidence will be included in your final report and should contain items such as:

• Metadata for each of the files found on the pen drive. You need to decide what metadata needs to be recorded for each file type. Marks are awarded for choosing the correct metadata categories and for stating the correct information for the chosen metadata categories;
• You need to include a reference for each of the applications used in your investigation;

Part 2. Report. In addition to your Evidence section, you are required to present your methodology and findings within your report. Your methodology is the steps you took in the solving of the case. You are required to demonstrate that your evidence is robust and maintains integrity. You should include an overview of your methodology and the programs you used during the investigation. In addition, you must detail any findings and recommendations gained from your analysis with supporting evidence.

Your report will be assessed on the following criteria:
• Quality of the report. Ensure that the report is laid out in a logical order and that any figures or tables are clear to read. Please ensure that you have spell checked your work before submission;
• An overview of your methodology. How did you recover the information that you have used as metadata. You need to explain the process for each file type on the pen drive;
• Identification of relevant files. This should be a list of the files that are evidence and include an explanation as to why they are evidence;
• The findings and recommendations of your analysis. You need to decide whether there is enough evidence to arrest the suspect for possession, distribution and creation of images of Penguins. Also need to give ideas for further investigation as to what else you would seize, investigate and those you would want to interview.

To undertake the investigation, make use of tools and techniques that you have been introduced to in lectures, tutorial and lab sessions, such as the Forensics Toolkit.

What you should hand in

Report submitted via Canvas. There is no page limit for the report but your report must be 10MB or less. Ensure that you clearly mark all the names and registration numbers of the members of your group on the first page of your submission. You also need to include a peer assessment form to show the contribution of each group member.

Marking Scheme/Assessment Criteria

Assessment Assessment Criteria % Weighting for each problem part
Part 1. Metadata for files on Pen Drive 30
Part 2. Quality of the report 10
Methodology overview 10
Identification of relevant files 20
Findings and recommendations 30

Recommended reading
Reading list is on Canvas.

Extenuating Circumstances
If something serious happens that means that you will not be able to complete this assignment, you need to contact the module leader as soon as possible. There are a number of things that can be done to help, such as extensions, waivers and alternative assessments, but we can only arrange this if you tell us. To ensure that the system is not abused, you will need to provide some evidence of the problem.
More guidance is available at https://www.ljmu.ac.uk/about-us/public-information/student-regulations/guidance-policy-and-process
Any coursework submitted late without the prior agreement of the module leader will receive 0 marks.
Academic Misconduct
The University defines Academic Misconduct as ‘any case of deliberate, premeditated cheating, collusion, plagiarism or falsification of information, in an attempt to deceive and gain an unfair advantage in assessment’. This includes attempting to gain marks as part of a team without making a contribution. The Faculty takes Academic Misconduct very seriously and any suspected cases will be investigated through the University’s standard policy (https://www.ljmu.ac.uk/about-us/public-information/student-regulations/appeals-and-complaints). If you are found guilty, you may be expelled from the University with no award.
It is your responsibility to ensure that you understand what constitutes Academic Misconduct and to ensure that you do not break the rules. If you are unclear about what is required, please ask.

 



You Need a Professional Writer To Work On Your Paper?