CSG2305 Computer Forensics
Digital Forensics Plan 2020
Keys to Assignment Success
Assessable Workshop: Forensic Investigation Plan
Digital forensic investigations cannot be conducted without a written permission or warrant. In this assignment, you will write a plan that you would forward to your (hypothetical) line manager to get approval so that you can proceed with the investigation, and also to make him understand the requirements of the task so that he or she can assign hardware and software resources as well as the right number of investigators to the case.
Assignment Brief
This assessable workshop is designed to get you thinking about how you may approach the case study assignment. Using the case study outline, your task is to prepare a plan (using Microsoft Word) that describes your understanding, method and intentions for undertaking the actual investigation. Remember, at this point in time, your (hypothetical) line manager has not yet approved you to commence the investigation. Hence, you are outlining all the facts to obtain formal permission to proceed with the investigation.
Length: Maximum of four A4 pages in total. You are not required to submit an ECU cover sheet.
PRO TIP: always address the assignment instructions The keys to understanding the assignment instructions have been highlighted above. For example (from the Assignment Brief): “Describe your understanding, method and intentions for undertaking the actual investigation” o If you discuss investigation methods without putting them in context of the “actual investigation,” you may not get full marks. o If you go too deep into analysing the forensically sound copy of the drive of the suspect’s computer, you will be exceeding the scope of the assignment. You will not gain marks for this effort, and you may even lose marks if assessable parts are sacrificed. “Maximum of 4 A4 pages” o If your assignment is significantly shorter than the maximum, it may indicate that you have insufficiently covered key topics for your proposal. o If your assignment exceeds the 4-page maximum, your may have included too much detail and may not have communicated effectively (see Marking Key) |
Marking Key
The assignment is worth a total of 30 marks.
Criteria |
Max Mark | ||
Evidence of appropriate grammar, punctuation and proofreading? |
3 | ||
Intended processes are communicated effectively? |
12 | ||
Chosen, method and processes are appropriate for case study under investigation? |
12 | ||
Plan is professionally formatted? |
3 | ||
PRO TIP: know how marks can be allocated Address each of the marking criteria o If you wrote a detailed proposal with appropriate methods, but did not use correct grammar and punctuation, you will not get full marks. o If your plan is perfectly written with excellent, professional formatting, but the method and process you describe are not appropriate for the case study under investigation, you will not get full marks. Know the weight of each criterion. Make sure you apply yourself appropriately. |
Assignment Example
The following are excerpts from an example digital forensics plan. These examples are provided to help you understand the expected level of writing style, depth, and purpose of each assignment section. You should create your own plan in your own words that satisfies the assignment instructions and the marking key.
Introduction
A single paragraph describing the case.
- Summary of the offence being Assignment 1: Digital Forensics Plan investigated
Introduction Details of parties involved
- Details of computers or devices pertaining to the investigation
A criminal offence of accessing digital cat -related material has allegedly What are we looking at and why? occurred in Western Australia. The prime suspect, Clark, was observed by a (work colleague) witness accessing the content at work. The witness (network administrator) informed their line manager (Ash) and he reported the incident to the police. The primary device pertaining to the investigation is Clark’s computer, which has been seized by the police…
Timeframe
The final analysis and report pertaining to the allegations is due no later than… [Continue with relevant information about key timeframes for the plan]
Background
A digital forensic investigation has been requested on behalf of WA Police in relation to a case involving alleged access to illegal imagery of cats. Under WA law, access, possession and distribution of such imagery is a criminal offence, which is exactly what occurred at Daily Planet. ...
Clark does not have any criminal record and denied the allegations that he has accessed digital content relating to cats during the police interview. ...
Timeframes relevant to the investigation:
- When is the investigation and final analysis report to be completed by....
- Trial dates
- Personnel factors
- Any other factors that may inhibit the timely completion of the analy sis Factual details pertaining to the investigation:
- Where did the offence take place?
- Who was involved?
- Who else may have been involved?
- Statements made by the offender or third parties
- Known problems relating to the
suspects/victims or evidence of 5 that may inhibit or delay the investigation and analysis
Objectives
- Examine the forensic image to discover the presence of digital content relating to cats.
- Prove/disprove that Clark was actually present at the scene when the content was accessed.
- Determine if Clark (un)intentionally accessed the illegal content.
- ...
A list of S.M.A.R.T. (specific, measurable, achievable, relevant, and timely) objectives relating to the investigation.
How will you undertake the analysis? What needs to be done?
What process and method will you use? What hardware and software tools will be used?
of 5
Resources
The case requires approx. 70 GB of storage capacity to extract relevant files, use virtualisation (VMware Workstation 15 Pro), and run the necessary software tools. AccessData FTK Imager 4.2.1.4 will be used to create a forensically sound copy of the original drive. [continue]
What resources will you need to complete the entire investigation? Resources may include people, software, hardware, and capabilities. How will you manage specific resources being unavailable?
Marking Criteria: Are the chosen method and processes appropriate for the case study under investigation? Progress Indicators
illegal nature.
Marking Criteria: Is the plan professionally formatted? Headings, fonts, alignment consistent Structure logical Bullet points where required |