Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Computer Crime and Digital Evidence

Module Code: UFCFP4-30-1 Student id-24059073

Date: March 2025 Module Details

·
Module Name: Computer Crime and Digital Evidence

·
Module Code: UFCFP4-30-1

Section 1: Overview of Assessment

Students are entrusted with performing comprehensive evaluations of forensic tools, applying them in practical scenarios, and meticulously documenting their observations. The key emphasis lies in ensuring evidence preservation, validating forensic tools, and maintaining strict adherence to established forensic standards to guarantee accurate and credible results.

Section 2: Task Specification

Functioning as forensic analysts within a Digital Forensics Unit (DFU), students will identify, evaluate, and validate forensic tools used for the retrieval and examination of digital evidence. They are required to produce a detailed forensic report that meticulously records their methodologies, findings, and interpretations in alignment with industry best practices.

Section 3: Deliverables

·
Testing and Validation Plan (TVP1): A structured and detailed plan documenting the approach, methodology, and verification procedures used to test the forensic tools.

·
Standard Operating Procedure (SOP): A precise, step-by-step manual providing detailed instructions for the appropriate usage of the selected forensic tools, ensuring repeatable and reliable outcomes.

Section 4: Marking Criteria

·
Completeness and Accuracy: Assessing the thoroughness and correctness of the testing procedures and documentation.

·
Knowledge Transfer: Evaluating the clarity and efficiency of the report in communicating findings and methodologies.

·
Adherence to Standards: Ensuring the report complies with forensic best practices and maintains high levels of procedural integrity.

·
Report Formatting: Analyzing the presentation and structure of the report, ensuring logical flow, coherence, and professional aesthetics.

Section 5: Feedback Mechanisms

·
Formative Feedback: Continuous feedback will be offered during lab and classroom sessions, providing opportunities for improvement before final submission.

·
Summative Feedback: Comprehensive written feedback will be provided post-submission, offering insights into strengths and areas needing improvement.

Section 6: Appendices

6.1 Starting and Managing Your Assessment

Initiate your work promptly and make the most of available lab facilities. Efficient time management is essential to meet deadlines. Don’t hesitate to seek guidance from tutors for clarifications or support.

6.2 Academic Integrity

Maintaining academic honesty is crucial. Acts of plagiarism, collusion, or data manipulation are strictly forbidden. Ensure all submissions are your original work and properly cited.

6.3 Restrictions on AI Use

Content generated using AI tools is not allowed. Your findings and reports should be based solely on hands-on forensic testing and genuine analysis.

6.4 Referencing Requirements

Adhere to the UWE Harvard referencing style when citing sources. Make sure all references are accurate and include appropriate credit for research materials, publications, and forensic tool documentation.

Forensic Toolkit Testing and Validation Report

Introduction

This document provides a comprehensive review and validation of forensic tools for the examination of digital evidence. The reasonable procedures, test results and verification processes are detailed in this document.

1.
Evidence Preservation


Tool Used: [FTK Imager v4.7.1]

This section captures the imaging and preservation of digital evidence, to provide verification of the integrity and authenticity of the original data.

The imaging process included creating a forensic image of the target drive using FTK Imager, specifically a raw (DD) image. Part of the process included calculating the MD5 and SHA-1 hash values of the source drive before and after imaging was complete, and those values were compared to confirm that the drive was not altered during the imaging process. The MD5 and SHA-1 hash values were successfully matched (e.g., MD5: Insert Calculated MD5 Hash Value, SHA-1: [Insert Calculated SHA-1 Hash Value]), which confirms that it is an accurate original bit-for-bit copy of the target drive. Once complete, the image was saved to a secure, write-protected location. 

2.System Profiling


Tool Used: [Registry Explorer v1.6.0]

Description: Analyzing registry hives and validating findings using Access Data Registry Viewer to ensure accurate and complete data related to system configuration.

Description: Registry Explorer was employed to acquire key system configuration data from the target systems registry hives (e.g., SYSTEM, SOFTWARE, NTUSER.DAT) focusing on specific keys of interest such as user account data, installed software and system configurations. The findings from Registry Explorer then underwent verification compared to Access Data Registry Viewer; for instance, user account data, obtained through Registry Explorer was verified against the same user account data through Access Data Registry Viewer to ensure accuracy. Any discrepancies between the obtained data was noted and investigated. The use of successful dual verification of registry entries identified as the Insert Registry Key Path and Insert Registry Value, to validate the summarized findings of both tools.

Description: Analyzing registry hives and verifying results with Access Data Registry Viewer.

3. File Recovery


Tool Used: [PhotoRec v7.2]

Description: Recovery of deleted files using file carving techniques, with a particular focus on identifying and reconstructing fragmented files.

Description: PhotoRec was used to recover deleted files from unallocated space, and the tool’s ability to identify files based on file headers and footers, irrespective-file system metadata, proved useful. Rehabilitation efforts primarily focused on specific file types (e.g., JPEG, DOCX, ZIP) both file identification and reconstruction occurred. These recovered files were then validated through the examination of file contents and through comparison with known good copies. For example, when investigating for recovered JPEG images, we opened all images and visually checked each image for image integrity, while hash value comparisons confirmed file similarity with known good JPEG images. Successful and independent validation of Number JPEG files and Number DOCX files, demonstrates the effectiveness of PhotoRec.

Description: Recovery of deleted files through file carving techniques.

4. Internet-Based Evidence


Tool Used: [ Autopsy Web Artifacts]

Description: Parsing the Web browser history, cookies and cache files and confirming the findings by inspecting the original SQLite databases.

Description: Autopsy Web Artifacts allowed for parsing the Web browser artifacts from the target system’s browser profiles (Chrome, Firefox etc.). The parsed artifacts (browsing history, download history, and cookie information) were verified by directly opening the pertinent SQLite database files via a SQLite browser for several of the artifacts. An example was shown that certain entries in the history.db file were matched by the parsed history in Autopsy to demonstrate the tool was accurately parsing the data. A successful matched entry would have included “Web History: Site Visited here/ at insertTimestamp here”, which would verify the parsing of the tool was accurately retrieving the web history data parsed.

Description: We parsed web browser history and verified using SQLite.

5. Windows Artifacts


Tool Used: [LNK Explorer]

Description: Analysis of LNK files, prefetch, thumbnail databases, etc.

6. Hash Analysis and Filtering


Tool Used: [Autopsy Hash Lookup]

Description: The process of calculating and filtering hash values against known hash sets (e.g., NIST NSRL), in order to identify known files and remove non-user related data.

Description: Autopsy Hash Lookup was utilized to calculate hash values (MD5, SHA-1) of files from the suspect hard drive. The hash values calculated were then compared against the NIST National Software Reference Library (NSRL) hash set. The files with known hash values were accurately and successfully identified and filtered out from the dataset, allowing an enormous reduction of data that needed to be analyzed manually. For instance, by filtering out known operating system files from the dataset using the NSRL hash set, the amount of time it took to analyze the remaining data was drastically reduced. The filtration of *Number* known files verified the functionality of the hash lookup feature of the tool.

Description: Hash values were calculated and filtered.

7. File Extension Analysis


Tool Used:[TrID File Identifier]

Description: TrID analyzes the contents of files to determine the file type regardless of the file extension, allowing the accurate determination of files that have been mislabelled or disguised.

TrID is a tool utilized to analyze various files with suspicious file extensions or missing file extensions. The ability of the tool to determine the file type by examining the binary signatures of the file was of utmost importance. For example, a file assigned a text file extension, .txt, was examined using TrID and was verified to be a JPEG image file. This capability of being able to have the file type examined and determined to not be a text file avoids potentially misinterpreting the content of the file. Accurately identifying the File Name to be a JPEG file instead of a .txt file extension speaks to the abilities of TrID.

Conclusion

This report details the processes that have been used in testing, validating, and documenting using forensic tools for analysis of digital evidence. Each forensic tool has been thoroughly assessed to ensure quality through thorough and detailed testing, from repeated reliability to the ability to be replicated. Validation is essential to maintain the admissibility of the evidence in a courtroom, and performing validation is a formal process that incorporates more than one forensic method, process, and/or procedure that can repeatably use established industry standards. for each process for the proper standard operating procedures outlined in each description, forensic investigators can get accurate photographic results with a varied range of document examiners and or images achieving consistently a reliable process of each investigation. Continuous learning and adherence to forensic standards after documentation of reports is also necessary to maintain the credibility of forensic analysis.

image6.jpeg

image7.jpeg

image8.png

image9.png

image10.jpeg

image11.jpeg

image12.jpeg

image13.jpeg

image14.jpeg

image15.jpeg

image1.png

image2.jpeg

image3.png

image4.jpeg

image5.png

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

need responses

in the file 1..I need two responses for each question as you provide last time like they are answering an interview This is for my field test. 2….And couple of statements 2 paragraphs should be enough thanks. Like if you achieved what you want through the responses from this field

Resume update

Quantavis Neely 595 Thicket Run York, South Carolina 29745 neelytavis33 @gmail.com (803) 524-4909 Objective: To secure a professional position in a company that seeks an ambitious and career conscious individual where acquired skills will be utilized toward growth, and expand upon my learnings, knowledge, and competencies. Skills: Ability to work

project 2 movie

Follow the attach instructions to complete this work. Note: Make sure it aligns with the Rubric Draft/Outline Top of Form Instructions For the Final Project, you will select at least one film that represents your career or career goals.  For example, if you are working toward a cybersecurity degree or already

SQL 11 Help

Statements query You are required to complete the exercises 1-15 from Chapter 18. Save the script from #2 as CIS276DA_Lesson11Exercise2_JAM2334209.sql Save the script from #5 as CIS276DA_Lesson11Exercise5_ JAM2334209.sql Save the output from #5 as CIS276DA_Lesson11Exercise5_ JAM2334209.csv Save the script from #6 as CIS276DA_Lesson11Exercise6_ JAM2334209.sql Save the output from #6 as

SQL 12 Help

statement query You are required to complete Exercises 1 through 7 from Chapter 19. For each exercise, you need to submit specific files. Here’s what you need to do: Exercise 1: Submit the backup script file as CIS276DA_Lesson12Backup_JAM2334209. Exercise 4: Submit the SQL file as CIS276DA_Lesson12Exercise4_ JAM2334209.sql and the CSV

MOvie Project stage one

Follow the attach instructions to complete this work.  Note: Make sure it aligns with the attach Rubric. A project to do on Movie Instructions For the Final Project, you will select at least one film that represents your career or career goals.  For example, if you are working toward a cybersecurity

New website issue in the referral redemption section.

Hi, I need help. I created a new website and added a referral earning option, but it’s not working. When a new user creates an account using a referral code, the account is created, but the referral is not recorded for either the referrer or the new user. Sometimes, it

Project 2 of CSIA

follow the attach document to complete this work.  Please note: Make sure it aligns with the attach rubric. Project 2: Compare / Contrast Two State Government IT Security Policies For this research-based report, you will perform a comparative analysis that examines the strengths and weaknesses of two existing IT Security

Project 1 of CSIA

Follow the attach instructions to complete this work. Please make sure it aligns with the rubric. Project 1: Cybersecurity for OPEN Data Scenario: A federal agency has asked your cybersecurity consulting firm to provide a research report examining Open Data services’ usefulness and security issues. The report is intended for

What is Backlink SEO?

   Backlink SEO refers to the process of acquiring high-quality backlinks to improve a website’s search engine rankings. Backlinks act as votes of confidence from other websites, signaling to search engines like Google that your site is valuable and trustworthy. The more authoritative backlinks you have, the higher your chances

SQL 10 help

SQL statements In this project, you will create a Node.js application that interacts with a MySQL database. You’ll practice executing various types of queries, such as INSERT, SELECT, UPDATE, and DELETE, to manage employee records in the database. Instructions: Setup: Make sure you have Node.js and MySQL installed on your

PHISHING EMAIL

From: Bannffield Pet Hospital ( [email protected]) To: Optimumm Wellness Plan Members Subject: CANCELLATION OF OPTIMUMM WELLNESS PLAN SUSPENSION OF Optimumm Wellness Plan (OWP) Dear Customer We are writing to inform you that the payment information for your pet’s Optimumm Wellness Plan (OWP) was unable to be processed. In order to

SQL3 Help

SQL statements help You are required to complete exercises 8, 9, 10, and 11 from Chapter 3. For each exercise, you need to create SQL statements and related CSV files. Here’s what you need to do: · Exercise 8: Write your SQL statement in a file named CIS276DA_Lesson3Exercise8_ JAM2334209.sql. Run

SQL 9 Help

Help statements Complete Exercises 1, 2, and 5 from Chapter 11. Complete Exercises 1, 2, 3, and 5 from Chapter 12. Write your script in a file named CIS276DA_Lesson9Chapter#Exercise#_JAM2334209.sql. Run the script and export the results to CIS276DA_Lesson9Chapter#Exercise#_JAM2334209.csv.

D 7 of 459

Follow the attach document to complete this work. Questions: 1. What is Generative AI and how is it similar/different to Traditional AI? 2. Do you believe that work created by Generative AI (e.g. ChatGPT) is comparable in quality to human created content?  What challenges and opportunities does Generative AI pose to

D 6 of 459

Follow the attach document to complete this work. Questions: 1. How is technology increasingly used in healthcare beyond electronic health records (HER)?  Give some examples. 2. Would you personally participate in robot assisted/telesurgery as a patient or a medical professional?  Why or why not? Resources 20 Examples Of IoT Wearables

D 5 of 459

Follow the attach document to complete this work. Questions: 1. What are service robots and how are they used and categorized?  Give examples of each. 2. How would you leverage service robots to improve the availability, confidentiality, and integrity of a large (20MW+) data center? Resources Robots as a Platform

D 4 of 459

Follow the attach instruction to complete the work. Questions: 1.  What are Smart Cities and how do they benefit citizens and the environment?  2.  Provide an example of the “Smartest” city you have ever visited and what are some of the potential cyber risks the citizens are compelled to take