Kibata

Sign In

Our Services

Get 15% Discount on your First Order

Order Now
[rank_math_breadcrumb]

Computer Crime and Digital Evidence

Module Code: UFCFP4-30-1 Student id-24059073

Date: March 2025 Module Details

·
Module Name: Computer Crime and Digital Evidence

·
Module Code: UFCFP4-30-1

Section 1: Overview of Assessment

Students are entrusted with performing comprehensive evaluations of forensic tools, applying them in practical scenarios, and meticulously documenting their observations. The key emphasis lies in ensuring evidence preservation, validating forensic tools, and maintaining strict adherence to established forensic standards to guarantee accurate and credible results.

Section 2: Task Specification

Functioning as forensic analysts within a Digital Forensics Unit (DFU), students will identify, evaluate, and validate forensic tools used for the retrieval and examination of digital evidence. They are required to produce a detailed forensic report that meticulously records their methodologies, findings, and interpretations in alignment with industry best practices.

Section 3: Deliverables

·
Testing and Validation Plan (TVP1): A structured and detailed plan documenting the approach, methodology, and verification procedures used to test the forensic tools.

·
Standard Operating Procedure (SOP): A precise, step-by-step manual providing detailed instructions for the appropriate usage of the selected forensic tools, ensuring repeatable and reliable outcomes.

Section 4: Marking Criteria

·
Completeness and Accuracy: Assessing the thoroughness and correctness of the testing procedures and documentation.

·
Knowledge Transfer: Evaluating the clarity and efficiency of the report in communicating findings and methodologies.

·
Adherence to Standards: Ensuring the report complies with forensic best practices and maintains high levels of procedural integrity.

·
Report Formatting: Analyzing the presentation and structure of the report, ensuring logical flow, coherence, and professional aesthetics.

Section 5: Feedback Mechanisms

·
Formative Feedback: Continuous feedback will be offered during lab and classroom sessions, providing opportunities for improvement before final submission.

·
Summative Feedback: Comprehensive written feedback will be provided post-submission, offering insights into strengths and areas needing improvement.

Section 6: Appendices

6.1 Starting and Managing Your Assessment

Initiate your work promptly and make the most of available lab facilities. Efficient time management is essential to meet deadlines. Don’t hesitate to seek guidance from tutors for clarifications or support.

6.2 Academic Integrity

Maintaining academic honesty is crucial. Acts of plagiarism, collusion, or data manipulation are strictly forbidden. Ensure all submissions are your original work and properly cited.

6.3 Restrictions on AI Use

Content generated using AI tools is not allowed. Your findings and reports should be based solely on hands-on forensic testing and genuine analysis.

6.4 Referencing Requirements

Adhere to the UWE Harvard referencing style when citing sources. Make sure all references are accurate and include appropriate credit for research materials, publications, and forensic tool documentation.

Forensic Toolkit Testing and Validation Report

Introduction

This document provides a comprehensive review and validation of forensic tools for the examination of digital evidence. The reasonable procedures, test results and verification processes are detailed in this document.

1.
Evidence Preservation


Tool Used: [FTK Imager v4.7.1]

This section captures the imaging and preservation of digital evidence, to provide verification of the integrity and authenticity of the original data.

The imaging process included creating a forensic image of the target drive using FTK Imager, specifically a raw (DD) image. Part of the process included calculating the MD5 and SHA-1 hash values of the source drive before and after imaging was complete, and those values were compared to confirm that the drive was not altered during the imaging process. The MD5 and SHA-1 hash values were successfully matched (e.g., MD5: Insert Calculated MD5 Hash Value, SHA-1: [Insert Calculated SHA-1 Hash Value]), which confirms that it is an accurate original bit-for-bit copy of the target drive. Once complete, the image was saved to a secure, write-protected location. 

2.System Profiling


Tool Used: [Registry Explorer v1.6.0]

Description: Analyzing registry hives and validating findings using Access Data Registry Viewer to ensure accurate and complete data related to system configuration.

Description: Registry Explorer was employed to acquire key system configuration data from the target systems registry hives (e.g., SYSTEM, SOFTWARE, NTUSER.DAT) focusing on specific keys of interest such as user account data, installed software and system configurations. The findings from Registry Explorer then underwent verification compared to Access Data Registry Viewer; for instance, user account data, obtained through Registry Explorer was verified against the same user account data through Access Data Registry Viewer to ensure accuracy. Any discrepancies between the obtained data was noted and investigated. The use of successful dual verification of registry entries identified as the Insert Registry Key Path and Insert Registry Value, to validate the summarized findings of both tools.

Description: Analyzing registry hives and verifying results with Access Data Registry Viewer.

3. File Recovery


Tool Used: [PhotoRec v7.2]

Description: Recovery of deleted files using file carving techniques, with a particular focus on identifying and reconstructing fragmented files.

Description: PhotoRec was used to recover deleted files from unallocated space, and the tool’s ability to identify files based on file headers and footers, irrespective-file system metadata, proved useful. Rehabilitation efforts primarily focused on specific file types (e.g., JPEG, DOCX, ZIP) both file identification and reconstruction occurred. These recovered files were then validated through the examination of file contents and through comparison with known good copies. For example, when investigating for recovered JPEG images, we opened all images and visually checked each image for image integrity, while hash value comparisons confirmed file similarity with known good JPEG images. Successful and independent validation of Number JPEG files and Number DOCX files, demonstrates the effectiveness of PhotoRec.

Description: Recovery of deleted files through file carving techniques.

4. Internet-Based Evidence


Tool Used: [ Autopsy Web Artifacts]

Description: Parsing the Web browser history, cookies and cache files and confirming the findings by inspecting the original SQLite databases.

Description: Autopsy Web Artifacts allowed for parsing the Web browser artifacts from the target system’s browser profiles (Chrome, Firefox etc.). The parsed artifacts (browsing history, download history, and cookie information) were verified by directly opening the pertinent SQLite database files via a SQLite browser for several of the artifacts. An example was shown that certain entries in the history.db file were matched by the parsed history in Autopsy to demonstrate the tool was accurately parsing the data. A successful matched entry would have included “Web History: Site Visited here/ at insertTimestamp here”, which would verify the parsing of the tool was accurately retrieving the web history data parsed.

Description: We parsed web browser history and verified using SQLite.

5. Windows Artifacts


Tool Used: [LNK Explorer]

Description: Analysis of LNK files, prefetch, thumbnail databases, etc.

6. Hash Analysis and Filtering


Tool Used: [Autopsy Hash Lookup]

Description: The process of calculating and filtering hash values against known hash sets (e.g., NIST NSRL), in order to identify known files and remove non-user related data.

Description: Autopsy Hash Lookup was utilized to calculate hash values (MD5, SHA-1) of files from the suspect hard drive. The hash values calculated were then compared against the NIST National Software Reference Library (NSRL) hash set. The files with known hash values were accurately and successfully identified and filtered out from the dataset, allowing an enormous reduction of data that needed to be analyzed manually. For instance, by filtering out known operating system files from the dataset using the NSRL hash set, the amount of time it took to analyze the remaining data was drastically reduced. The filtration of *Number* known files verified the functionality of the hash lookup feature of the tool.

Description: Hash values were calculated and filtered.

7. File Extension Analysis


Tool Used:[TrID File Identifier]

Description: TrID analyzes the contents of files to determine the file type regardless of the file extension, allowing the accurate determination of files that have been mislabelled or disguised.

TrID is a tool utilized to analyze various files with suspicious file extensions or missing file extensions. The ability of the tool to determine the file type by examining the binary signatures of the file was of utmost importance. For example, a file assigned a text file extension, .txt, was examined using TrID and was verified to be a JPEG image file. This capability of being able to have the file type examined and determined to not be a text file avoids potentially misinterpreting the content of the file. Accurately identifying the File Name to be a JPEG file instead of a .txt file extension speaks to the abilities of TrID.

Conclusion

This report details the processes that have been used in testing, validating, and documenting using forensic tools for analysis of digital evidence. Each forensic tool has been thoroughly assessed to ensure quality through thorough and detailed testing, from repeated reliability to the ability to be replicated. Validation is essential to maintain the admissibility of the evidence in a courtroom, and performing validation is a formal process that incorporates more than one forensic method, process, and/or procedure that can repeatably use established industry standards. for each process for the proper standard operating procedures outlined in each description, forensic investigators can get accurate photographic results with a varied range of document examiners and or images achieving consistently a reliable process of each investigation. Continuous learning and adherence to forensic standards after documentation of reports is also necessary to maintain the credibility of forensic analysis.

image6.jpeg

image7.jpeg

image8.png

image9.png

image10.jpeg

image11.jpeg

image12.jpeg

image13.jpeg

image14.jpeg

image15.jpeg

image1.png

image2.jpeg

image3.png

image4.jpeg

image5.png

Share This Post

Email
WhatsApp
Facebook
Twitter
LinkedIn
Pinterest
Reddit

Order a Similar Paper and get 15% Discount on your First Order

Order Now

Related Questions

Virtual LANs

  Questions: A VLAN allows different devices to be connected virtually to each other as if they were in a LAN sharing a single broadcast domain. 1. Why a network engineer would want to deploy VLANs? 2. How do VLANs improve network security?

compliance and rules to follow in cybersecurity.

Follow the attached instructions to complete this work. Note: Make sure to follows rubric or aligns with Rubric. Unit 8 Assignment Directions: Case Study Review the following hypothetical case study. Consider the big-picture ideas and the specific concerns. Make use of the key terms and concepts from the readings in

Discussion on data ( computer science)

Follow the attached direction to complete this work Unit 7 Discussion   Overview Consider this scenario: PQR Corporation provides facial recognition technology to customers. Its products include customer access to consumer electronics as well as mass surveillance capabilities through networked camera systems. While operating legally, PQR has maintained a low

Computer Science – Machine Learning Python Programming Assignment

Assignment Help. Please don’t forget to add comments in the code Page 1 of 3 NorQuest College – CMPT 1011: Lab Assignment 5 CMPT 1011: Introduction to Computing Lab Assignment 2: Variables, mathematical operations and data types Value This coding challenge is worth 3% of your final grade. Background In

Public safety Communications

Subscribe The Communications and Cyber Resiliency Toolkit provides guidance for establishing resiliency measures, public safety communications can better withstand potential disruptions to service. This toolkit, developed by CISA, describes networks and systems critical to successful communication and cyber resiliency and possible threats while providing many resources and additional links for

Case Study 4 o Data (computer)

Follow the attached instructions to complete this work Unit 4 Case Study Directions Review the following case study. Consider both the big-picture ideas and the specific concerns. Make use of the key terms and concepts from the readings in your written responses to the questions below. The case study paper

Discussion 5 and 6

Follow  the attached instructions to complete this work Unit 5 Discussion   Overview In this discussion, you will be considering the emphasis on aspects such as privacy and safety. You will reflect on the significance of the legal concerns and goals of public-private partnerships to address cybersecurity. You will also

SQL injection

Hey! ????  I need an expert in SQL injection, DDOS attack, Code injection attack, XSS attack! To talk further please contact me on discord at mara411 so we can talk more freely and then I will hire you on here! Thanks ???? 

Free CAD, FeniCS or paraview

I have attached the picture and sample work too, I need work as like sampl, but not the copypasted Make sure you can ask me multiple questions but not dont do rubbish work

database

2. Final Assignment – equivalent to 4,000 words The final module mark is based on two deliverables focused on the CarNow case study described below. – 50% of the final mark a. An advisory report – 50 % of the final mark Includes 5% (of the module grade) given for

Computer

Documentation Tabula Insurance Agency ENTER AND UPDATE COMPANY DATA Author: Ashanti Joyner Note: Do not edit this sheet. If your name does not appear in cell B6, please download a new copy of the file from the SAM website. Personnel Tabula Insurance Agency Personnel: April 4-10, 2024 Employee Name Salary

Computer class

All information is below Toronto converted a declining part of the city into a vibrant neighborhood using the smart city 1.0 approach when a local technology company introduced electric shuttle buses to replace private cars and intelligent traffic lights to regulate the flow of pedestrians, bicycles, and vehicles. From Frankl,

Week 15

Read attachments for assignments  Week 14 Feedback Overall Feedback Well done on this assignment You will have to refine your tables and figures for your final submission. Always introduce them to the reader in preceding paragraph, properly create APA table, and cite figures. See Video:   APA Tables and Figures

Prof Double R

  PowerPoint Presentation: Narrative Presentation to the Board of Trustees The Centers for Medicare & Medicaid Services (CMS) has taken on a more visible role in health care. A great deal of change has transpired to improve patient safety and implementation of additional quality metrics. The new health care reform

Week 14

Please read attachments for details  image1.png

Week 13

Read attachments for details  The Finishing Touches – Week 13 Instructions For this week’s assignment you will submit the material discussed in the lesson plan and summarized below: · A refined introduction (Mandatory) · Updated Title Page (Mandatory) · Copyright Page with Declaration (Mandatory) · Dedication Page (Optional) · Acknowledgement

SCMT699

please read attachments for assignment  Feedback from week 10 Please address your design before your next submission.  Its how you are going to go about conducting your research so other can duplicate it. This is a good book on it. Creswell, J. W. (2009). Research design: Qualitative, quantitative, and mixed