Digital Forensics Report: Examination and Case Analysis

Verified

Added on 2019/09/22

AI Summary

This assignment requires the creation of a formal digital forensics report, acting as a Digital Forensics Examiner for a hypothetical or real case scenario. The report, approximately 2000 words, must be submitted to an attorney and should detail the examiner's involvement, authorization, major findings, and conclusions. It necessitates the examination of storage media (HDD, USB, etc.), email or social media, mobile device, cloud forensics, or another relevant scenario. The report must include an executive summary, table of contents, introduction, analysis of relevant programs and techniques, findings including specific files, string searches, and internet-related evidence, a conclusion summarizing the results, references, a glossary of technical terms, and relevant appendices with supporting materials. The assessment evaluates data validation, e-discovery, steganography, reporting, and presentation skills, as well as the ability to analyze data, collect electronic evidence, and prepare detailed reports.

Forensics Report
In this major task assume you are a Digital Forensics Examiner. Considering a real or a hypothetical
case you are required to produce a formal report consisting of facts from your findings to your attorney
who has retained you. You are free to choose a forensics scenario which can be the examination of a
storage media (HDD, USB Drive, etc), email or social media forensics, mobile device forensics, cloud
forensics or any other appropriate scenario you can think of.
Deliverable: A forensics report of 2000word.
Rationale
This assessment task covers data validation, e-discovery, steganography, reporting and presenting,
and has been designed to ensure that you are engaging with the subject content on a regular basis.
More specifically it seeks to assess your ability to:
 determine the legal and ethical considerations for investigating and prosecuting digital crimes
 analyse data on storage media and various file systems
 collect electronic evidence without compromising the original data;
 evaluate the functions and features of digital forensics equipment, the environment and the
tools for a digital forensics lab;
 compose technical tactics in digital crimes and assess the steps involved in a digital forensics
investigation;
 prepare and defend reports on the results of an investigation
Presentation
The following should be included as minimum requirements in the report structure:
• Executive Summary or Abstract
This section provides a brief overview of the case, your involvement as an examiner, authorisation,
major findings and conclusion
• Table of Contents
• Introduction
Background, scope of engagement, forensics tools used and summary of findings
• Analysis Conducted
o Description of relevant programs on the examined items
o Techniques used to hide or mask data, such as encryption, steganography, hidden attributes,
hidden partitions etc
o Graphic image analysis
• Findings
This section should describe in greater detail the results of the examinations and may include:
o Specific files related to the request
o Other files, including deleted files that support the findings
o String searches, keyword searches, and text string searches
o Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news
group activity
o Indicators of ownership, which could include program registration data.
• Conclusion
Summary of the report and results obtained
• References
You must cite references to all material you have used as sources for the content of your work
• Glossary
A glossary should assist the reader in understanding any technical terms used in the report. Use a
generally accepted source for the definition of the terms and include appropriate references.
• Appendices

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

You can attach any supporting material such as printouts of particular items of evidence, digital copies
of evidence, and chain of custody documentation.
Follow the referencing guidelines for APA 6 as specified in Referencing Guides
Criteria HD
100% - 85%
DI
84% - 75%
CR
74% - 65%
PS
64% - 50%
FL
50% - 0
Introduction:
Background, scope of
engagement, tools and
findings
(3 marks)
All elements are
present, well
expressed,
comprehensive and
accurate.
All elements are
present and largely
accurate and well
expressed.
All elements are
present with few
inaccuracies.
Most elements are
present possibly with
some inaccuracies.
Fails to satisfy
minimum
requirements of
introduction.
Possible marks 3.0 – 2.55 2.54 – 2.25 2.24 – 1.95 1.94 – 1.5 1.4 – 0
Analysis: relevant
programs, techniques,
graphics
(5 marks)
Description of analysis
is clear and appropriate
programs and
techniques are
selected. Very good
graphic image analysis.
Description of analysis
is clear and mostly
appropriate programs
and techniques are
selected. Good graphic
image analysis.
Description of
analysis is clear and
mostly appropriate
programs and
techniques are
selected.
Reasonable graphic
image analysis.
Description of analysis
is not completely
relevant. Little or no
graphics image analysis
provided.
Fails to satisfy
minimum
requirements of
analysis.
Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0
Findings:
specific files/images,
type of searches, type
of evidence, indicators
of ownership
(5 marks)
A greater detail of
findings is
provided. Keywords
and string searches are
listed very
clearly. Evidence
found is very
convincing. Indication
of ownership is very
clear.
Findings are provided,
keywords and string
searchers are
listed. Evidence is
sound. Ownership is
clear.
Findings are
provided, some
keywords are
listed. Evidence is
reasonable which
relates to the
ownership.
Findings are provided
but are somewhat
vague. Keywords
and strings are not very
clear. Evidence found
may be questionable.
Fails to satisfy
minimum
requirements
providing findings
Possible marks 5.0 – 4.25 4.24 – 3.75 3.74 – 3.25 3.24 – 2.5 2.4 – 0
Conclusion:
Summary, Results
(3 marks)
High level summary of
results is provided
which is consistent
with the report.
Well summarised
results and mostly
consistent with the
findings.
Good summary of
results.
Able to relate the
results with findings.
No new material is
included.
Satisfies the minimum
requirements. Results
are not really consistent
with the findings.
Fails to satisfy
minimum
requirements of
summarising the
results.
Possible marks 3.0 – 2.55 2.54 – 2.25 2.24 – 1.95 1.94 – 1.5 1.4 – 0
References:
Must cite references to
all material used as
sources for the content
(2 marks)
APA 6th edition
referencing applied to
a range of relevant
resources. No
referencing errors.
Direct quotes used
sparingly. Sources all
documented.
APA 6th edition
referencing applied to
a range of relevant
resources. No more
than 2 referencing
errors.
Direct quotes used
sparingly. Sources all
documented.
APA 6th edition
referencing applied to
a range of relevant
resources. No more
than 3 errors. Direct
quotes used in-
context. Sources all
documented.
APA 6th edition
referencing applied
to a range of relevant
resources.
No more than 4 errors.
Direct quotes used in-
context. Some sources
documented.
Referencing not do
to the APA 6th
edition standard.
Over-use of direct
quotes. Range of
sources used is not
appropriate and/or
not documented.
Possible marks 2.0 – 1.7 1.6 – 1.5 1.4 – 1.3 1.2 – 1.0 0.9 – 0
Glossary /
Appendices:
(2 marks)
Glossary of technical
terms used in the
report is provided
which has generally
acceptable source of
definition of the terms
and appropriate
references are
included. Relevant
Glossary of technical
terms used in the
report is provided
which has mostly
acceptable source of
definition of the terms
and appropriate
references are
included. Some
Glossary of some
technical terms used
in the report is
provided which has
mostly acceptable
source of definition of
the terms and
appropriate references
are included. Some
Glossary of some
technical terms
used in the report is
provided however
terms are not generally
common and some
references are
missing. Some
supporting material is
Most terminologie
are missing.
Appendices are eit
not provided or are
irrelevant.

supporting material is
provided in appendices
to demonstrate the
evidence.
supporting material is
provided in
appendices to
demonstrate the
evidence.
supporting material is
provided in
appendices to
demonstrate the
evidence.
provided in appendices.
Possible marks 2.0 – 1.7 1.6 – 1.5 1.4 – 1.3 1.2 – 1.0 0.9 – 0