Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Assessment 2: Case Study Due date: Week 10 Group/individual: Individual Word count / Time provided: 3000 words Weighting: 40% Unit Learning Outcomes: ULO-1, ULO-2, ULO-3,

Assessment 2: Case Study
Due date: Week 10
Group/individual: Individual
Word count / Time provided: 3000 words
Weighting: 40%
Unit Learning Outcomes: ULO-1, ULO-2, ULO-3, ULO-4
Assessment Details: The student needs to analyze a case to identify appropriate course of action to investigate using appropriate tools and techniques to investigate a digital forensic case. They must apply a digital forensics methodology to a forensic investigation, appraise the legal issues involved in a forensic investigation and prepare an outline of a professional digital forensic plan and an investigation report. In this assessment, you will work as a digital forensic team member to investigate a case. Case Study: Cyber Attack on a Financial Institution Targets data breach occurred in 2013. This cyber-attack was one of the most significant data breaches in history, with hackers stealing the personal and financial information of over 110 million Target customers. The forensic audit after the attack revealed that the hackers gained access to Target's payment processing system through a vulnerability in the company's network. The hackers then installed malware on Target's point-of-sale systems, which allowed them to capture the credit and debit card information of Target customers as it was being transmitted to the company's payment processors. The forensic audit also revealed that Target had failed to detect and respond to multiple warnings and alerts from its security systems, which could have prevented or mitigated the damage caused by the attack. The forensic audit findings led to significant changes in Target's cybersecurity policies and practices, including implementing more robust security controls and appointing a new chief information security officer. Additionally, Target agreed to pay $18.5 million in a settlement with state attorneys general over the breach, and the company faced numerous lawsuits from affected customers and shareholders. Overall, the Target data breach highlighted the importance of proactive security measures, effective incident response protocols, and the potential consequences of inadequate cybersecurity practices. As part of the duties of a digital forensics examiner, creating an investigation plan is standard practice. Write a two-page report that describes how you would organise an investigation for the above case. In addition, list methods you plan to use to validate the data collected from drives and files, such as Word and Excel, with hashes. Specify the hash algorithm you plan to use, such as MD5 or SHA-1. Use your problem-solving and brainstorming skills to determine a procedure to follow. Write a short report outlining what to do. Write a report describing the procedures for retrieving the evidence with some of the forensics tools and hexadecimal editors. If you were to reverse engineer this attack, Research which types 2 hypervisors, OS and forensics tools you would use; what precautions can you take? What additional resources, such as other experts, might you need to collect data for this investigation? Write a one-page paper outlining what resources you should consider helping you with the evidence collection process. What is CVE identifier CVE-2013-0343 and explain how you can use the attack framework to analyse the attack process further. For this attack, what security controls do you recommend to be strengthened? Write an opinion paper of at least two pages describing your findings in the case above, Include the facts that support your opinion and explain how you arrived at this conclusion Marking Criteria and Rubric: The assessment will be marked out of 100 and will be weighted 40% of the total unit mark Forensics Report
Marking Criteria Excellent (85-100%) of the criterion mark Very Good (75-84%) of the criterion mark Good (65-74%) of the criterion mark Satisfactory (50-64%) of the criterion mark Not satisfactory (0-49%) of the criterion mark
investigation plan (10 marks) An excellent plan covering all aspects of the report. A clear, correct, simple and understandable flow of events is presented. A very professionally written plan covering all aspects of the report. A clear, correct, simple and understandable flow of events is presented. A written plan covering most aspects of the plan. A clear, correct, simple and understandable flow of events is presented. A good plan covering most aspects of the report is included. A clear plan is presented. The plan is not clear and does not cover aspects of the report. Plan is not presented or is not correct.
list methods you plan to use to validate the data (10 marks) The list is excellent, all elements required in the list are present, well expressed, comprehensive and accurate. All elements are present and largely accurate and well expressed. All elements are present with few inaccuracies. Most elements are present with some inaccuracies. Fails to satisfy minimum requirements of methods.
Specify the hash algorithm, Why? (10 marks) Description of analysis is clear and appropriate hashes and techniques are selected. Description of analysis is clear and mostly appropriate hashes and techniques are selected. Description of analysis is clear and mostly hash programs and techniques are selected. Description of analysis is not completely relevant. Little or no hash algorithm provided. Fails to satisfy minimum requirements of analysis and hash selection.
short report on procedure, describing the procedures for retrieving the evidence (20 marks) Detailed procedures are provided. Keywords and string searches are listed very clearly. Evidence found are very convincing. A clear, concise, and articulated explanation of all the procedures is provided. procedures are provided, keywords and string searchers are listed. Evidence is sound. Ownership is clear. A clear, concise, and articulated explanation of all the procedures is provided. procedures are provided, some keywords are listed. Evidence is reasonable which relates to the ownership. A clear and articulated explanation of most of the procedures is provided. procedures are provided but are vague. Keywords and strings are not clear. Evidence found may be questionable. An articulated explanation of some of the procedures is provided. Fails to satisfy minimum requirements providing procedures and evidence.
2 hypervisors, OS and forensics tools you would use; what precautions can you take (10 marks) Detailed OS, Hypervisors, and forensic tools are listed very clearly. Precautions taken are very convincing. A clear, concise, and articulated explanation is provided. OS, Hypervisors, and forensic tools are listed clearly. Precautions taken are convincing. A clear, concise, and articulated explanation is provided. OS, Hypervisors, and forensic tools are listed. Precautions are reasonable. A clear explanation is provided. OS, Hypervisors, and list of forensic tools are vague. Precautions described may be questionable. An articulated explanation of some is provided. Fails to satisfy minimum requirements providing tools and precautions.
What Additional resources, such as other experts, to collect data for this investigation (10 marks) The list is of additional resources is excellent, all elements required in the list are present, well expressed, comprehensive and accurate. All elements of additional resources are present and largely accurate and well expressed. All elements of additional resources are present with few inaccuracies. Most elements of additional resources are present with some inaccuracies. Fails to satisfy minimum requirements of additional resources.
What is CVE identifier CVE- 2013-0343 and explain how you can use the attack framework to analyse the attack process further. what security controls do you recommend to be strengthened (10 marks) Detailed explanation of the CVE and the use of attack framework are provided. Analysis elements are listed very clearly. Recommendations of security controls are very convincing. A clear, concise, and articulated explanation is provided. Explanations of the CVE and the use of attack framework are provided, analysis elements are listed. Recommendations of security controls are sound. A clear, and articulated explanation is provided. Explanations of the CVE and the use of attack framework are provided, some analysis elements are listed. Recommendations of security controls are reasonable. A clear explanation is provided. Explanations of the CVE and the use of attack framework are provided but are vague. Analysis elements are not clear. Recommendations of security controls may be questionable. An articulated explanation is provided. Fails to satisfy minimum requirements providing explanations.
two pages describing your findings in the case above, Include the facts that support your opinion and explain how you arrived at this conclusion (10 marks) High level summary of findings is provided which is consistent with the facts. Well summarized findings and mostly consistent with the facts. Good summary of findings. Able to relate the facts. Satisfies the minimum requirements. findings are not consistent with the facts. Fails to satisfy minimum requirements of summarizing the findings.
References: Must cite references to all material used as sources for the content. (10 marks) APA 7th edition referencing applied to a range of relevant resources. No referencing errors. Direct quotes used sparingly. Sources all documented. APA 7th edition referencing applied to a range of relevant resources. No more than 2 referencing errors. Direct quotes used sparingly. Sources all documented. APA 7th edition referencing applied to a range of relevant resources. No more than three errors. Direct quotes used in- context. All sources are documented. APA 7th edition referencing applied to a range of relevant resources. No more than 4 errors. Direct quotes used in- context. Some sources documented. Referencing not done to the APA 7th edition standard. Over-use of direct quotes. Range of sources used is not appropriate and/or not documented.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Students also viewed these Programming questions

Question

What is the decision variable for this problem?

Answered: 1 week ago