Answered step by step
Verified Expert Solution
Question
1 Approved Answer
ICT378 2022 ASSIGNMENT ICT378 Cyber Forensics and Information Technology Assignment V2- Last Updated April 2022 ICT378 2022 Cyber Forensics & Information Technology 2012 National Gallery
ICT378 2022 ASSIGNMENT ICT378 Cyber Forensics and Information Technology Assignment V2- Last Updated April 2022 ICT378 2022 Cyber Forensics & Information Technology 2012 National Gallery DC Assume that youre a Forensic Investigator given the following case The 2012 National Gallery DC scenario spans approximately 10 days and encompasses two distinct yet intertwined story arcs. The scenario is centered around an employee at the National Gallery DC Art Gallery. Criminal plans for both theft and defacement are discussed amongst actors during the scenario, and evidence may remain across the digital devices they used. Alex, a wealthy businessman with Krasnovian ties contacts Carry, a Krasnovian supporter in the US. Alex is seeking to embarrass America and damage public relations by defacing Foreign Art, belonging to Majavia and currently on display in the National Gallery during the month of July. Alex knows Carry through her Krasnovian parents, who also have strong anti-American sentiment. Alex contacts Carry through her father and recruits her to assist with his cause. He is sending some tourists, Krasnovian militants, to Washington, DC to do the deed. Carry is to develop the plan to get them into the museum with the tools they need to damage the artwork. Tracy works as a supervisor at the National Gallery and is an acquaintance of Carry. Carry contacts Tracy and starts communicating small data as a back and forth under the auspices Assignment Information You must submit your assignment online using the Assignment course tool. You must submit your assignment as ONE word-processed document containing all of the required question answers. You must keep a copy of the final version of your assignment as submitted and be prepared to provide it on request. The University treats plagiarism, collusion, theft of other students work and other forms of dishonesty in assessment seriously. For guidelines on honesty in assessment including avoiding plagiarism, see: http://www.murdoch.edu.au/Curriculum-and-Academic-Policy/Student-Integrity/ ICT378 2022 ASSIGNMENT ICT378 Cyber Forensics and Information Technology Assignment V2- Last Updated April2022 that Carry wants to organize a Flash mob at the gallery and needs a little help. Carry will give money to Tracy for this help. Items transferred are suspicious in nature but not outright illegal. Tracys money troubles help her overlook the suspicious nature of the requests. Subsequently, Tracy has been having an ongoing dialog with her brother about stealing specific items (Stamps) from the National Gallery. Tracy will have correspondence on her work computer, personal phone, and home computer relating to her conspiracy to have some valuable items stolen. Carry is technically savvy in that she knows about steganography tools and encryption. She hides many of her correspondence in steg files and encrypted files. She purchases a tablet computer and sets it up to use her catsumtwelve email account dealings with Alex, setting up the flash mob, Carry is interested in security, schedules, events, and locations where art will be displayed. Unfortunately for everyone involved, Joe, Tracys ex-husband, installed a key logger onto her computer prior to the divorce to monitor Terry, discovers the conspiracy to commit theft and turns her into the police. This reveals the contact between Tracy and Carry leading to Carrys Tablet and phone being seized as well revealing the separate defacing plot. The scenario is terminated upon suspicious activity being reported to law enforcement at which point certain devices are seized and network traffic logs are requested. Suspects Descriptions Tracy Tracy is a recently divorced mother in the middle of a child custody battle. Unfortunately, Tracys daughter is in an expensive private school, which Tracy can no longer afford on her salary. Her ex-husband will only pay for the school if Tracy will give over custody of their daughter to him. Worse, Tracys daughter, Terry, age 15, has stated that she would rather live with her dad if it comes to staying in school. Pat Pat is Tracys brother. He is a police officer of the D.C. Enforcers Bureau. He holds the status of detective. He is very devoted to his sister and niece Terry, to this point he isnt an outright ICT378 2022 ASSIGNMENT ICT378 Cyber Forensics and Information Technology Assignment V2- Last Updated April 2022 criminal, but walks the line very closely. He busted King with some items that were against his parole, but hasnt arrested him on the promise of a future favor. Joe Joe is the father of Terry and is currently going through the divorce with Tracy. Joe is financially well-off, and still bitter about the relationship problems. He previously installed a key logger on the MacBook Air in an attempt to keep track of Terrys online behavior. Now that Joe and Tracy are going through a divorce, he has motivation to utilize the key logger to spy on both Tracy and Terry. Joe used to have an account on the family MacBook Air however it was deleted. The home folder may have been preserved. Alex Alex is a Krasnovian supporter who wishes to embarrass the United States. He is a foreigner and lives outside the country presumably in a region called Krasnovia. He knows Carry through extended family connections and contacts her as both having similar family ties and a fellow Krasnovian. He plans to deface foreign works that are on exhibit in the National Gallery DC. Defacing said artwork will embarrass the United States and possibly degrade the reputation between the United States and the foreign country providing the foreign exhibit to America. (In some documentation this is referred to as Majavia, a second pseudo-nation) Carry Carry is a somewhat criminally involved individual that shares family ties with Alex. She is a Krasnovian supporter. Carry is both technologically savvy and an occasional social media user. She is contacted by Alex in the beginning of the scenario and asked to orchestrate the defacing of the artwork because she is both aligned with Krasnovia and because she has Connections. She has a slight familiarity as friends/acquaintances with Tracy. Terry Terry is the daughter of Tracy and Joe. Terry attends an expensive private school. (Prufrock Preparatory School). She wants to stay in school to avoid having to start over and so that she can keep her current friends, despite the fact that her mother can no longer afford to pay the tuition. Materials Drive Image The materials include disk images of hard drives and both logical and physical images of mobile devices uploaded on the LMS. Network captures were performed using the SSLstrip tool, allowing for capture files to be available with and without encrypted SSL traffic. ICT378 2022 ASSIGNMENT ICT378 Cyber Forensics and Information Technology Assignment V2- Last Updated April 2022 Deliverable Report Task Description You should follow forensics procedures, such as taking a hash of the image before using it and checking regularly to ensure you have not modified it. You can select and use any proprietary or open source tools that you have been introduced to or find yourselves to perform the analysis and extract any evidence present. Your report should detail the investigation process and the findings (including copies of relevant evidence), including obstacles and problems that you encountered and how you overcame them. You can assume that the reader has a light understanding of digital forensics, so any complicated terms/techniques/etc should be explained. You must include some screenshots in your reports with the output of the tools or the processes and when necessary to support/show how you reached your conclusions. Screenshots should not be used to excess they merely serve to demonstrate your understanding of the tools/processes and should be used to support written explanations (not in place of). You will be marked based on the evidence you extract, the use of appropriate tools, the detail of the process, the explanation on its relevance to the case and documentation. Remember, you report should present the information in an unbiased way. Improper handling/validation of evidence would result in loss of marks except where accurately identified and corrected. **This assignment can be accomplished either individually or as a group of up to three students. Marking Rubric: The following table summarizes the marking criteria of the final report. Sections Marks Cover Page, Table of Contents, Executive summary 5 Methodology 10 Findings (use of appropriate tools and details of the process) Discussions (the explanation on findings relevance to the case) Supporting Evidence (accurate data acquisition) 65 Summary & Appendix 10 References & Formatting 10 Total 100 ICT378 2022 ASSIGNMENT ICT378 Cyber Forensics and Information Technology Assignment V2- Last Updated April 2022 Your report should highlight the following areas (these will be assessed): A. Discuss if there is any evidence of any theft and defacement. Explain your position on this. What evidence did you find if any? How sound / reliable do you believe your evidence collection to be? [20 marks] B. Present any evidence in a timeline format, signposting the points where you believe any offence may have occurred and other significant dates/times in the case. Compare any evidence found and timeline information side by side with the different tools available to you (e.g. ProDiscover/ OSFOrensics/ FTK Imager/ Magnet Axiom/ Autopsy, etc) and highlight any differences. Be sure to state the pros and cons of using one tool over the other. [20 marks] C. You were provided with some sets of hard drive images. What do you think has occurred here? What are the differences between the sets of the drive images? How do you think the sets of drive images were created? [20 marks] D. A common defence is that the actions were committed unintentionally or that the perpetrator did not know the actions were illegal. With these possible defences in mind, address how you would respond to these defences. Are there any clues that indicate intent or knowledge of criminal activity? [20 marks] E. Conduct some research into ways that image files (graphic images) could be tampered with. Are there ways that are undetectable, or difficult to detect? Present your findings in a short section written in a formal referenced style. You are only expected to have approximately 5 references (good quality: reputable journal or conference papers). [20 marks] ICT378 2022 ASSIGNMENT ICT378 Cyber Forensics and Information Technology Assignment V2- Last Updated April 2022 Sample Structure for Report Outline: Use the following as a starting point to structure your report Cover Page Title Date Student Name / Student Number Table of Contents Main contents listed with page number Be sure to include visible page numbers on all pages Executive summary Brief Description of the event Brief methodology of the investigation Brief evidence collection and preservation methods Conclusion with short, generalized reasons (like bullet-points) Methodology details Investigation Evidence collection and preservation Finding 1 - Description Discussion (e.g. Inculpatory or Exculpatory) Supporting evidence Finding n - Description Discussion (e.g. Inculpatory or Exculpatory) Supporting evidence Summary and Conclusion Discuss if there is there any evidence of theft and defacement How sound / reliable do you believe your evidence collection to be? Is the person innocent or guilty? Explain your position. Appendix Description of persons of interest (often shown in table format) ICT378 2022 ASSIGNMENT ICT378 Cyber Forensics and Information Technology Assignment V2- Last Updated April 2022 Association Diagram of persons of interest Evidence listing Evidence Timeline (present any evidence in a timeline format, signposting the points where you believe any offence may have occurred and other significant dates/times in the case). Software and tools used in the investigation Other important listings and information as needed References: Your report should be your own, and you should use appropriate citation and referencing formats. All sources that you use as supporting material to your reports must be referenced according to the convention. Failure to do so will result in the loss of marks! You should use APA as a referencing style. The IEEE format is also acceptable. Formatting: 1. Paragraph text: Font size 12 with Calibri or Times New Roman font. 1.5 line spacing. Justify alignment (ctrl+j in word). 2. Use Word (or equivalent) styles for headings, paragraphs, etc., to ensure consistency. 3. Number chapters (1, 2, etc.) and sub-chapters (e.g. 1.1, 2.1, 2.2) andconsistently. 4. Figures should have a figure number and a caption (right click and insert a caption inWord). 5. Write in the third person. 6. Word limit: maximum 3500 words. Note that the word limit for group work is maximum 5500 words
Attachments:
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started