CO4514 Digital Forensic Technology

Assignment 1 - Overview

This assignment comes in two parts.

Part 1 is an online multiple-choice quiz (MCQ) that you must complete on Blackboard.

Part 2 is a short report about evidence acquisition for a specific device.

Part 1 – Online MCQ

Deadline: You must complete the online MCQ no later than 7^th April 2022 before 5pm.

Weight: This test contributes to 40% of the overall assignment mark.

There are 20 questions that all relate to evidence, evidence handling and evidence acquisition. These questions are designed to make sure that you have explored (and preferably understood) different issues that relate to digital evidence.

These questions are designed to ensure that you understand about:

• Standards (ACPO good practice guide, ISO 27037)
• Theory (live vs dead-box; full physical, logical, manual)
• Practice (available acquisition tools; different device types)

Having a good understanding about these issues will help you with the second part of this assignment.

You may complete the test as many times as you like, whenever you like, wherever you like, taking as long as you want to complete it.

Only the last version that you submit will be marked.

Your answers will not be marked until after the deadline is passed. Once your answers have been marked will you find out which questions you have answered correctly.

Part 2 – Short Report

Deadline:  You must complete this short report no later than 19^th April 2022 before 5pm.

Weight: This report contributes to 60% of the overall assignment mark.

Constraint: This report is limited to 600 words.

You must research a specific digital device and discuss how to obtain evidence from that digital device. You will be told which digital device you must research – no two students will be researching the same digital device.

You must use the “CO4514 Assignment One Template” (located on Blackboard) for your short report.

This will require a deeper understanding of the underlying technology. You will be told which device to focus on.

Different devices bring their own challenges when it comes to evidence recovery or evidence acquisition. For example, some devices may support a full physical acquisition, some devices may not, and some devices may require a part acquisition using logical methods.

For this task, you are expected to analyse and understand your digital device, and then postulate ways in which to acquire evidence from this device. Part of your write-up should explain where and how evidence is stored on your device.

You should:

• Provide an overview of the digital device you have been assigned. This overview should focus on the hardware capabilities, and summarise the most important parts in relation to an acquisition of evidence
• Identify what kind of acquisition you can perform. This should be informed by your research and should be one of
  • Full physical
  • Logical
  • Part-image
  • Manual
• Justify why you believe this acquisition technique is the most appropriate for your specific advice. This justification should be informed by your research into the device.
• Identify and justify which tools you would use to obtain evidence from this device.
• Identify how you uphold the ACPO good practice guide principles. Do not repeat the principles here, this should be about YOU and obtaining evidence from your device. Essentially, you should tell me how you would apply the ACPO good practice guide.
• Identify any evidence artefacts you can obtain from your digital device.
• Explain and justify why those artefacts would be useful in prosecuting a crime.

Marking Scheme

The online MCQ is marked quantitatively. You will receive 5 marks for a correct answer and -1 mark for an incorrect answer. You will receive 0 marks for selecting “Do not answer this question”.

The short essay is marked qualitatively and will fall into one of the following categories: