Assessment item 2 - Tasks and Forensics Report
Subject- Tasks and Forensics Report assignment help
Task 1: Recovering scrambled bits (10%) (10 marks)
Thia task helps you to test your skills in encryption and decryption of some data that you may encounter in the field of digital forensics. For this task I will upload a text file with scrambled bits on the suject interact2 site closer to the assignment due date. You will need to use some DFT (digital forensics tool) to recover the scrambled bits. First, decide what DFT will be suitable for this task and then start your process. Please note you may need to do few iterations and some trial and test to get the goal. Your bit recovery process will be step by step which means you may not see the whole receovered bits just after one step, you may need to use several steps to recover all bits in the given file. You will be required to restore the scrambled bits to their original order and copy the plain text in your assignment.
Deliverable: Describe the process used in restoring the scrambled bits and insert plain text in the assignment. You can include the screen shots of your working. Include at least in one of the screen shot your i2 site login and username to show it is your work.
Task 2: Digital Forensics Report (20%) (20 marks)
In this major task you are asked to prepare a digital forensic report for the following scenario after carefully reading the scenario and looking at textbook figures as referred below:
In addition, you are also to comment on the ethical issues / implications that may arise during your investigation. See further explanation of this in the deliverables below.
You are working in a Digital Forensic Investigation company, ABC Forensics (you can come up with your own company name if you are not fan of this name) and investigating a possible intellectual property theft by a new employee of Superior Bicycles, Inc. This employee, Tom Johnson, is the cousin of Jim Shu, an employee who had been terminated. Bob Aspen is an external contractor and investor who gets a strange e-mail from Terry Sadler about Jim Shu's new project (shown in Figure 8-5 of the textbook on p. 350). Bob forwards the e-mail to Chris Robinson (the president of Superior Bicycles) to inquire about any special projects that might need capital investments. Chris forwards the e-mail to the general counsel, Ralph Benson, asking him to look into it. He also forwards it to Bob Swartz, asking him to have IT look for any e-mails with attachments. After a little investigation, Bob Swartz forwards an e-mail IT found to Chris Robinson (shown in Figure 8-6 of the textbook on p. 350).
Chris also found a USB drive on the desk Tom Johnson was assigned to. Your task is to search for and determine whether the drive contains any proprietary Superior Bicycles, Inc. data in the form of any digital photograph and/or in any other form such as emails, text, spreadsheets etc as an evidence. In particular, you may look for graphic files such as JPEG on the USB drive
hidden with different format. But during the investigation you also look for other type of data as mentioned above. As a digital forensic specialist, you do not pre-assume that you will (or will not) find what you are looking for. However, you need to make sure that you conduct comprehensive investigation before reaching to any conclusions.
Note for the USB drive image, you need to download the "C08InChp.exe" file from the download section of Chapter 8 on the student companion site of the textbook (Nelson, Phillips, & Steuart, 6/e, 2019).
In order to conduct a thorough investigation, search all possible places where you think that data might be hidden (e.g. in e-mails and USB drive) and recover and present any digital evidence in the report. You may find that some of the files that you found cannot be opened properly or may be damaged or may be made corrupt intentionally, mention such files in your report. You may look at how to repair these files (hint: look at files headers). If you repair a file, mention your report that you have done so usinga specific DFT. You do not need to write the whole repairing process if it is too long. If your current free version of the DFT cannot save large size files, you may consider searching and using other similar DFT that can save the larger size files. Assume that your company does not have the budget to purchase another DFT for this purpose, so you have to go with the free version.