SIT 282 University of Waterloo Computer Crime and Digital Forensics Essay

User Generated

SP23FQP

Computer Science

SIT 282

University of Waterloo

SIT

Description

Unformatted Attachment Preview

SIT282- Computer Crime and Digital Forensics T2 2019 Assessment Task 2 Case Investigation and Recommendation Report Due: Sunday October 3rd at 11.59pm (end of week 11). Total Available Marks: 35, Weighting 35% General Requirements Please use the “Assessment_Task_2_TEMPLATE” file provided in the assessments folder on the Unit Site to complete this assessment. • • • • • • • NO EXTENSIONS allowed without medical or other certification. LATE ASSIGNMENTS will automatically lose 5% per day up to a maximum of five days, including weekends and holidays. Assignments submitted 6 or more days late will not be marked and are given zero. The virtual machine used for the practicals contains all the tools required to complete this assessment task. Ensure you take screenshots of your work for evidence and that these are legible in your report. To complete this assessment you will need to have followed the theoretical material and completed the practicals for weeks 7-9. This assessment covers material up to the week ending September 13th. Your submission must be in a PDF format. Maximum size of your submission should be 15 pages excluding the cover page but including screenshots, table of contents, 2 page digital forensic report prepared for Sandra (refer to item 7 on the next page) and references. The font size should be no less than 11pt. • No mark will be given if you fail to show the evidence of your work-out. i.e. the process carried out to produce your solution. The report should be written so the steps performed are reproducible. • • Ensure you keep a backup copy of your work. Plagiarism is not tolerated. For information on Plagiarism and Collusion including penalties please refer to the link: http://www.deakin.edu.au/students/clouddeakin/helpguides/assessment/plagiarism The APA Referencing Style is to be used for this assignment where appropriate. https://www.deakin.edu.au/students/studying/study-support/referencing/apa-6 • Help with the assessment If you require assistance please ask your instructors (Burwood students ask your practical demonstrator; Geelong and Cloud students ask Damien Hutchinson). We will NOT answer questions that are requesting answers or solutions. A question MUST be substantiated with evidence that work has been attempted relating to the question being asked. The marking rubric is attached to the submission link on the Unit site. This provides a detailed structure for successfully completing the assessment. Be sure to refer to the relevant section of the rubric when asking a question. The only other advice is to ensure you do not leave this until the final days before the due date. THE CASE: The hazardous materials team is called suddenly at 3a.m. May 10 to a warehouse behind Roma St station in Brisbane. Team member Moti identifies the scene as a drug manufacturing location, and the people there have hurriedly packaged up the loose powders they were working with, leaving traces on the floor and across many desk surfaces. Moti makes a decision not to call the forensic squad in when he sees the drug traces, because he suspects the drug is at the top of the current most dangerous list and he needs to take samples back to his lab for analysis before identifying it. However, Moti is familiar with the protocol when there is a computer in the area, and calls his colleague Sandra, waking her at 3:17a.m. to walk him through a capture of computer data for forensic analysis. He is able to shut down the laptop, and removes it from the scene along with several CDs found in the desk. Later that day, Sandra analyzes the laptop and CDs in the police forensics lab. The computer is equipped with Windows and only a basic Word document facility and Internet Explorer, a program called “OpenPuff”, and has software for showing DVDs and image files. No documents appear to have been stored on the machine. Three of the CDs are actually DVDs with recent movies. The fourth contains a suspicious ZIP file. Sandra makes three forensic copies of all the data and stores two of them safely in the lab. She then delegates the laptop and CDs to various staff members for analysis, distributing the third copies to them. As most of the staff are also involved in a large on-going investigation she decides to ask for the help of an additional team member who is holidaying overseas. You receive a secure e-mail from Sandra with an attachment containing two NTLM hash strings retrieved from the criminal’s laptop, the ZIP file from one of the CDs along with a request to analyse it as quickly as possible for any pertinent information, and an apology for interrupting your holiday. The two NTLM hashes are: D6A21EA26063C42FC9876E4B0C51BC82:CA72B189F412A384D96B785A08176773 and 8282461A2BDAF626E6067B973FDDC643:5C305D4616C7571D5DDC6EEA5BA5C395 TO DOWNLOAD A COPY OF THE ZIP FILE IN THE EMAIL ATTACHMENT COPY AND PASTE THIS URL INTO A WEB BROWSER: http://www.deakin.edu.au/~zoidberg/2019A02.zip And you are advised that the MD5 hash value of the executable file should be 9ec1c8f62429182349f3979c39aed8fb Analyze this file and report your findings using the outline below. (For marking purposes, it is strongly recommended that you follow this outline.) DIGITAL FORENSIC PROCEDURE 1. Explain how you downloaded the file, what precautions you took, and how you ensured its integrity. 2 mark 2. Describe how you decrypt the two given NTLM hash values by using OphCrack including screen shots. 3 marks 3. Describe the process that you apply to open the downloaded file. Describe whether there is a relationship between this process and the information obtained in Step 2. 3 marks 4. Describe the actual content of the encrypted file that you identified in Step 3. If there are multiple files, list their file names, types and MD5 hash values. Describe the visual contents in each file. 4 marks 5. What tools will you now use to proceed your investigation and why? 3 mark 6. Describe how your investigation proceeded at this point, including screen shots. 12 mark. DIGITAL FORENSIC REPORT 7. Write a two page report for Sandra listing your findings and recommendations. Make appropriate suggestions on how a further investigation should proceed. Construct and complete a single-item evidence form as part of your report. 8 marks SIT282 Computer Crime and Digital Forensics ASSIGNMENT 2 TEMPLATE This document has been provided as a template to complete assignment 2. The template has been designed to take you through the process of conducting and reporting on a forensic investigation. In order to be eligible to receive full marks all sections must be completed. [Insert Report Title, Table of Contents, and Name of Investigator here] DIGITAL FORENSIC PROCEDURE 1. Explain how you downloaded the file, what precautions you took, and how you ensured its integrity. File Download Procedure Precautions Applied Method used to ensure Integrity 2. Describe how you decrypt two given NTLM hash values by using OphCrack, including screen shots. 3. Describe the process that you apply to open the downloaded file. Describe whether there is a relationship between this process and the information obtained in Step 2. Steps performed to open the file were: 1. 4. Describe the actual content of the encrypted file that you identified in Step 3. If there are multiple files, list their file names, types and MD5 hash values. Describe the visual contents in each file. Content description File Name File Type MD5 Hash Value 5. What tools will you now use to proceed your investigation and why? Tool Reason 6. Describe how your investigation proceeded at this point, including screen shots. Note. Clearly identify the steps that were performed and evidence found supported by screen shots. DIGITAL FORENSIC REPORT 7. Write a two page report for Sandra listing your findings and recommendations. Make appropriate suggestions on how a further investigation should proceed. Construct and complete a single-item evidence form as part of your report. Note. The single evidence form provided below is included as part of the two page report. Prepare your report for Sandra using the following headings as a guideline: • • • • • Recommendation(s) – what needs to be done back at the lab (since you did this from your holiday destination) Summary of steps that were performed (can use bullet points for this) Brief description/summary of what was recovered Your interpretation of what was recovered in relation to the case Appropriate suggestions on how a further investigation should proceed Evidence Form (Figure 1-11 of the text) This form is to be used for only one piece of evidence. Fill out a separate form for each piece of evidence. Case No: Unit Number: Investigator: Nature of Case: Location where evidence was obtained: Item # Description of evidence ID Evidence Recovered by: Evidence Placed in Locker: Evidence Processed by Vendor Name Model No/Serial No. Date & Time: Date & Time Description of Evidence Date & Time Page __ of __< -end of template - COSC 414 Project 1, 2021W1 “Super Bug Zapper” Due Date: October 15, 2021 Using WebGL and JavaScript (but not three.js), and the mathematics package that comes with the textbook, develop a two-dimensional interactive game with the following features: 1. The playing field starts as a circular disk centered at the origin. 2. The player views the disk from above. 3. Bacteria grow on the circumference of the disk starting at an arbitrary spot on the circumference and growing out uniformly in each direction from that spot at a speed determined by the game. 4. The player needs to eradicate the bacteria by placing the mouse over the bacteria and hitting a button. 5. The effect of the poison administered is to immediately remove the poisoned bacteria. 6. The game can randomly generate up to a fixed number (say 10) of different bacteria (each with a different color). 7. The bacteria appear as a crust on the circumference of the disk. 8. The game gains points through the delays in the user responding and by any specific bacteria reaching a threshold (for example, a 30-degree arc). 9. The player wins if all bacteria are poisoned before any two different bacteria reach the threshold mentioned above. A well-developed implementation for the above will earn a grade of 80%. To get higher grade, two of the following should be completed in addition (each feature successfully completed adds 10%). 1. The effect of the poison administered also propagates outward from the point of insertion of the position until all the bacteria are destroyed. 2. When two bacteria cultures collide, the first one to appear on the circumference dominates and consumes the later generated bacteria. 3. When a bacterial culture is hit, use a simple 2D particle system to simulate an explosion at the point where the poison is administered. Notes: 1. A class demonstration is required for each game. 2. Students may work in teams of up to three. Electronic submission of source code and documentation will be through Canvas: 1. Submit ONE compressed file (.zip only). 2. This .zip file should contain all your source files plus the files specified in 3 below and the files should be correctly placed so that the program runs from a browser. 3. Include in your submission two .doc (or .docx or .pdf) files: one for a user guide and one for a gallery of screen captures (with at most a 3-line explanation of each image). The screen captures should be complete and illustrate all aspects of the project requirements sufficient for marking needs.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.
View attached explanation and answer. Let me know if you have any questions.

Running Head: COMPUTER CRIME AND DIGITAL FORENSICS
SIT282 Computer Crime and Digital Forensics

Computer Crime and Digital Forensics
Student’s name
Institute
Course
Date

1

COMPUTER CRIME AND DIGITAL FORENSICS

2

Contents
DIGITAL FORENSIC PROCEDURE .................................................................................. 3
File Download Procedure .......................................................................................................... 3
Precautions Applied ................................................................................................................... 3
The method used to ensure the integrity ................................................................................ 3
Working out the NTLM hash values ......................................................................................... 4
Tables selection .......................................................................................................................... 5
Loading up single....................................................................................................................... 5
Loading 1st hash ......................................................................................................................... 6
Decrypting 1st hash .................................................................................................................... 6
Loading second hash value ........................................................................................................ 7
Depicting both recovered passwords ......................................................................................... 7
Steps performed to open the file were: ...................................................................................... 8
Content description .................................................................................................................... 8
Contents of encrypted files from step 3 ................................................................................. 8
Files and MD5 hash value.......................................................................................................... 8
Marking revelation ..................................................................................................................... 9
Steps in using the OpenPuff software .................................................................................... 9
Loading up carrier files ........................................................................................................ 10
Selection of carrier files ....................................................................................................... 10
Checking carrier files ........................................................................................................... 11
Completion of carrier files checking.................................................................................... 11
Report................................................................................................................................... 11
End of checking report ......................................................................................................... 13
DIGITAL FORENSIC REPORT............................................................................................. 13
NTLM hashes relevance ...................................................................................................... 13
Zip file MD5 hash value relevance ...................................................................................... 13
List of files ............................................................................................................................... 14
Intrigues to further investigations ............................................................................................ 14
Study of recovered markings on image files........................................................................ 14
Further analysis on recovered laptop ......................


Anonymous
I was stuck on this subject and a friend recommended Studypool. I'm so glad I checked it out!

Studypool
4.7
Indeed
4.5
Sitejabber
4.4

Similar Content

Related Tags