- May 15, 2020
IFN643 Assignment 2 Specification Due Date: 6th October 2019 Weighting: 30% This assignment is worth 30% of the total assessment for the unit. It is individual work. While you can discuss the assignment with your tutors and peers, your submission must be your own original work. You should provide evidence of your own work incorporated in your submission. The objective of this assignment is to gain knowledge and understanding of digital forensics through research and practical experience. This understanding is to be demonstrated by submission of a formal technical report of an analysis of digital forensics artifacts and a brief essay on recent advanced in digital forensics. Background While investigating mysterious activities in the world diamond market, British Secret Service agent James Bond, best known by his code number 007, has discovered that his evil nemesis Ernst Blofeld, head of the global criminal organisation SPECTRE, is stockpiling the gems to use in his deadly laser satellite. With the help of beautiful smuggler Tiffany Case, Bond has set out to stop the madman—the fate of the world hangs in the balance! Task 1 Bond has intercepted a transmission (in a pcap file) from the Whyte House, a casino-hotel owned by the reclusive billionaire Willard Whyte. Bond suspects that SPECTRE agents have been communicating through the Whyte House. Your task as the security analyst within the digital forensics division of MI5 is to answer Bond’s questions. 1. What was the first communication between the suspected SPECTRE agents? 2. What did the suspected SPECTRE agents exchange? 3. What was used to blackmail Tiffany Case? 4. Who is Putter Smith? 5. What mail client does Putter Smith use? 6. What was the operating system running on Tiffany Case’s PC? 7. What was Tiffany Case looking at that she shouldn’t be? 8. What was in the trash directory? 9. What was in the encrypted transfer by Willard Whyte? 10. Is Willard Whyte working for SPECTRE? 11. Create a detailed map of the network, including IP addresses, hostnames and services as well as suspected owners of each host. 12. Create a detailed timeline of the significant events that take place in the captured transmission. As part of the answer for each of these questions you must include • A clear description of the evidence for your answer. • A detailed description of the process that you followed and the tools that you used to obtain the evidence. Task 2 After the Diamond affair and the key part digital forensics played in the outcome of that situation, Q has decided that more funding should be allocated to the digital forensics department. He has asked you to review the latest research (the last 3 years) in the digital forensics area. Your review should also describe a specific project which is important for future investigations. Your task is to write a brief essay indicating where MI5 funds should be invested. Select one topic in digital forensics. This may include the following list but is not limited to: • Disk Forensics • Memory Forensics • Network Forensics • Mobile device forensics • Cloud Forensics • SDN Forensics • Internet of Things Forensics Your essay on recent advances in digital forensics should not exceed 2000 words (approximately 4 pages) but it should include the following main headings: • Introduction • Review of Previous Research • New Digital Forensics Project • Conclusions and Recommendations Submission Please submit your assignment via the IFN643 Blackboard web site under the Assessment section. Only a report, preferably in one PDF file, is to be submitted. The quality of the presentation of a formal technical report is as important as the quality of the technical content of the report in the profession. Your assignment will be assessed on: 1. The body text of your report should be no more than 16 pages in length excluding appendices; 2. The text of your report should be in 12-point Times New Roman or 11-point Arial font or something equivalent, and in single space; 3. Page size is A4 with 2cm in margins on all sides; 4. The report is suggested to be organised with cover page, executive summary within one page (including a statement of completion), table of contents, body text, and appendices; 5. The body text consists of your direct answers to questions in each task followed by the overall analysis of each task and the description of how you went about completing each task. It should be self-contained and understandable without reading the appendix; 6. Screenshots that are used as evidence must be clearly visible and easy to read.