首页 > > 详细

辅导COMP3721-Assignment 2讲解php

Individual Assignment COMP3721 - Enterprise Information Security 
EIS and EIS(GE) Assignment 2 
Forensic Analysis 
Step One: 
Create forensic reports of the user folder using bulk extractor. DO NOT EXAMINE YOUR 
WHOLE DISK 
On a Windows system this is 
C:\Users\ 
On a Mac system this is 
/Users/ 
Note that these paths may be different depending on your system’s configuration. 
Step Two: 
Analyse the information in the generated reports. 
What information can you find? For example 
ˆ who are the users? 
ˆ what personal information is found? 
ˆ which Internet sites have been visited? 
ˆ which communication trails are found? 
ˆ what are the users’ hobbies or interests? 
ˆ what did you find that surprised you? 
ˆ did you find potential threats? 
For each step in your analysis make detailed notes for your forensic report. 
Other tools may be used, such as grep (grepWin or greppie), Hex editor (HxD or 0xED), ExifTool, 
SleuthKit (Autopsy) 
Step Three: 
Write the Case Report which should contain these headings 
The Case Summary In the case summary, the basic information about the situation is briefly 
described. What happened to lead to an investigation being launched? Remember you are 
role playing a digital forensic analyst. 
Acquisition and Preparation The report goes into the steps taken in preparing the devices and 
media for examination and how the examination of the materials was conducted. This section 
of the final report summarises the details that are in the various examinations logs that were 
collected along the way. It is not necessary to be quite as detailed here, but it is important 
that no steps be left out. You should not include details of sensitive information in the 
1 COMP9721 - Enterprise Information Security GE 
Individual Assignment COMP3721 - Enterprise Information Security 
report. Details that should be included are any actions taken prior to evidence acquisition 
(such as photographic records; how the media where forensic copies were stored was prepared, 
including what tools were used to protect and/or sanitise the media; before/after hash values 
of disk images examined; tools that were used for making images; individual steps that were 
taken during each process. 
Include times and dates that evidence items were handled. 
Findings The findings section is not a place for coming to conclusions. This is only where the re- 
sults of the various tests, examinations, and procedures are reported. As with the preparation 
stage, it is necessary to document what tools were used and what steps were taken, but not 
a minutely detailed description. 
The process used in any given file search should be described, including such details as search 
strings used, Boolean operators used, and so forth. Rather than list each and every file found 
during the search, a summary of findings, including the number and types of files found, is 
in order. The results of an Internet search would include a listing of any Web sites visited 
by users on the target system, organised by user. A histogram of Internet activity could be 
included to show where most activity occurred. 
Conclusion The summary is where the investigator presents the interpretation of the facts. The 
“how” and “why” parts of the story are filled in. 
At this point, the writer of the report may need to do more than present facts about what was 
found. As with all other sections in this report, the expression of opinions should be reserved. 
However, this is the one place in the report where a professional opinion might be required. 
The conclusion should tie all other sections together. The final report should indicate that 
the investigation was thorough and complete. 
Assessment 
This assignment contributes 30% of your overall assessment for the topic. The grading for this 
assignment will be according to the University rating scheme [HD, DN, CR, P, F]. 
You are required to submit the Case Report in a PDF file to the assignment box on FLO by 
Monday Week 10, 9:00am 
Ensure that you have appropriate identification of your work, which includes full identification 
information {StudentID, Name, FAN} 
There is no set word count. It depends on what you find and how you interpret it. However, be 
concise! 
2 COMP9721 - Enterprise Information Security GE 

联系我们 - QQ: 99515681 微信:codinghelp
程序辅导网!