Cyber Forensics

School of Engineering and Information Technology ASSIGNMENT COVER SHEET  Please complete and insert this form as the first page of EACH electronic assignment.  Submit the assignment with attached coversheet electron ...

School of Engineering and Information Technology ASSIGNMENT COVER SHEET  Please complete and insert this form as the first page of EACH electronic assignment.  Submit the assignment with attached coversheet electronically as per the instructions in the Assignment Question sheet.  Please make sure you keep a copy of the assignment. Student Details Surname Yeoh Given name Jia Le Student Number 32954688 Email Assignment details Unit name Cyber Forensics and Information Technology Unit Code ICT378 Unit Coordinator Glies Oatley Tutor/Tutorial time Ronald Kevin Shiflet Due date/time 3 April 2017 Submission date Assignment title Cyber Forensics and Information Technology Assignment 1 Other information All forms of plagiarism, cheating and unauthorized collusion are regarded seriously by the University and could result in penalties including failure in the unit and possible exclusion from the University. If in doubt, please contact the Unit Coordinator. Student’s Declaration Please double click on all the check boxes. Except where I have indicated, the work I am submitting in this assignment is my own work and has not been submitted for assessment in another unit. This submission complies with Murdoch University policies regarding plagiarism, cheating and collusion. I have retained a copy of this assignment for my own records. 1Table of Contents Cover Page..........................................................................................................1 Table of Contents.................................................................................................2 Abstact (Summary)..............................................................................................3 Section A - Investigate report .................................................................................................................................4-20 Chain of custody......................................................................................................................................................4 Suspicious elements of evidences found in Jo-2009-11-19 ad1 and ad2 drive images.......................................4-14 Suspicious elements of evidences found in Jo-2009-12-01 ad1, ad2 and ad3 drive images.............................15-17 Suspicious elements of email evidences found in Jo-2009-11-19 E01 drive images.........................................18-19 Suspicious elements of email evidences found in Jo-2009-12-01 E01 drive images.........................................19-20 Section B...............................................................................................................................................................21-24 Total of 3 timeline charts..................................................................................................................................21-24 Pros and Cons of using the two software tools......................................................................................................25 Section C....................................................................................................................................................................26 Section D....................................................................................................................................................................27 Section E...............................................................................................................................................................28-29 References.................................................................................................................................................................30 Appendix A........................................................................................................31 Appendix B........................................................................................................31 2Abstract (Summary) This report has those elements of the evidences in the analysis results. Where can be found the controlled computer where can be suspected of perpetrator for his illegal actions and creating sabotage. The analysis of the evidences was conducted. Which need to use through different software tools such as OSForensics and AccessData FTK imager to search, analyse and check of any digital evidences in those two drives images. Furthermore, those digital evidences have copied of elements in the controlled computer and rebuilding up those activities. Where the suspect can be involved and examined in security processes. With this report would have the timeline with the supporting evidences. Which could justify if the suspect is being guilty or not. In addition, the suspect can be subjected to create by playing sabotage with behind the evidences.