Place Order

COMP30202 – Coursework 1 – 2020-2021

 

Work handed in up to five working days late will be given a maximum Grade of Low Third whilst work that arrives more than five working days will be given a mark of zero.

 

Work will only be accepted beyond the five working day deadline if satisfactory evidence, for example, an NEC is provided. Any issues requiring NEC https://ntu.ac.uk/current_students/resources/student_handbook/app eals/index.html

 

The University views plagiarism and collusion as serious academic irregularities and there are a number of different penalties which may be applied to such offences. The Student Handbook has a section on Academic Irregularities, which outlines the penalties and states that plagiarism includes:

 

“The incorporation of material (including text, graph, diagrams, videos etc.) derived from the work (published or unpublished) of another, by unacknowledged quotation, paraphrased imitation or other device in any work submitted for progression towards or for the completion of an award, which in any way suggests that it is the student’s own original work. Such work may include printed material in textbooks, journals and material accessible electronically for example from web pages.”

 

Whereas collusion includes:

 

“Unauthorised and unacknowledged copying or use of material prepared by another person for use in submitted work. This may be with or without their consent or agreement to the copying or use of their work.”

 

If copied with the agreement of the other candidate both parties are considered guilty of Academic Irregularity.
 

Penalties for Academic irregularities range from capped marks and zero marks to dismissal from the course and termination of studies.

 

To ensure that you are not accused of plagiarism, look at the sections on Plagiarism Support and Turnitin support.

 

 

 

 

 

 

 

 

 

I. Assessment Requirements

 

This assignment allows you to build your knowledge and critical evaluation of processes and procedures used in computer forensics. To pass the coursework you must demonstrate your understanding of the whole Computer Forensics process.

 

This is an individual coursework.

 

Your report should not exceed 3500 words (excluding figures, tables and any references). If references are included, they should be cited in an approved style such as the Harvard Referencing System. You should submit your report to the module Dropbox in NOW before the submission deadline.

 

 

 

Assessment Scenario/Problem

 

The date is 1 July 2004[1]. You have been called in by an organisation that suspects one of its staff members is breaking organisational policy.

The staff member has joined a strange religious group that considers geometric shapes to be very important. The staff member was warned in May 2004 against using organisational resources to create, store, search the Web for or disseminate pictures of such shapes.

 

  1. You arrive at the scene which looks as shown in the photos below.
  2. a) Explain what you would do, and why.
  3. b) Include a list of the equipment you should have brought with you.

 

 

 

 

 

 

  1. You decide to create a forensic image of the computer’s memory. Explain what you would do, and why.
  2. a) Make a list of the types of evidence that you might search for to determine if the staff member has continued to breach organisational policy.

The computer provides no useful evidence. Next, you create a forensic image of one of the memory sticks.

Download image cwk1.dd from NOW. Assume this is the image that you created from the memory stick.

  1. b) Analyse it using Autopsy or any other tool you choose.
  2. c) Present a table listing what you found during your analysis.
  3. Report any relevant evidence that you found including any conclusions that you believe can be drawn.
  4. There are also other reports you should produce and submit apart from the evidence report. Provide a list of these reports and show 2 or 3 entries from EACH report. You may invent the data that is presented in these entries.

 

 

 

Assessment Marks Breakdown

 

Marking allocation: Each of the five items in this list is worth 20% of the overall mark. See the attached marking grid for more details

 

 

 

 

  1. Assessment Criteria
       
Marking criteria

 

 1st 2:1 2:2 3rd High fail near miss Fail ZERO                     Work of no merit or absence

 
Stage 1 – search (20) Excellent knowledge and understanding of the required relevant procedures and justify/prioritise their relevance as the student is typically able to go beyond what has been taught (particularly for a mid/high Distinction)

Complete list of equipment

 A very good knowledge and understanding of relevant procedures; demonstrates a high level of understanding. Almost complete list of equipment. A good knowledge and understanding of relevant procedures demonstrates a competence in understanding. Adequate list of equipment. Some knowledge and understanding of relevant procedures; descriptions are adequate but may indicate a lack of understanding. Incomplete list of equipment. Insufficient knowledge of relevant procedures; the student is typically unable to relate relevant facts/concepts or apply known/taught or researched contexts. Little or no equipment listed. Highly insufficient knowledge or understanding of procedures or how these relate to the Computer Forensics  field in general; understanding is typically at the word level with facts being reproduced in a disjointed or decontextualised manner.
Stage 2 – seizure (20) Excellent knowledge and understanding of the required relevant procedures and justify/prioritise their relevance as the student is typically able to go beyond what has been taught (particularly for a mid/high Distinction) A very good knowledge and understanding of relevant procedures; demonstrates a high level of understanding A good knowledge and understanding of relevant procedures demonstrates a competence in understanding Some knowledge and understanding of relevant procedures; descriptions are adequate but may indicate a lack of understanding Insufficient knowledge of relevant procedures; the student is typically unable to relate relevant facts/concepts or apply known/taught or researched contexts Highly insufficient knowledge or understanding of procedures or how these relate to the Computer Forensics  field in general; understanding is typically at the word level with facts being reproduced in a disjointed or decontextualised manner.
Stage 3 – analysis (20) Excellent knowledge and understanding of the required relevant procedures and justify/prioritise their relevance as the student is typically able to go beyond what has been taught (particularly for a mid/high Distinction). Excellent list of expected evidence; complete table of evidence. A very good knowledge and understanding of relevant procedures; demonstrates a high level of understanding. Very good list of expected evidence; near-complete table of evidence. A good knowledge and understanding of relevant procedures demonstrates a competence in understanding. Adequate list of expected evidence; table of evidence is more than 50% complete Some knowledge and understanding of relevant procedures; descriptions are adequate but may indicate a lack of understanding. Poor list of expected evidence; table of evidence is 20%-50% complete Insufficient knowledge of relevant procedures; the student is typically unable to relate relevant facts/concepts or apply known/taught or researched contexts. Little or no expected evidence; table of evidence is less than 20% complete Highly insufficient knowledge or understanding of procedures or how these relate to the Computer Forensics  field in general; understanding is typically at the word level with facts being reproduced in a disjointed or decontextualised manner.
Stage 4 – evidence reporting (20) Excellent knowledge and understanding of the required relevant procedures and justify/prioritise their relevance as the student is typically able to go beyond what has been taught (particularly for a mid/high Distinction) A very good knowledge and understanding of relevant procedures; demonstrates a high level of understanding A good knowledge and understanding of relevant procedures demonstrates a competence in understanding Some knowledge and understanding of relevant procedures; descriptions are adequate but may indicate a lack of understanding Insufficient knowledge of relevant procedures; the student is typically unable to relate relevant facts/concepts or apply known/taught or researched contexts Highly insufficient knowledge or understanding of procedures or how these relate to the Computer Forensics  field in general; understanding is typically at the word level with facts being reproduced in a disjointed or decontextualised manner.
Parallel stage: other reports (20) Excellent knowledge and understanding of the required relevant procedures and justify/prioritise their relevance as the student is typically able to go beyond what has been taught (particularly for a mid/high Distinction) A very good knowledge and understanding of relevant procedures; demonstrates a high level of understanding A good knowledge and understanding of relevant procedures demonstrates a competence in understanding Some knowledge and understanding of relevant procedures; descriptions are adequate but may indicate a lack of understanding Insufficient knowledge of relevant procedures; the student is typically unable to relate relevant facts/concepts or apply known/taught or researched contexts Highly insufficient knowledge or understanding of procedures or how these relate to the Computer Forensics  field in general; understanding is typically at the word level with facts being reproduced in a disjointed or decontextualised manner.

5

 

7

III. Feedback Opportunities

 

Formative (Whilst you’re working on the coursework)

You will be able to ask questions about the coursework at one or more ‘support’ teaching sessions

 

Summative (After you’ve submitted the coursework)

You will receive specific feedback regarding your coursework submission together with your awarded grade when it is returned to you. Clearly, feedback provided with your coursework is only for developmental purposes so that you can improve for the next assessment or subject-related module.

 

 

IV. Resources that may be useful

 

Referencing styles please use Harvard as detailed here

Guide to planning your time here and an automated planner here

Guidance on avoiding cheating is here

 

Remember to use Outlook or physical calendars to block out time between lectures and labs to work on this coursework.

 

 

V. Moderation

 

The Moderation Process

All assessments will be marked by your tutor. The assessments and grades awarded are considered by an independent 3rd person to check for consistency and fairness across the cohort for the piece of work submitted and to ensure that feedback is fair and appropriate. All courseworks and feedback are made available to the External Examiner prior to the Exams Board.

 

 

VI. Aspects for Professional Development

 

Employability skills: develop an understanding of cyber related issues and organisational processes and procedures.

Digital skills: formulate a detailed technical report using WP software.

Transferable skills: ability to develop ideas related to a specified problem to aid an organisation.

 

 

[1] However, you should apply the procedures that are relevant in 2020.