A digital forensic investigation plan – Hire Academic Expert

Assessment item 2—Case study
Due date: 1:00pm AEST, Thursday, Week 11 ASSESSMENT
Weighting: 30% 2
Length: 2000-2500 words excluding references
This assessment item relates to the course learning outcome 1 to 9 as stated on page 1 of the course profile.
Enabling objectives
1. Apply the digital forensics methodologies.
2. Write an analysis of a case study.
3. Prepare an outline of a professional digital forensic plan.
The Case – A digital forensic investigation plan
Global Finance is an investment company with more than 10,000 employees worldwide. As an international player in the financial markets, Global Finance has many specific sector interests. A manager at the Brisbane branch has contacted the Information Security Office at Global Finance head office with some concerns regarding his computer system. He suspects that someone has compromised his computer.
Global Finance provides investment, superannuation and retirement products to individuals as well as to corporate and superannuation fund investors. Its wide range and investment management expertise includes Australian and global shares, property, fixed interest, credit, infrastructure and private equity.
To facilitate its global business, Global Finance has used information technology to move its vision forward. Major investments were made in the company in the early 2000s but management has lost focus of updating the network and application infrastructure that supports the operation in recent years. The network environment between all of Global Finance child organisation is flat and relatively unrestricted. Users from one organisation can access systems and servers from another child organisation. Workstations and servers are typically Microsoft Windows-based. Firewalls and network segmentation are implemented poorly, at best, throughout the environment. Intrusion detection and logging exist on systems, although seldom used.
Information security and specifically investigative and forensic capabilities are housed at the head office in Melbourne and are responsible for issues at all child organisations. A branch manager in north Queensland has contacted the Information Security Office at Global Finance head office with some concerns regarding his computer system. He suspects that someone has compromised his computer.
The Information Security Office takes this suspicion seriously. A team of auditors is formed to investigate this suspicion at the regional office. Apart from reviewing paper based company documents, the auditing team is tasked to undertake digital forensic analysis of the computer systems at the regional office. This involves gathering digital evidence from relevant desktop PC’s and e-mail accounts. Some examples of the type of files that may be collected include MS – Word documents, spreadsheets, MS-Outlook and deleted files.
As part of the auditing team in capacity of a Digital Forensics expert, your task is to prepare digital forensics investigative plan to enable a systematic collection of evidence and subsequent forensic analysis of the electronic and digital data. Assuming all systems are Windows based, this plan should detail following:
• justify why use of the digital forensic methodology and approach is warranted including procedures for corporate investigation.
• describe the resources required to conduct a digital forensic investigation, including team member skill sets and required tools.
• outline an approach for data/evidence identification and acquisition that would occur in order to prepare the auditors for review of the digital evidence.
• outline an approach and steps to be taken during the analysis phase making the assumption the computer system is a Microsoft Windows-based computer.
• create a table of contents for the investigative plan describing what the primary focus of the report would be.
Tips for preparing your digital forensics investigative plan
In writing the digital forensics investigative plan, students need to address following points. Do note that points listed below are not exhaustive and need to be considered as helpful tips.
• Justify a need for digital forensics methodology and consider scope of the case including nature of alleged misconduct leading to consideration of how electronic and digital evidence may support the investigation. The plan should consider how digital forensics differs from other techniques (such as network forensics, data recovery) and detail the overall steps for the systematic digital forensics approach.
• Consider the required resources and include details regarding preparation plan for evidence gathering (such as evidence forms, types, storage media and containers), forensics workstation and peripherals needed, software/tools for analysis depending on the type of evidence to be gathered including rationale for selected tools, and consideration of team member skills in digital analysis (such as OS knowledge, skills for interviewing, consultation, working as per the needs of the auditing team and understanding of law and corporate policies).
• Detail the approach for data acquisition including the different types of evidence that can be gathered and their source depending upon the nature of the case and scope of investigation, develop a plan for data acquisition including rationale for selected plan and contingency planning, detail type of data acquisition tools needed including rationale and an outline for the data validation & verification procedures.
• Provide an outline of the forensic analysis procedures/steps depending upon the nature of evidence to be collected, and detail the validation approach. This can include techniques to counter data hiding, recovering deleted files, procedures for network and e-mail analysis.
• Table of contents for the investigative plan should consider what to include in report, structure of report, focus or scope of the report including supporting material to be provided and references. This table of contents should include headings and sub-headings pertaining to the aspects addressed in the above dot points.
• Prepare a professional report with Executive summary, Word generated table of contents, introduction, body of report with proper headings and sub-headings, and conclusion.
Assessment criteria
COIS23002 Assessment item 2 – Case study
Criteria Performance levels
1 Developing
2 Improving
3 Accomplished
4 Exemplary
5 Score
Justification – Is the justification of “why use of the digital forensic methodology and approach is warranted” sound?
Resources – Are the resources required to conduct a digital forensic investigation completely listed?
Approach – Is the approach for evidence identification and acquisition reasonable?
Steps – Are steps to be taken during the analysis phase reasonable?
Table of contents – Is the table of contents for the investigative report complete? Can this refect the student’s understanding of forensic principles?
Formatting and readability – Is the paper consistently formatted with balanced structure? Are the references correctly cited?