DFIR Lifecycle Stages 4-6 Coursework with Forensic Images and Reflection
The learning outcomes that are assessed by this coursework are:
- Discuss the principles underpinning digital forensic practice & their importance;
- Explain the main stages & the associated procedures of a digital forensic investigation;
- Apply the principles & practices of digital forensics to given scenarios;
- Analyse forensic images of different formats using a suitable selection of tools;
- Prepare a suitable report to present your findings and professional opinion of a given scenario;
- Critically evaluate & reflect upon your own learning in relation to digital forensics & your future learning needs to be successful in the field of digital forensics;
Tasks to be undertaken:
Work through stages 4-6 of the DFIR lifecycle (given to you during the taught week learning materials) using the given template (on Blackboard) and forensic images (in the March2022CEM1 folder on the CSC shared area – only available in the CTI labs) and the following software (only available in the CTI labs):
- FTK suite(FTK Imager, Registry Viewer, FTK, PRTK).
- XAMN/Physical Analyzer.
- KaliLinux with JTR.
- Work alone, following the Principles & Procedures covered during the taught week.
- Stage 4- Analyse the coursework forensic images given in the appropriate software listed above.
- Stage 5- Create a report (use the template) stating the facts of the case (i.e. your findings from the forensic images and no opinion of what the findings mean). This section will be between 2,500 & 3,000 words or you will not have explained everything appropriately. Make use of the appendices!
- Your report should detail the steps you took to get these facts, you should use screenshots but you mustexplain what they are showing – you should tell the reader what they are looking at, the reader should not be doing any work.
- It would be helpful for you to create a timelineof the events involved in the incident, you can use any program you’d like to do this but Padlet in the timeline format works very well for this (see Blackboard for more information).
- Stage 6– reflect on your learning journey during the module and this coursework and develop a plan to improve any future DFIR work. This section will need to be between 750 & 1,000 words or you will not have answered the questions below or given enough detail.
- Critically evaluate the tools used, (FTK suite, XAMN, Physical Analyzer, Kali, JTR): How easy were they to use? How did they help you get the task done? How do you know the results were correct? How do you know the tools are reliable?
- Discuss the Principles, Practices & DFIR stages covered during the taught week that you followed during the assignment:How did you ensure you followed them? Were there some that were harder to understand/follow than others?
Your Learning Journey Reflection: What did you do well? What did you not do well? What areas of digital forensics would be beneficial for to you develop to help you work through a similar module or real life scenario next time? Think about your time management - have you been working through the coursework across the 3 months or left it all until the last few weeks before the deadline?
Don’t forget this might be the first time you have done any digital forensics so you will have learnt a lot and still have a lot to learn, you need master the basics first before you can go on to learn more advanced tools or additional tools! If you have done any DF before then you might feel more comfortable with the tools/processes but still have areas you need to learn and develop more.
Do NOT put your name (first name/surname/other name) anywhere in the file or file name – your work needs to be anonymously marked! Turnitin knows who submitted each item, I do not need to know who submitted anything.
You must use Cite Them Right Harvard referencing for your assignment. I expect to see a list of references used in the correct format in the appendices where indicated and any quotes, or properly paraphrased sources with the appropriate citation in the body of your work – if you are not sure how to correctly paraphrase, quote, or reference in the correct Harvard format you need to ask for support, you any member of the library team can help you with this or direct you as appropriate, please just ask - this is all part of your learning journey.