Forensic Examination and Expert Witness Report

You are required to carry out a forensic examination of the evidence file that you have been supplied with and forensically examine its contents. You will need to produce an expert witness report that describes the formal investigation methodology that you followed and presents your findings. It is therefore essential that you follow a formal investigation procedure.

You will have to describe in detail the methodology that you followed in order to analyse the evidence file. You will have to identify and describe the procedures for all the different phases of your investigation including the tools you used for the analysis.

Your findings should be presented in a factual way, following the guidelines that were discussed in class. Your findings should include any relevant information that was discovered during your investigation. You should illustrate your analysis with screen dumps of the tools you used.

Your expert witness report should be no more than 2000 words.

You also need to produce contemporaneous notes that reflect the work you have undertaken and justify how you maintained the chain of custody. It is advisable you make use of a specialist tool to securely record your digital notes. Your contemporaneous notes should be submitted as an Appendix to the expert witness report and there is no word count for the notes.

You are expected to use appropriate peer reviewed sources for developing your arguments and the Harvard referencing style as per the University regulations.

Submission Requirements:

You are required to submit the final report via Canvas in a PDF format using your student number as the filename.

Your report is an academic report and as such the following report structure is expected:

· Cover Page

o Module code

o Module title

o ID number (the submission MUST be anonymous)

o Month and year, e.g. May 2020

Your report should be prepared as follows:

· The same font should be used throughout. We would prefer you to use 12-point Times, though any reasonable alternative (such as Arial) will be accepted.

· Lines should be single-spaced, with between 1/2 a line and a whole line of extra space after each paragraph.

Margins: at least 20mm left and right; 25mm top and bottom.

This Assignment assesses the following module Learning Outcomes:

1. Advanced current concepts and issues of information environment risks, vulnerabilities and threats

2. Managing an information environment in terms of deterrence, detection, protection and reaction to access

3. A systematic application of the tools, methods and procedures (theoretical and methodological) used within the cyber security arena under the context of a risk and threat assessment

4. Critically demonstrate self-direction and creativity in managing the security of an information environment at the strategic, tactical and operational levels, effectively developing information security policies.

5. Use initiative to autonomously conduct and manage a risk assessment of a complex and unpredictable environment

6. Demonstrating a systematic approach of creatively applying security standards to unfamiliar contexts for solving problems.