Assignment 1 – Overview
This assignment comes in two parts.
Part 1 is an online multiple-choice quiz (MCQ) that you must complete on Blackboard.
Part 2 is a short report about evidence acquisition for a specific device.
Part 1 – Online MCQ
Deadline: You must complete the online MCQ no later than 28th March 2020 before 5pm.
Weight: This test contributes to 40% of the overall assignment mark.
There are 20 questions that all relate to evidence, evidence handling and evidence acquisition. These questions are designed to make sure that you have explored (and preferably understood) different issues that relate to digital evidence.
These questions are designed to ensure that you understand about:
- Standards (ACPO good practice guide, ISO 27037)
- Theory (live vs dead-box; full physical, logical, manual)
- Practice (available acquisition tools; different device types)
Having a good understanding about these issues will help you with the second part of this assignment.
You may complete the test as many times as you like, whenever you like, wherever you like, taking as long as you want to complete it.
Only the last version that you submit will be marked.
Your answers will not be marked until after the deadline is passed. Once your answers have been marked will you find out which questions you have answered correctly.
Part 2 – Short Report
Deadline: You must complete this short report no later than 18th April before 5pm.
Weight: This report contributes to 60% of the overall assignment mark.
Constraint: This report is limited to 600 words.
You must research a specific digital device and discuss how to obtain evidence from that digital device. You will be told which digital device you must research – no two students will be researching the same digital device.
You must use the “CO4514 Assignment One Template” (located on Blackboard) for your short report.
This will require a deeper understanding of the underlying technology. You will be told which device to focus on.
Different devices bring their own challenges when it comes to evidence recovery or evidence acquisition. For example, some devices may support a full physical acquisition, some devices may not, and some devices may require a part acquisition using logical methods.
For this task, you are expected to analyse and understand your digital device, and then postulate ways in which to acquire evidence from this device. Part of your write-up should explain where and how evidence is stored on your device.
You should:
- Provide an overview of the digital device you have been assigned. This overview should focus on the hardware capabilities, and summarise the most important parts in relation to an acquisition of evidence
- Identify what kind of acquisition you can perform. This should be informed by your research and should be one of
- Full physical
- Logical
- Part-image
- Manual
- Justify why you believe this acquisition technique is the most appropriate for your specific advice. This justification should be informed by your research into the device.
- Identify and justify which tools you would use to obtain evidence from this device.
- Identify how you uphold the ACPO good practice guide principles. Do not repeat the principles here, this should be about YOU and obtaining evidence from your device. Essentially, you should tell me how you would apply the ACPO good practice guide.
- Identify any evidence artefacts you can obtain from your digital device.
Explain and justify why those artefacts would be useful in prosecuting a crime.
Solution
| Device Name: | iPod 3rd Generation
|
| Device Overview: | The device is deemed superior in terms of portability and Wi-Fi enabled media players. Its fresh additions such as improved accessibility, faster processor, graphics enhancements, and voice controls make it a more refined product. However, the device lacks video cameras found in other gadgets such as the iPod Nano and iPhone 3GS. Additionally, it lacks refinements to its hardware design, audio quality, and video playback that leaves users feeling somewhat uninspired. Bottom line is that although the updates remain subtle, the 3rd generation iPod is much superior as compared to its competitors (Riley 2017).
|
| Acquisition Type: | Full physical
|
| Justification: | Apple’s existing privacy policy tends to explicitly deny government vital data requests if the devices in question are using iOS8. It implies that handing over devices to the manufacturer no longer leads to the securing of its full image. Additionally, physical retrieval reveals significantly more info than any other acquisition approach, including over-the-air and logical. Full keychain extraction is only possible through physical acquisition, which facilitates full decryption of records using device-specific keys. Through physical acquisition, it is possible to extract the “security” (0x835) from the devices. Physical acquisition generates a standard DMG disk image characterized by a HFS+ file system that facilitates a deep forensic analysis (Cahyani et al., 2017).
|
.To access the rest of the solution for $5, please click on the purchase button.
