IFN643 Assignment 2 Specification
Due Date: 6th October 2019
Weighting: 30%

This assignment is worth 30% of the total assessment for the unit. It is individual
work. While you can discuss the assignment with your tutors and peers, your
submission must be your own original work. You should provide evidence of
your own work incorporated in your submission.

The objective of this assignment is to gain knowledge and understanding of
digital forensics through research and practical experience. This understanding
is to be demonstrated by submission of a formal technical report of an analysis of
digital forensics artifacts and a brief essay on recent advanced in digital
forensics.
Background
While investigating mysterious activities in the world diamond market, British
Secret Service agent James Bond, best known by his code number 007, has
discovered that his evil nemesis Ernst Blofeld, head of the global criminal
organisation SPECTRE, is stockpiling the gems to use in his deadly laser satellite.
With the help of beautiful smuggler Tiffany Case, Bond has set out to stop the
madman---the fate of the world hangs in the balance!
Task 1
Bond has intercepted a transmission (in a pcap file) from the Whyte House, a
casino-hotel owned by the reclusive billionaire Willard Whyte. Bond suspects
that SPECTRE agents have been communicating through the Whyte House. Your
task as the security analyst within the digital forensics division of MI5 is to
answer Bond’s questions.

1. What was the first communication between the suspected SPECTRE
agents?
2. What did the suspected SPECTRE agents exchange?
3. What was used to blackmail Tiffany Case?
4. Who is Putter Smith?
5. What mail client does Putter Smith use?
6. What was the operating system running on Tiffany Case’s PC?
7. What was Tiffany Case looking at that she shouldn’t be?
8. What was in the trash directory?
9. What was in the encrypted transfer by Willard Whyte?
10. Is Willard Whyte working for SPECTRE?
11. Create a detailed map of the network, including IP addresses, hostnames
and services as well as suspected owners of each host.
12. Create a detailed timeline of the significant events that take place in the
captured transmission.

As part of the answer for each of these questions you must include
• A clear description of the evidence for your answer.
• A detailed description of the process that you followed and the tools that
you used to obtain the evidence.
Task 2
After the Diamond affair and the key part digital forensics played in the outcome
of that situation, Q has decided that more funding should be allocated to the
digital forensics department. He has asked you to review the latest research (the
last 3 years) in the digital forensics area. Your review should also describe a
specific project which is important for future investigations. Your task is to write
a brief essay indicating where MI5 funds should be invested.

Select one topic in digital forensics. This may include the following list but is not
limited to:

• Disk Forensics
• Memory Forensics
• Network Forensics
• Mobile device forensics
• Cloud Forensics
• SDN Forensics
• Internet of Things Forensics

Your essay on recent advances in digital forensics should not exceed 2000 words
(approximately 4 pages) but it should include the following main headings:

• Introduction
• Review of Previous Research
• New Digital Forensics Project
• Conclusions and Recommendations
Submission
Please submit your assignment via the IFN643 Blackboard web site under the
Assessment section. Only a report, preferably in one PDF file, is to be submitted.

The quality of the presentation of a formal technical report is as important as the
quality of the technical content of the report in the profession. Your assignment
will be assessed on:
1. The body text of your report should be no more than 16 pages in length
excluding appendices;
2. The text of your report should be in 12-point Times New Roman or 11-
point Arial font or something equivalent, and in single space;
3. Page size is A4 with 2cm in margins on all sides;
4. The report is suggested to be organised with cover page, executive
summary within one page (including a statement of completion), table of
contents, body text, and appendices;
5. The body text consists of your direct answers to questions in each task
followed by the overall analysis of each task and the description of how
you went about completing each task. It should be self-contained and
understandable without reading the appendix;
6. Screenshots that are used as evidence must be clearly visible and easy to
read.