COM6016: Cyber Threat Hunting and Digital Forensics Forensics Case Study Assessment , October 2023
Submission Deadline: 15:00 on Wednesday, 13th December 2023
This assignment is worth 60% of the module mark. This assignment is made up of four different parts. You are required to answer all the questions below. All answers must be supported with adequate academic references.
The document should be formatted using 12 point font size. The maximum number of pages for this assignment should not exceed 10 pages.
PART 1 [20%]
The local police have received a tip about the production and distribution of counterfeit artwork in Portsmouth. The counterfeit artworks closely resemble those of three renowned international artists, raising concerns about potential art fraud.
Preliminary investigation has led to the sale of such artwork to Linda, who runs a small business selling art and craft items. A search warrant was issued, and Linda's residence was raided, leading to the seizure of several suspicious paintings and digital devices such as an iPhone 11, a 9th generation iPad and a Dell laptop running Windows 10. Suppose you have been assigned as the Forensics Lead on the the case
Using your knowledge of Digital Forensics and the Digital Forensics process, describe how you would approach this case from the point of arrest.
PART 2 [45%]
Jack C is a long-time resident of the quiet suburban neighbourhood of Maplewood. He has come under suspicion for a series of house fires that have plagued the area in the past few months. Despite his amiable demeanour and seemingly ordinary life, eyewitness accounts have pointed towards his likely involvement in the unsettling string of arson incidents.
The police have imaged his laptop and provided you a Digital image of Jack’s laptop. You are required to write a maximum of a 800 word forensics report explaining how you went about your investigation that is to be used in court to prosecute or exonerate the suspect.
PART 3 [15%]
Horizon Air is a leading local airline offering superior customer service to customers. Horizon Air operates approximately 100 flights daily and transports an average of 15,000 passengers daily.
On 7th of January 2023 at 3pm, the company received an email from a third party claiming to have accessed its IT network and downloaded its customer's data requesting for a payment in bitcoin within three days to avoid public release of the data.
On the 9th of January 2023 at 8:15pm, Horizon Air's website that allows customers to book and pay for flights was defaced resulting in delayed flights and loss of revenue.
On the 10th of January 2023, at 7:10am, the IT team took the affected systems offline and attempted to understand the scope of the incident.
On the 12th of January 2023, at 10:17am, an admin staff detects that the airline's intranet has been defaced and reports to the IT team.
Assume, you work for BGP Forensics as a forensics analyst leading the case and your colleagues have provided you with the disk images of the 2 x 2TB hard drives connected to the server and a live capture of the memory of the servers. Explain how you would go about handling this incident to ensure digital evidence is captured, forensics integrity is maintained and the business can resume operations in a few days.
PART 4 [20%]
You have been provided a network capture involving about ten devices in an enterprise network. Your colleague, an IT administrator, suspects there is some suspicious activity going on. Using your knowledge of cybersecurity and network forensics, you are required to analyse the PCAP file 2023_part_4.pcapng and suggest what you think might be going on in the network packet sequence.
Submission
The final report must be submitted in PDF format using Blackboard.
The submission deadline is 3pm on Wednesday, 13th December 2023
The standard penalties for late submission of work apply:
Unfair Means
This is an individual assignment and you must not collaborate with other students.
The standard rules concerning unfair means apply:
Use of Generative AI tools
Use of any generative AI tools in the preparation of the solution to this work is not permitted.
Questions
If you have any questions concerning what is required by this assignment please email them to:[email protected]
