Académique Documents
Professionnel Documents
Culture Documents
Contact: qualityonewriters@gmail.com
Whatsapp/Call: +91-9502220077
Welcome to a new session of study at Charles Sturt University. Please refer to the Universitys
Acknowledgement of Country (http://student.csu.edu.au/study/acknowledgement-of-country).
Consultation procedures
Any questions concerning the teaching of this subject can be made by contacting your Subject
Lecturer.
Email is the best option. Please send a brief message regarding the issue and include the subject name and
subject code in your email it really helps to know which class you belong to, before I respond to your
query. If your query is urgent then meet with your respective Course Coordinator on Level-4.
https://csutimetable.au.studygroup.com/Melbourne/
If you cannot contact your Subject Coordinator, please contact your teaching team using the contact
details and consultation procedures provided on your Interact2 subject site.
be able to determine and explain the legal and ethical considerations for investigating and
Pass Requirements
You must obtain at least 50% in both the examination and the total mark in order to pass this subject.
To be eligible for the grade AA or AE you must have submitted all assessment items in the subject,
including the final exam. If you choose not to complete an assessment item or do not sit the final exam
then you will not be granted an AA or an AE grade.
Key Subjects
Passing a key subject is one of the indicators of satisfactory academic progress through your course.
You must pass the key subjects in your course at no more than two attempts. The first time you fail a
key subject you will be 'at risk' of exclusion; if you fail a second time you will be excluded from the
course.
Assumed knowledge
Academic integrity means acting with honesty, fairness and responsibility, and involves observing and
maintaining ethical standards in all aspects of academic work. This subject assumes that you understand
what constitutes plagiarism, cheating and collusion. If you are a new student we expect you to complete the
modules called Academic Integrity at CSU
(https://interact2.csu.edu.au/webapps/blackboard/execute/courseMain?course_id=_16412_1&task=true
Prescribed Text
Check the textbook database (link below) to ensure you have the correct textbook indicated.
Textbooks listed in this database have already been ordered for this session
https://online.csu.edu.au/de/dewtext.sqt?run=List
Nelson, B., Phillips, A., & Steuart, C. (2015). Guide to Computer Forensics and Investigations (5/e).
Boston, MA. Course Technology
The textbooks required for each of your enrolled subjects can also be found via the Student Portal
Textbooks (http://student.csu.edu.au/study/study-essentials/textbooks) page.
Subject Content
Topic 1: Understanding digital forensics and investigations
Topic 2: Digital crime: civil and crime law
Topic 3: Forensics process, policies and procedures
Topic 4: Data acquisition and validation
Topic 5: E-Evidence, guidelines and standards
Topic 6: E-Discovery, tools, environments and equipment
Topic 7: Investigating operating systems and analysing file systems
Topic 8: Virtual Machines, Cloud and Network Forensics
Topic 9: Steganography and mobile device forensics
Topic 10: Email and web forensics
Topic 11: Reporting and presenting
Topic 12: Expert witness and ethics
Subject Delivery
Class/tutorial times and location
If you are enrolled in an internal offering of this subject, your class times can be found at Timetable @
CSU (http://timetable.csu.edu.au). If you are enrolled in the online offering of the subject, this
timetable will not apply. Find out how to use Timetable @ CSU via the Student Portal Class Timetable
(http://student.csu.edu.au/study/study-essentials/timetable) page.
All of your subject materials are available on the Interact site under the Topics link in the left hand
menu. I suggest that for each topic you read the learning objectives carefully and attempt the weekly
activities and most of the labs at the end of each chapter. The topics are available online only, you can
download and print topics as you like.
In this subject there are also lots of opportunities for you to engage with me, with your peers and
with the subject. I will be holding weekly face to face lecturers throughout the session where we can
discuss subject content and assessment items. The details of times and dates will be posted on the
Interact site. Interaction with your fellow students and the Subject Coordinator is very important to
enhance your learning in this subject.
You should check the Interact site at least weekly for postings, announcements and other resources that
will assist your studies or additional information and resources vital to your success in the subject.
You can also contact an adviser through Student Central on the following number:
1800 275 278 (or +61 2 6933 7507 from outside Australia).
Library Services
The CSU Library website provides access to online material and print, using Primo Search to find
online journal articles, eBooks, hardcopy books from CSU Library (see Library Manager for
Interlibrary Loan Requests), company & government reports, eJournals, dissertations, theses,
newspapers including Business & Financial newspapers in Factiva (See Business & IT Journal
Databases), and other reference resources (eg. Australian Bureau of Statistics, Australian standards,
online encyclopaedias & dictionaries to be read on the computer). You will also find library guides,
Subject Reserve for any readings eg. ITC100, ACC100, etc., and online assistance to help you use the
Library's resources such as Ask a Librarian Live Chat and Ask a Librarian - Web Form.
You can find Library Services on both the SGA library online catalogue:
http://primo.unilinc.edu.au/primo_library/libweb/action/search.do?vid=SGA
The SGA library online catalogue allows students to Sign In, My Account shows students current
library record including all books on loan, Renew your borrowed books online before the due date,
also Search and Request all books in the SGA library, even if unavailable due to high demand from
students. Students can Request books when all books are on loan to other students. When the
requested book is returned to the SGA library, the student who requested the book receives an email
immediately to pick up the book from the SGA library. View your library record online 24/7 at the
above web link for SGA library.
http://trove.nla.gov.au/ - Powerful search engine from National Library of Australia to access many
different online resources on any subject from one search.
Contact Details for renewing loans, locating books and other information:
Library Help
Online Tutorials
http://student.csu.edu.au/library/study-research/training-tutorials-videos
Residential school
You are not required to attend a residential school for this subject.
Assessment Items
Item number Title Type Value Due date* Return date**
* due date is the last date for assessment items to be received at the University
* applies only to assessment items submitted by the due date
Assessment item 1
Assignment 1 - Tasks
Value: 20%
Due date: 02-Apr-2017
Return date: 27-Apr-2017
Submission method options
Alternative submission method
Task
Complete the following Hands-On Projects from the textbook (Nelson, Phillips, & Steuart
2015): Hands-On Project 1-3 (2 marks)
Hands-On Project 1-5 (2 marks)
Deliverable: For project 1-3 and 1-5 provide screenshots of all steps taken to complete the project
along with a description of each step.
Complete the following Hands-On Projects from the textbook (Nelson, Phillips, & Steuart
2015): Hands-On Project 3-4 (4 marks)
Hands-On Project 4-5 (2 marks)
Deliverable: For project 3-4 and 4-5 provide screenshots of all steps taken to complete the project
along with a description of each step.
A distressed employee calls you because she has accidentally deleted crucial files from her hard drive
and cant retrieve them from the Recycle Bin. Describe the options or methods that you believe might
be used to recover the files. Your solution may contain a list of questions to ask her about her system
before you carry out your methods.
Deliverable: Write a 300-500 word report outlining the OS that the employee may be using,
formulate interview questions that may help you to recover data, and highlight the possibility of data
recovery in the report.
As part of the duties of a digital forensics examiner, creating an investigation plan is a standard
practice. Write a paper that describes how you would organise an investigation for a potential fraud
case. Also, list the methods that you plan to use to validate collected data from storage devices such
as MS Word, MS Excel and emails, with hashes. Specify the hash algorithm you plan to use, such as
MD5 or SHA1.
Deliverable: Write a 300-500 word report that outlines standard investigation management and
data validation methods.
This assessment task covers digital crime, forensic process and procedures, data acquisition and
validation, e-evidence, e-discovery tools and equipment. This assessment has been designed to ensure
that you are engaging with the subject content on a regular basis. More specifically it seeks to assess
your ability to:
determine the legal and ethical considerations for investigating and prosecuting digital
crimes
formulate a digital forensics process
evaluate the technology in digital forensics to detect, prevent and recover from digital
crimes analyse data on storage media and various file systems
collect electronic evidence without compromising the original data
evaluate the functions and features of digital forensics equipment, the environment and
the tools for a digital forensics lab
Marking criteria
Possible marks 6.0 5.1 5.0 4.5 4.4 3.9 3.8 3.0 2.9 0
Task 2: Case Project (5 Marks)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 49% - 0
300-500 word Report on OS, Report on OS, Report on OS, Report on OS, Report is
Report on case interview interview interview interview provided but it
project questions and the questions and the questions and the questions and the didnt address
possibility of file possibility of file possibility of file possibility of file the questions
recovery with recovery with recovery with recovery provided asked.
excellent reasonable some minor errors but it lacks
explanations and explanations and in explanations reasoning for the
justifications. justifications. and justifications. explanations and
justifications.
Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5 2.4 0
Assessment item 2
Assignment 2 - Tasks and Forensics Report
Value: 30%
Due date: 19-May-2017
Return date: 09-Jun-2017
Submission method options
Alternative submission method
Task
For this task I will upload a text file with scrambled bits on the Interact site closer to the assignment
due date. You will be required to restore the scrambled bits to their original order and copy the plain
text in your assignment.
Deliverable: Describe the process used in restoring the scrambled bits and insert plain text in
the assignment.
For this task I will provide an image with hidden information in it. You will be required to reveal the
hidden information.
Deliverable: Describe the process used to reveal the hidden information from the image and copy
the revealed information in the assignment in plain text.
In this major task assume you are a Digital Forensics Examiner. Considering a real or a hypothetical
case you are required to produce a formal report consisting of facts from your findings to your
attorney who has retained you. You are free to choose a forensics scenario which can be the
examination of a storage media (HDD, USB Drive, etc), email or social media forensics, mobile
device forensics, cloud forensics or any other appropriate scenario you can think of.
Rationale
This assessment task covers data validation, e-discovery, steganography, reporting and presenting,
and has been designed to ensure that you are engaging with the subject content on a regular basis.
More specifically it seeks to assess your ability to:
determine the legal and ethical considerations for investigating and prosecuting digital
crimes
analyse data on storage media and various file systems
collect electronic evidence without compromising the original data;
evaluate the functions and features of digital forensics equipment, the environment and
the tools for a digital forensics lab;
compose technical tactics in digital crimes and assess the steps involved in a digital
forensics investigation;
prepare and defend reports on the results of an investigation
Marking criteria
Task 1: Recovering scrambled bits (5 Marks)
Criteria HD DI CR PS
100% - 85% 84% - 75% 74% - 65% 64% - 50%
Successfully Scrambled bits are Scrambled bits are Scrambled bits are Scrambled bits are S
recovering the restored to the restored to the restored to the restored to the re
scrambled bits to original text. Tool original text. Tool original text. Tool original text. No m
their original order used to decode the used to decode the used to decode the justification of tool or
(5 marks) text is mentioned and text is mentioned but text is mentioned but used is provided, no
justification to use the justification is the justification is process seems to pr
the tool is also not very clear. The not very clear. The be somewhat vague. de
provided. The process to restore the process to restore the
process to restore the scrambled bits is scrambled bits is
scrambled bits is described with some described but no
clearly described screenshots. screenshots
with screenshots provided.
inserted of all steps.
Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5
Task 2: Revealing hidden information from an image (5 Marks)
Criteria HD DI CR PS
100% - 85% 84% - 75% 74% - 65% 64% - 50%
Successfully Hidden text is Hidden text is Hidden text is Hidden text is H
revealing hidden revealed. Tool used revealed. Tool used revealed. Tool used revealed. No re
text from an image to reveal the text is to reveal the text is to reveal the text is justification of tool m
Charles Sturt University Subject Outline
Criteria HD DI CR PS
100% - 85% 84% - 75% 74% - 65% 64% - 50%
Introduction: All elements are All elements are All elements are Most elements are
Background, scope present, well present and largely present with few present possibly with
of engagement, tools expressed, accurate and well inaccuracies. some inaccuracies.
and findings comprehensive and expressed.
(3 marks) accurate.
Possible marks 3.0 2.55 2.54 2.25 2.24 1.95 1.94 1.5
Analysis: relevant Description of Description of Description of Description of analysis
programs, analysis is clear and analysis is clear and analysis is clear and is not completely
techniques, graphics appropriate programs mostly appropriate mostly appropriate relevant. Little or no
(5 marks) and techniques are programs and programs and graphics image
selected. Very good techniques are techniques are analysis provided.
graphic image selected. Good selected.
analysis. graphic image Reasonable graphic
analysis. image analysis.
Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5
Findings: A greater detail of Findings are Findings are Findings are provided
specific findings is provided, keywords provided, some but are somewhat
files/images, type of provided. Keywords and string searchers keywords are vague. Keywords
searches, type of and string searches are are listed. Evidence is listed. Evidence is and strings are not
evidence, indicators listed very sound. Ownership is reasonable which very clear. Evidence
of ownership clearly. Evidence clear. relates to the found may be
(5 marks) found is very ownership. questionable.
convincing. Indication
of ownership is very
clear.
Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5
Conclusion: High level summary Well summarised Good summary of Satisfies the minimum
Summary, Results of results is provided results and mostly results. requirements. Results
(3 marks) which is consistent consistent with the Able to relate the are not really
with the report. findings. results with findings. consistent with the
No new material is findings.
included.
Possible marks 3.0 2.55 2.54 2.25 2.24 1.95 1.94 1.5
References: APA 6th edition APA 6th edition APA 6th edition APA 6th edition
Must cite references referencing applied to referencing applied to referencing applied referencing applied
to all material used a range of relevant a range of relevant to a range of relevant to a range of relevant
as sources for the resources. No resources. No more resources. No more resources.
content referencing errors. than 2 referencing than 3 errors. Direct No more than 4 errors.
(2 marks) Direct quotes used errors. quotes used Direct quotes used
sparingly. Sources all Direct quotes used in-context. Sources in-context. Some
documented. sparingly. Sources all all documented. sources documented.
documented.
Submit the assignment in ONE word or pdf file on Turnitin. Please do not submit *.zip or *.rar
or multiple files.
Rationale
Covering all topics, this assessment task has been designed to assess your ability to:
determine the legal and ethical considerations for investigating and prosecuting digital crimes
formulate a digital forensics process
evaluate the technology in digital forensics to detect, prevent and recover from digital crimes
analyse data on storage media and various file systems
collect electronic evidence without compromising the original data;
evaluate the functions and features of digital forensics equipment, the environment and the tools for a
digital forensics lab;
compose technical tactics in digital crimes and assess the steps involved in a digital forensics
investigation;
prepare and defend reports on the results of an investigation
Requirements
Short answer questions and case study. All questions must be answered.
It is your responsibility to ensure that you are aware of the requirements for completing the exam and
that you attend the exam site on the correct date and at the correct time. The School of Computing and
Mathematics will not accept misreading the exam time as misadventure.
Marking criteria
Part A 5 Short Answer Questions (8 marks each)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 49% - 0
Demonstrate an Demonstrate an Demonstrate an Demonstrate an Demonstrate an Demonstrate an
ability to ability to analyse, ability to ability to analyse, ability to analyse, ability to
analyse, reason reason and discuss analyse, reason reason and discuss reason and discuss analyse, reason
and discuss the the concepts to and discuss the the concepts to most concepts to and discuss
concepts draw justified concepts to draw draw justified draw justified some concepts to
learned in the conclusions that justified conclusions that conclusions that draw
subject (This are logically conclusions that are generally are generally conclusions that
includes content supported by are logically logically logically are generally
from online examples and best supported by supported by supported by logically
meetings, practice. Answers examples and examples and best examples and best supported by
textbook succinctly integrate best practice. The practice. The examples. The
chapters, and link practice. The answers are answers are answers are
modules, information into answers are generally logically partially structured partially
cohesive and logically structured to into loosely-linked structured and
coherent piece of structured to create a rudimentary may tend to list
analysis and create cohesive comprehensive, sentences to create information.
Charles Sturt University Subject Outline
ITC597 201730 SM I-28 January 2017-Version 1 Page 12 of 17
readings and consistently use and coherent mainly descriptive a comprehensive, Uses frequent
forum correct forensics piece of analysis piece of analysis. descriptive piece informal
discussions) terminologies and that consistently Some use of of analysis. Some language.
sophisticated use correct correct forensic use of correct
language. forensic terminologies. forensic
terminologies. terminologies.
Possible marks 8.0 6.8 6.7 6.0 5.9 5.2 5.1 4.0 3.9 0
Part B One Case Study Question (10 marks)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 49% - 0
Use the Use the concepts Use the concepts Use the concepts Use the concepts Use the concepts
concepts learned in the learned in the learned in the learned in the learned in the
learned in the subject to solve subject to solve subject to solve subject to solve subject to solve the
subject to the case which the case which the case which the case which case which
solve the case demonstrates an demonstrates an demonstrates an demonstrates an demonstrates an
(This includes ability to analyse ability to analyse ability to analyse ability to analyse ability to analyse
content from and reason the and reason the and reason the and reason most and reason the
online concepts to draw concepts to draw concepts to draw concepts to draw concepts to draw
meetings, justified justified justified justified conclusions that
textbook conclusions that conclusions that conclusions that conclusions that are generally
chapters, are logically are logically are generally are generally logically supported
modules, supported by supported by logically logically by
readings and examples and best examples and best supported by supported by examples. Answer
practice. Answer practice. Answer examples and best examples and best is partially
forum
succinctly is logically practice. Answer practice. Answer structured and may
discussions)
integrates and link structured to is generally is partially tend to list
information into create cohesive logically structured into information. Uses
cohesive and and coherent structured to loosely-linked frequent informal
coherent piece of piece of analysis create a rudimentary language.
analysis and that consistently comprehensive, sentences to create
consistently use use correct mainly descriptive a comprehensive,
correct forensics forensic piece of analysis. descriptive piece
terminologies and terminologies. Some use of of analysis. Some
sophisticated correct forensic use of correct
language. terminologies. forensic
terminologies.
Possible marks 10.0 8.5 8.4 7.5 7.4 6.5 6.4 5.0 4.9 0
Assessment Information
Learning materials
Details of learning materials that support your success in this subject can be found in the
Interact2 Subject Site.
Plagiarism
CSU treats plagiarism seriously. We may use Turnitin to check your submitted work for plagiarism.
You can use Turnitin to check for plagiarism
(http://student.csu.edu.au/library/integrity/referencing-at-csu/checking) in your assessments before
submission.
Extensions
In order to ensure that students who hand their assignments in on time are not disadvantaged, and to
enable the lecturer to comply with the requirement to return assignments to the class within 21
days, the following rules about extensions will be strictly enforced:
1. Extensions cannot be granted for online tests, as these have to be done within a specific time
frame, after which the answers are released to the class automatically.
2. Computer problems and normal work-related pressures and family commitments do not
constitute sufficient reasons for the granting of extensions.
3. If it becomes obvious that you are not going to be able to submit an assignment on time
because of an unavoidable problem, you must submit your request for an extension to the
Subject Coordinator in writing (email or post) prior to the due date.
Requests for extensions will not be granted on or after the due date so you must make sure
that any extension is requested prior to the day on which the assignment is due.
You are expected to do all you can to meet assignment deadlines. Work and family related
pressures do not normally constitute sufficient reasons for the granting of extensions or
incomplete grades.
4. If you apply for an extension, you may be asked to email your lecturer on what you
have done so far on the assignment.
5. You must be able to provide documentary evidence (such as a certificate from a doctor or
counsellor) justifying the need for an extension as soon as practicable - but please note that if
the circumstances giving rise to the request for an extension arise on a day when you cannot
get documentary evidence, you must still apply for the extension before the due date and
submit the documentary evidence afterwards.
6. Given the tight deadlines involved in returning assignments to students and putting feedback
on Interact, the maximum extension granted generally will be seven (7) days from the
due date.
7. Assignments received more than 10 days after the due date or extension date will not be
marked unless the staff member decides otherwise. Items received late will be penalised at
10% of the mark available for the assessment item per day it is late (see below).
10% deduction per day, including weekends, of the maximum marks allocated for the assessment
task, i.e. 1 day late 10% deduction, or 2 days late 20% deduction.
If an assignment is due on a Friday but is not submitted until the following Tuesday, then the penalty
will be four days (40% deduction or 8 marks in the example above).
Submissions more than 10 days late will be acknowledged as received but will not be marked.
Resubmission
Under normal circumstances resubmission of assessment items will not be accepted for any of
the assessments required in this subject.
Online Submission
Assignments should be submitted through TurnItIn. Please meet with your respective lecturer to enroll
in the Turnitin (If you do not receive any email from Turnitin).
Assessments such as Blogs, Quizzes and Journals are required to submit in the Interact2.
Assignment/s must be submitted through Turnitin by midnight (AEST) according to the date
mentioned in the subject outline.
Postal Submission
Under normal circumstances postal submissions will not be accepted for any of the
assessments required.
Feedback
Feedback for assessment items will be provided by subject lecturer/s.
Assignment Return
You should normally expect your marked assignment to be returned to you within 15 working days
of the due date, if your assignment was submitted on time. If you submitted your assignment on time
but have not returned by the return date, you should make enquiries in the first instance to the
subject lecturer. If the subject lecturer is not available, contact Level 1, Reception.
We strongly encourage you to complete your online Subject Experience Surveys. You will be
provided with links to your surveys via email when they open three [3] weeks before the end of
session.
Data about your activity in the Interact2 site and other learning technologies for this subject will be
recorded and can be reviewed by teaching staff to inform their communication, support and
teaching practices.
Library Services
CSU Library (https://student.csu.edu.au/library) provides access to the eBooks, journal articles, books,
and multimedia resources needed for your studies and assessments. Get the most out of these
resources by contacting Library staff either online or in person, or make use of the many Library
Resource Guides, videos and online workshops available.
Please refer to the collated list of policies and regulations relevant to studying your subject(s)
(http://student.csu.edu.au/administration/policies-regulations-subjects) which includes links to the CSU
Policy Library (http://www.csu.edu.au/about/policy) the sole authoritative source of official academic
and administrative policies, procedures, guidelines, rules and regulations of the University.