Need this or a similar Assignment

Contact: qualityonewriters@gmail.com
Whatsapp/Call: +91-9502220077

ITC597 - Digital Forensics

Session 1 2017
Faculty of Business, Justice and Behavioural Sciences
School of Computing and Mathematics
Internal Mode

Welcome to a new session of study at Charles Sturt University. Please refer to the Universitys
Acknowledgement of Country (http://student.csu.edu.au/study/acknowledgement-of-country).

This subject outline is accessible through mobile devices from http://m.csu.edu.au.

Subject Coordinator Rajasekaran Lakshmiganthan

Email rlakshmiganthan@studygroup.com
Phone 0399357900
Campus To be advised.
Building/Room number To be advised.

Consultation procedures
Any questions concerning the teaching of this subject can be made by contacting your Subject
Lecturer.

Lecturer Name : Chetanpal Sing

Lecturer Email : csingh@studygroup.com (mailto:csingh@studygroup.com)

Email is the best option. Please send a brief message regarding the issue and include the subject name and
subject code in your email it really helps to know which class you belong to, before I respond to your
query. If your query is urgent then meet with your respective Course Coordinator on Level-4.

Class times and location

General Timetable as below will be available at the following website before the start of 201730
semester, which can be accessed on any Mobile Phone or IPAD:

https://csutimetable.au.studygroup.com/Melbourne/

If you cannot contact your Subject Coordinator, please contact your teaching team using the contact
details and consultation procedures provided on your Interact2 subject site.

What is your subject about? A brief overview

This subject provides an in-depth study of the rapidly changing and fascinating field of computer
forensics. It combines both the technical expertise and the knowledge required to investigate, detect
and prevent digital crimes. The subject covers the knowledge on digital forensics legislations, digital
crime, forensics processes and procedures, data acquisition and validation, e-discovery tools, e-
evidence collection and preservation, investigating operating systems and file systems, network
forensics, art of steganography and mobile device forensics, email and web forensics, presenting
reports and testimony as an expert witness.
Learning outcomes
On successful completion of this subject, you should:

be able to determine and explain the legal and ethical considerations for investigating and

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 1 of 17
 prosecuting digital crimes;
be able to formulate a digital forensics process;
be able to evaluate the technology in digital forensics to detect, prevent and recover from
digital crimes;
be able to analyse data on storage media and various file systems;
be able to collect electronic evidence without compromising the original data;
be able to evaluate the functions and features of digital forensics equipment, the environment
and the tools for a digital forensics lab;
be able to critique and compose technical tactics in digital crimes and assess the
steps involved in a digital forensics investigation;
be able to prepare and defend reports on the results of an investigation.

Pass Requirements
You must obtain at least 50% in both the examination and the total mark in order to pass this subject.

To be eligible for the grade AA or AE you must have submitted all assessment items in the subject,
including the final exam. If you choose not to complete an assessment item or do not sit the final exam
then you will not be granted an AA or an AE grade.

Key Subjects
Passing a key subject is one of the indicators of satisfactory academic progress through your course.
You must pass the key subjects in your course at no more than two attempts. The first time you fail a
key subject you will be 'at risk' of exclusion; if you fail a second time you will be excluded from the
course.

The Academic Progress Policy (https://policy.csu.edu.au/view.current.php?id=00250) sets out the

requirements and procedures for satisfactory academic progress, for the exclusion of students who
fail to progress satisfactorily and for the termination of enrolment for students who fail to complete in
the maximum allowed time.

Assumed knowledge
Academic integrity means acting with honesty, fairness and responsibility, and involves observing and
maintaining ethical standards in all aspects of academic work. This subject assumes that you understand
what constitutes plagiarism, cheating and collusion. If you are a new student we expect you to complete the
modules called Academic Integrity at CSU
(https://interact2.csu.edu.au/webapps/blackboard/execute/courseMain?course_id=_16412_1&task=true

Prescribed Text
Check the textbook database (link below) to ensure you have the correct textbook indicated.
Textbooks listed in this database have already been ordered for this session

https://online.csu.edu.au/de/dewtext.sqt?run=List

Students must have access to a copy of the following prescribed textbook:

Nelson, B., Phillips, A., & Steuart, C. (2015). Guide to Computer Forensics and Investigations (5/e).
Boston, MA. Course Technology

The textbooks required for each of your enrolled subjects can also be found via the Student Portal
Textbooks (http://student.csu.edu.au/study/study-essentials/textbooks) page.

Subject and Assessment Schedule

Schedule

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 2 of
17
Session Week Week Commencing Modules/Topics

1 27 February 2017 Topic 1: Understanding digital

2 6 March 2017 Topic 2: Digital crime: civil and

3 13 March 2017 Topic 3: Forensics process, poli

4 20 March 2017 Topic 4: Data acquisition and v

5 27 March 2017 Topic 5: E-Evidence, guidelines

1 April 2017 - 16 April 2017 Mid-session break

6 17 April 2017 Topic 6: E-Discovery, tools, e

7 24 April 2017 Topic 7: Investigating operating

8 01 May 2017 Topic 8: Virtual machines, ema

9 08 May 2017 Topic 9: Steganography and mo

10 15 May 2017 Topic 10: Cloud forensics

11 22 May 2017 Topic 11: Reporting and presen

12 29 May 2017 Topic 12: Expert witness and et

05 June 2017 - 16 June 2017

Subject Content
Topic 1: Understanding digital forensics and investigations
Topic 2: Digital crime: civil and crime law
Topic 3: Forensics process, policies and procedures
Topic 4: Data acquisition and validation
Topic 5: E-Evidence, guidelines and standards
Topic 6: E-Discovery, tools, environments and equipment
Topic 7: Investigating operating systems and analysing file systems
Topic 8: Virtual Machines, Cloud and Network Forensics
Topic 9: Steganography and mobile device forensics
Topic 10: Email and web forensics
Topic 11: Reporting and presenting
Topic 12: Expert witness and ethics

Subject Delivery
Class/tutorial times and location
If you are enrolled in an internal offering of this subject, your class times can be found at Timetable @
CSU (http://timetable.csu.edu.au). If you are enrolled in the online offering of the subject, this
timetable will not apply. Find out how to use Timetable @ CSU via the Student Portal Class Timetable
(http://student.csu.edu.au/study/study-essentials/timetable) page.

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 3 of 17
Learning, teaching and support strategies
How you are expected to engage with the subject

All of your subject materials are available on the Interact site under the Topics link in the left hand
menu. I suggest that for each topic you read the learning objectives carefully and attempt the weekly
activities and most of the labs at the end of each chapter. The topics are available online only, you can
download and print topics as you like.

In this subject there are also lots of opportunities for you to engage with me, with your peers and
with the subject. I will be holding weekly face to face lecturers throughout the session where we can
discuss subject content and assessment items. The details of times and dates will be posted on the
Interact site. Interaction with your fellow students and the Subject Coordinator is very important to
enhance your learning in this subject.

You should check the Interact site at least weekly for postings, announcements and other resources that
will assist your studies or additional information and resources vital to your success in the subject.

You can also contact an adviser through Student Central on the following number:
1800 275 278 (or +61 2 6933 7507 from outside Australia).

Library Services
The CSU Library website provides access to online material and print, using Primo Search to find
online journal articles, eBooks, hardcopy books from CSU Library (see Library Manager for
Interlibrary Loan Requests), company & government reports, eJournals, dissertations, theses,
newspapers including Business & Financial newspapers in Factiva (See Business & IT Journal
Databases), and other reference resources (eg. Australian Bureau of Statistics, Australian standards,
online encyclopaedias & dictionaries to be read on the computer). You will also find library guides,
Subject Reserve for any readings eg. ITC100, ACC100, etc., and online assistance to help you use the
Library's resources such as Ask a Librarian Live Chat and Ask a Librarian - Web Form.

You can find Library Services on both the SGA library online catalogue:
http://primo.unilinc.edu.au/primo_library/libweb/action/search.do?vid=SGA

The SGA library online catalogue allows students to Sign In, My Account shows students current
library record including all books on loan, Renew your borrowed books online before the due date,
also Search and Request all books in the SGA library, even if unavailable due to high demand from
students. Students can Request books when all books are on loan to other students. When the
requested book is returned to the SGA library, the student who requested the book receives an email
immediately to pick up the book from the SGA library. View your library record online 24/7 at the
above web link for SGA library.

And also CSU Library online:

http://student.csu.edu.au/library - CSU Library Services including Primo Search & Subject Reserve
online with 24/7 access, online and video tutorials in research skills, finding journal articles for
assignments, topic analysis, download Endnote referencing program and many other online library
services to help you successfully complete your assignments for all CSU courses.

http://trove.nla.gov.au/ - Powerful search engine from National Library of Australia to access many
different online resources on any subject from one search.

Contact Details for renewing loans, locating books and other information:

SGA Melbourne Library:

Marian Lees - Director, Library Services
Ph: (03) 9935 7921
Email: MLees@studygroup.com

Library Help

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 4 of 17
http://student.csu.edu.au/library/help -contacts Friendly and quick assistance is available. Ask for help
finding information and navigating the library's extensive eResources.

Online Tutorials
http://student.csu.edu.au/library/study-research/training-tutorials-videos

Learn how to:

use Primo Search to find eReserve material and journal articles
search journal databases and web resources for information for your assessments
identify appropriate sources of information and peer reviewed material, and evaluate resources.

Bookmark your Subject Library Resource Guide

Subject Library Guides are a great way to get started with research. Each online guide is tailored to
a specific area of study, including Accounting, Business & Information Technology outlining how to
research in your area and where to look for information.
http://libguides.csu.edu.au/

Academic Learning Support Assistance

Visit the learning support website for advice about assignment preparation, academic reading and
note-taking, referencing, and preparing for exams at: http://student.csu.edu.au/study

You may also contact:

Name: Monique Moloney

Email: MMoloney@studygroup.com
Phone: (03) 9935 7919

Name: Bethany Winkler

Email: BWinkler@studygroup.com
Phone: (03) 9935 7953

Name: Gail Ekici

Email: GEkici@studygroup.com
Phone: (03) 9935 7965

For appointments, please see Reception at Level 1.

Queries regarding the content of this subject should be directed to your subject lecturer.

Residential school
You are not required to attend a residential school for this subject.

Your workload in this subject

Each week you should spend around 9 - 11 hours studying this subject obviously some weeks may
require more time than other depending on how you work but the following is a guide for your
information.

Weekly activities (4-5 hours)

Participation in weekly lectures and discussion (3 hour)
Preparation of assessment items (3 hours)

Assessment Items
Item number Title Type Value Due date* Return date**

1 Assignment 1 - Tasks Assignment 20% 02-Apr-2017 27-Apr-2017

2 Assignment 2 - Tasks and Forensics Report Assignment 30% 19-May-2017 09-Jun-2017

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 5 of 17
Item number Title Type Value Due date* Return date**

3 Final Exam Exam 50% To be Advised. -

* due date is the last date for assessment items to be received at the University
* applies only to assessment items submitted by the due date

Assessment item 1
Assignment 1 - Tasks
Value: 20%
Due date: 02-Apr-2017
Return date: 27-Apr-2017
Submission method options
Alternative submission method

Task

Task 1: Hands-On Projects (10 Marks)

Complete the following Hands-On Projects from the textbook (Nelson, Phillips, & Steuart
2015): Hands-On Project 1-3 (2 marks)
Hands-On Project 1-5 (2 marks)

Deliverable: For project 1-3 and 1-5 provide screenshots of all steps taken to complete the project
along with a description of each step.

Complete the following Hands-On Projects from the textbook (Nelson, Phillips, & Steuart
2015): Hands-On Project 3-4 (4 marks)
Hands-On Project 4-5 (2 marks)

Deliverable: For project 3-4 and 4-5 provide screenshots of all steps taken to complete the project
along with a description of each step.

Task 2: Case Project (5 Marks)

A distressed employee calls you because she has accidentally deleted crucial files from her hard drive
and cant retrieve them from the Recycle Bin. Describe the options or methods that you believe might
be used to recover the files. Your solution may contain a list of questions to ask her about her system
before you carry out your methods.

Deliverable: Write a 300-500 word report outlining the OS that the employee may be using,
formulate interview questions that may help you to recover data, and highlight the possibility of data
recovery in the report.

Task 3: Research Project (5 Marks)

As part of the duties of a digital forensics examiner, creating an investigation plan is a standard
practice. Write a paper that describes how you would organise an investigation for a potential fraud
case. Also, list the methods that you plan to use to validate collected data from storage devices such
as MS Word, MS Excel and emails, with hashes. Specify the hash algorithm you plan to use, such as
MD5 or SHA1.

Deliverable: Write a 300-500 word report that outlines standard investigation management and
data validation methods.

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 6 of 17
Rationale

This assessment task covers digital crime, forensic process and procedures, data acquisition and
validation, e-evidence, e-discovery tools and equipment. This assessment has been designed to ensure
that you are engaging with the subject content on a regular basis. More specifically it seeks to assess
your ability to:

determine the legal and ethical considerations for investigating and prosecuting digital
crimes
formulate a digital forensics process
evaluate the technology in digital forensics to detect, prevent and recover from digital
crimes analyse data on storage media and various file systems
collect electronic evidence without compromising the original data
evaluate the functions and features of digital forensics equipment, the environment and
the tools for a digital forensics lab

Marking criteria

Task 1: Hands-On Projects (10 Marks)

 Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 49% - 0
Hands-On Projects are Projects are Projects are Projects mostly Evidence of
Projects 1.3 and completed, completed, mostly completed but some steps is
1.5 evidence of all evidence of most completed, some with errors, some provided, reports
(4 marks) steps is provided, steps is provided, minor errors in steps are missing, are missing most
Complete report report is inserted report. report is missing details.
is inserted in the in the assignment. some details.
assignment.
Possible marks 4.0 3.4 3.3 3.0 2.29 2.6 2.5 2.0 1.9 0
Hands-On
Projects 3.4 and Projects are Projects are Projects are Projects mostly Evidence of
4.5 (6 marks) completed, completed, mostly completed but some steps is
evidence of all evidence of most completed, some with errors, some provided, reports
steps is provided, steps is provided, minor errors in steps are missing, are missing most
Complete report report is inserted report. report is missing details.
is inserted in the in the assignment. some details.
assignment.

Possible marks 6.0 5.1 5.0 4.5 4.4 3.9 3.8 3.0 2.9 0
Task 2: Case Project (5 Marks)

Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 49% - 0
300-500 word Report on OS, Report on OS, Report on OS, Report on OS, Report is
Report on case interview interview interview interview provided but it
project questions and the questions and the questions and the questions and the didnt address
possibility of file possibility of file possibility of file possibility of file the questions
recovery with recovery with recovery with recovery provided asked.
excellent reasonable some minor errors but it lacks
explanations and explanations and in explanations reasoning for the
justifications. justifications. and justifications. explanations and
justifications.
Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5 2.4 0

Task 3: Research Project (5 Marks)

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 7 of 17
 Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 49% - 0
300-500 word Standard practice Standard practice Standard practice Standard practice Little or no
Report on for potential fraud for potential fraud for potential fraud for potential fraud evidence of
investigation and case(s) case(s) case(s) case(s) research
validation investigation and investigation and investigation and investigation and conducted.
methods data validation data validation data validation data validation
methods excellent methods methods some methods provided
explanation, reasonable minor errors in but it lacks
justification with explanation, explanation, reasoning for the
MS Word and justification with justification with with MS Word
Excel hashes MS Word and MS Word and and Excel hashes
snapshots Excel hashes Excel hashes snapshots
provided, snapshots snapshots provided,
explained and provided, provided, explained and
references are explained and explained and references are
provided. references are references are provided.
provided. provided.
Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5 2.4 0
Presentation

Ensure all tasks are identified with headings.

Use single reference list at the end of document.
Submit the assignment in ONE word or pdf file on Turnitin. Please do not submit *.zip or
*.rar or multiple files

Assessment item 2
Assignment 2 - Tasks and Forensics Report
Value: 30%
Due date: 19-May-2017
Return date: 09-Jun-2017
Submission method options
Alternative submission method

Task

Task 1: Recovering scrambled bits (5 Marks)

For this task I will upload a text file with scrambled bits on the Interact site closer to the assignment
due date. You will be required to restore the scrambled bits to their original order and copy the plain
text in your assignment.

Deliverable: Describe the process used in restoring the scrambled bits and insert plain text in
the assignment.

Task 2: Revealing hidden information from an image (5 Marks)

For this task I will provide an image with hidden information in it. You will be required to reveal the
hidden information.

Deliverable: Describe the process used to reveal the hidden information from the image and copy
the revealed information in the assignment in plain text.

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 8 of 17
Task 3: Forensics Report (20 Marks)

In this major task assume you are a Digital Forensics Examiner. Considering a real or a hypothetical
case you are required to produce a formal report consisting of facts from your findings to your
attorney who has retained you. You are free to choose a forensics scenario which can be the
examination of a storage media (HDD, USB Drive, etc), email or social media forensics, mobile
device forensics, cloud forensics or any other appropriate scenario you can think of.

Deliverable: A forensics report of 1800-2000 word.

Rationale

This assessment task covers data validation, e-discovery, steganography, reporting and presenting,
and has been designed to ensure that you are engaging with the subject content on a regular basis.
More specifically it seeks to assess your ability to:

determine the legal and ethical considerations for investigating and prosecuting digital
crimes
analyse data on storage media and various file systems
collect electronic evidence without compromising the original data;
evaluate the functions and features of digital forensics equipment, the environment and
the tools for a digital forensics lab;
compose technical tactics in digital crimes and assess the steps involved in a digital
forensics investigation;
prepare and defend reports on the results of an investigation

Marking criteria
Task 1: Recovering scrambled bits (5 Marks)
 Criteria HD DI CR PS
100% - 85% 84% - 75% 74% - 65% 64% - 50%
Successfully Scrambled bits are Scrambled bits are Scrambled bits are Scrambled bits are S
recovering the restored to the restored to the restored to the restored to the re
scrambled bits to original text. Tool original text. Tool original text. Tool original text. No m
their original order used to decode the used to decode the used to decode the justification of tool or
(5 marks) text is mentioned and text is mentioned but text is mentioned but used is provided, no
justification to use the justification is the justification is process seems to pr
the tool is also not very clear. The not very clear. The be somewhat vague. de
provided. The process to restore the process to restore the
process to restore the scrambled bits is scrambled bits is
scrambled bits is described with some described but no
clearly described screenshots. screenshots
with screenshots provided.
inserted of all steps.
Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5
Task 2: Revealing hidden information from an image (5 Marks)
 Criteria HD DI CR PS
100% - 85% 84% - 75% 74% - 65% 64% - 50%
Successfully Hidden text is Hidden text is Hidden text is Hidden text is H
revealing hidden revealed. Tool used revealed. Tool used revealed. Tool used revealed. No re
text from an image to reveal the text is to reveal the text is to reveal the text is justification of tool m
Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 9 of

17
(5 marks) mentioned and mentioned but the mentioned but the used is provided, o
justification to use justification is not justification is not process seems to n
the tool is also very clear. The very clear. The be somewhat vague. p
provided. The process to restore the process to restore the d
process to reveal the text is described with text is described but
text is clearly some screenshots. no screenshots
described with provided.
screenshots inserted
of all steps.
Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5

Task 3: Forensics report (20 Marks)

Criteria HD DI CR PS
100% - 85% 84% - 75% 74% - 65% 64% - 50%
Introduction: All elements are All elements are All elements are Most elements are
Background, scope present, well present and largely present with few present possibly with
of engagement, tools expressed, accurate and well inaccuracies. some inaccuracies.
and findings comprehensive and expressed.
(3 marks) accurate.

Possible marks 3.0 2.55 2.54 2.25 2.24 1.95 1.94 1.5
Analysis: relevant Description of Description of Description of Description of analysis
programs, analysis is clear and analysis is clear and analysis is clear and is not completely
techniques, graphics appropriate programs mostly appropriate mostly appropriate relevant. Little or no
(5 marks) and techniques are programs and programs and graphics image
selected. Very good techniques are techniques are analysis provided.
graphic image selected. Good selected.
analysis. graphic image Reasonable graphic
analysis. image analysis.
Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5
Findings: A greater detail of Findings are Findings are Findings are provided
specific findings is provided, keywords provided, some but are somewhat
files/images, type of provided. Keywords and string searchers keywords are vague. Keywords
searches, type of and string searches are are listed. Evidence is listed. Evidence is and strings are not
evidence, indicators listed very sound. Ownership is reasonable which very clear. Evidence
of ownership clearly. Evidence clear. relates to the found may be
(5 marks) found is very ownership. questionable.
convincing. Indication
of ownership is very
clear.
Possible marks 5.0 4.25 4.24 3.75 3.74 3.25 3.24 2.5
Conclusion: High level summary Well summarised Good summary of Satisfies the minimum
Summary, Results of results is provided results and mostly results. requirements. Results
(3 marks) which is consistent consistent with the Able to relate the are not really
with the report. findings. results with findings. consistent with the
No new material is findings.
included.
Possible marks 3.0 2.55 2.54 2.25 2.24 1.95 1.94 1.5
References: APA 6th edition APA 6th edition APA 6th edition APA 6th edition
Must cite references referencing applied to referencing applied to referencing applied referencing applied
to all material used a range of relevant a range of relevant to a range of relevant to a range of relevant
as sources for the resources. No resources. No more resources. No more resources.
content referencing errors. than 2 referencing than 3 errors. Direct No more than 4 errors.
(2 marks) Direct quotes used errors. quotes used Direct quotes used
sparingly. Sources all Direct quotes used in-context. Sources in-context. Some
documented. sparingly. Sources all all documented. sources documented.
documented.

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 10 of 17
Possible marks 2.0 1.7 1.6 1.5 1.4 1.3 1.2 1.0
Glossary / Glossary of technical Glossary of technical Glossary of some Glossary of some
Appendices: terms used in the terms used in the technical terms used technical terms
(2 marks) report is provided report is provided in the report is used in the report is
which has generally which has mostly provided which has provided however
acceptable source of acceptable source of mostly acceptable terms are not generally
definition of the terms definition of the source of definition common and some
and appropriate terms and appropriate of the terms and references are
references are references are appropriate missing. Some
included. Relevant included. Some references are supporting material is
supporting material is supporting material is included. Some provided in
provided in provided in supporting material appendices.
appendices to appendices to is provided in
demonstrate the demonstrate the appendices to
evidence. evidence. demonstrate the
evidence.
Possible marks 2.0 1.7 1.6 1.5 1.4 1.3 1.2 1.0
Presentation

The following should be included as minimum requirements in the report structure:

Executive Summary or Abstract

This section provides a brief overview of the case, your involvement as an examiner, authorisation,
major findings and conclusion
Table of Contents
Introduction
Background, scope of engagement, forensics tools used and summary of findings
Analysis Conducted
o Description of relevant programs on the examined items
o Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden
partitions etc
o Graphic image analysis
Findings
This section should describe in greater detail the results of the examinations and may
include: o Specific files related to the request
o Other files, including deleted files that support the findings o
String searches, keyword searches, and text string searches
o Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news
group activity
o Indicators of ownership, which could include program registration data.
Conclusion
Summary of the report and results obtained
References
You must cite references to all material you have used as sources for the content of your work
Glossary
A glossary should assist the reader in understanding any technical terms used in the report. Use a
generally accepted source for the definition of the terms and include appropriate references.
Appendices
You can attach any supporting material such as printouts of particular items of evidence, digital copies
of evidence, and chain of custody documentation.

Follow the referencing guidelines for APA 6 as specified in Referencing Guides

(http://student.csu.edu.au/study/referencing-at-csu).

Submit the assignment in ONE word or pdf file on Turnitin. Please do not submit *.zip or *.rar
or multiple files.

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 11 of 17
Assessment item 3
Final Exam
Value: 50%
Date: To be advised
Duration: 2 Hours
Submission method options
N/A - submission not required/applicable

Rationale

Covering all topics, this assessment task has been designed to assess your ability to:

determine the legal and ethical considerations for investigating and prosecuting digital crimes
formulate a digital forensics process
evaluate the technology in digital forensics to detect, prevent and recover from digital crimes
analyse data on storage media and various file systems
collect electronic evidence without compromising the original data;
evaluate the functions and features of digital forensics equipment, the environment and the tools for a
digital forensics lab;
compose technical tactics in digital crimes and assess the steps involved in a digital forensics
investigation;
prepare and defend reports on the results of an investigation

Sample exam can be found at https://doms.csu.edu.au/csu/items/ec433966-0ca6-4a95-9915-

00e73184070d/1/ and you may need to enter your Interact2's username and password to access to
CSU's Digital Object Management System (DOMS).

Requirements

Close book examination consists of:

Short answer questions and case study. All questions must be answered.

It is your responsibility to ensure that you are aware of the requirements for completing the exam and
that you attend the exam site on the correct date and at the correct time. The School of Computing and
Mathematics will not accept misreading the exam time as misadventure.

Marking criteria
Part A 5 Short Answer Questions (8 marks each)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 49% - 0
Demonstrate an Demonstrate an Demonstrate an Demonstrate an Demonstrate an Demonstrate an
ability to ability to analyse, ability to ability to analyse, ability to analyse, ability to
analyse, reason reason and discuss analyse, reason reason and discuss reason and discuss analyse, reason
and discuss the the concepts to and discuss the the concepts to most concepts to and discuss
concepts draw justified concepts to draw draw justified draw justified some concepts to
learned in the conclusions that justified conclusions that conclusions that draw
subject (This are logically conclusions that are generally are generally conclusions that
includes content supported by are logically logically logically are generally
from online examples and best supported by supported by supported by logically
meetings, practice. Answers examples and examples and best examples and best supported by
textbook succinctly integrate best practice. The practice. The examples. The
chapters, and link practice. The answers are answers are answers are
modules, information into answers are generally logically partially structured partially
cohesive and logically structured to into loosely-linked structured and
coherent piece of structured to create a rudimentary may tend to list
analysis and create cohesive comprehensive, sentences to create information.
Charles Sturt University Subject Outline
ITC597 201730 SM I-28 January 2017-Version 1 Page 12 of 17
readings and consistently use and coherent mainly descriptive a comprehensive, Uses frequent
forum correct forensics piece of analysis piece of analysis. descriptive piece informal
discussions) terminologies and that consistently Some use of of analysis. Some language.
sophisticated use correct correct forensic use of correct
language. forensic terminologies. forensic
terminologies. terminologies.
Possible marks 8.0 6.8 6.7 6.0 5.9 5.2 5.1 4.0 3.9 0
Part B One Case Study Question (10 marks)
Criteria HD DI CR PS FL
100% - 85% 84% - 75% 74% - 65% 64% - 50% 49% - 0
Use the Use the concepts Use the concepts Use the concepts Use the concepts Use the concepts
concepts learned in the learned in the learned in the learned in the learned in the
learned in the subject to solve subject to solve subject to solve subject to solve subject to solve the
subject to the case which the case which the case which the case which case which
solve the case demonstrates an demonstrates an demonstrates an demonstrates an demonstrates an
(This includes ability to analyse ability to analyse ability to analyse ability to analyse ability to analyse
content from and reason the and reason the and reason the and reason most and reason the
online concepts to draw concepts to draw concepts to draw concepts to draw concepts to draw
meetings, justified justified justified justified conclusions that
textbook conclusions that conclusions that conclusions that conclusions that are generally
chapters, are logically are logically are generally are generally logically supported
modules, supported by supported by logically logically by

readings and examples and best examples and best supported by supported by examples. Answer
practice. Answer practice. Answer examples and best examples and best is partially
forum
succinctly is logically practice. Answer practice. Answer structured and may
discussions)
integrates and link structured to is generally is partially tend to list
information into create cohesive logically structured into information. Uses
cohesive and and coherent structured to loosely-linked frequent informal
coherent piece of piece of analysis create a rudimentary language.
analysis and that consistently comprehensive, sentences to create
consistently use use correct mainly descriptive a comprehensive,
correct forensics forensic piece of analysis. descriptive piece
terminologies and terminologies. Some use of of analysis. Some
sophisticated correct forensic use of correct
language. terminologies. forensic
terminologies.
Possible marks 10.0 8.5 8.4 7.5 7.4 6.5 6.4 5.0 4.9 0

Material provided by the University

Answer Booklets (1 X 12 page)

Material required by the student

Writing implements, including a 2B pencil and an eraser.

Any calculator allowed, including programmable calculators (hand held, no printer). i-

pads, smart phones and other hand-held devices are not accepted as calculators.

Assessment Information
Learning materials
Details of learning materials that support your success in this subject can be found in the
Interact2 Subject Site.

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 13 of 17
Referencing
Referencing is an important component of academic work. All assessment tasks should be
appropriately referenced. The specific details of the referencing requirements are included in
each assessment task description. Get referencing style guides and help
(http://student.csu.edu.au/library/integrity/referencing-at-csu) to use for your assessments.

Plagiarism
CSU treats plagiarism seriously. We may use Turnitin to check your submitted work for plagiarism.
You can use Turnitin to check for plagiarism
(http://student.csu.edu.au/library/integrity/referencing-at-csu/checking) in your assessments before
submission.

How to apply for special consideration

Academic regulations provide for special consideration to be given if you suffer misadventure or
extenuating circumstances during the session (including the examination period) which prevents
you from meeting acceptable standards or deadlines. Find the form on the Student Portal Special
Consideration, Misadventure, Advice and Appeals (http://student.csu.edu.au/study/academic-advice)
page.

Extensions
In order to ensure that students who hand their assignments in on time are not disadvantaged, and to
enable the lecturer to comply with the requirement to return assignments to the class within 21
days, the following rules about extensions will be strictly enforced:

1. Extensions cannot be granted for online tests, as these have to be done within a specific time
frame, after which the answers are released to the class automatically.

2. Computer problems and normal work-related pressures and family commitments do not
constitute sufficient reasons for the granting of extensions.

3. If it becomes obvious that you are not going to be able to submit an assignment on time
because of an unavoidable problem, you must submit your request for an extension to the
Subject Coordinator in writing (email or post) prior to the due date.

Requests for extensions will not be granted on or after the due date so you must make sure
that any extension is requested prior to the day on which the assignment is due.

You are expected to do all you can to meet assignment deadlines. Work and family related
pressures do not normally constitute sufficient reasons for the granting of extensions or
incomplete grades.

4. If you apply for an extension, you may be asked to email your lecturer on what you
have done so far on the assignment.

5. You must be able to provide documentary evidence (such as a certificate from a doctor or
counsellor) justifying the need for an extension as soon as practicable - but please note that if
the circumstances giving rise to the request for an extension arise on a day when you cannot
get documentary evidence, you must still apply for the extension before the due date and
submit the documentary evidence afterwards.

6. Given the tight deadlines involved in returning assignments to students and putting feedback
on Interact, the maximum extension granted generally will be seven (7) days from the
due date.

7. Assignments received more than 10 days after the due date or extension date will not be
marked unless the staff member decides otherwise. Items received late will be penalised at
10% of the mark available for the assessment item per day it is late (see below).

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 14 of 17
 8. Note that for purposes of measuring lateness, the 'day' begins just after 00.00 hrs AEST - so
an assignment received after midnight of the due date will be penalised 10% for lateness.
This rule will be applied to all students uniformly.

Penalties for Late Submission

The penalty for late submission of an assessment task (without obtaining the Subject
Coordinator's approval for an extension) will be:

10% deduction per day, including weekends, of the maximum marks allocated for the assessment
task, i.e. 1 day late 10% deduction, or 2 days late 20% deduction.

An example of the calculation would be:

Maximum marks allocated = 20

Penalty for one day late = 2 marks (so, a score of 18/20 becomes 16/20 and a score of 12/20
becomes 10/20).

If an assignment is due on a Friday but is not submitted until the following Tuesday, then the penalty
will be four days (40% deduction or 8 marks in the example above).

Submissions more than 10 days late will be acknowledged as received but will not be marked.

Resubmission
Under normal circumstances resubmission of assessment items will not be accepted for any of
the assessments required in this subject.

Online Submission
Assignments should be submitted through TurnItIn. Please meet with your respective lecturer to enroll
in the Turnitin (If you do not receive any email from Turnitin).

Assessments such as Blogs, Quizzes and Journals are required to submit in the Interact2.

TurnItIn does not accept Excel files and PDF files.

Assignment/s must be submitted through Turnitin by midnight (AEST) according to the date
mentioned in the subject outline.

Postal Submission
Under normal circumstances postal submissions will not be accepted for any of the
assessments required.

Hand Delivered Submission

Under normal circumstances hand delivered submissions will not be accepted for any of the
assessments required.

Feedback
Feedback for assessment items will be provided by subject lecturer/s.

Assignment Return
You should normally expect your marked assignment to be returned to you within 15 working days
of the due date, if your assignment was submitted on time. If you submitted your assignment on time
but have not returned by the return date, you should make enquiries in the first instance to the
subject lecturer. If the subject lecturer is not available, contact Level 1, Reception.

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 15 of 17
Student Feedback and Learning Analytics
Evaluation of Subjects
CSU values constructive feedback and relies on high response rates to Subject Experience Surveys
(SES) to enhance teaching. Responses are fed back anonymously to Subject Coordinators and
Heads of Schools to form the basis for subject enhancement and recognition of excellence in
teaching. Schools report on their evaluation data; highlighting good practice and documenting how
problems have been addressed. You can view a summary of survey results via the Student Portal
SES Results (https://student.csu.edu.au/study/subject-experience-survey-results) page.

We strongly encourage you to complete your online Subject Experience Surveys. You will be
provided with links to your surveys via email when they open three [3] weeks before the end of
session.

Changes and actions based on previous student feedback

Based on past analytics, changes made to the subject included more face-to-face interactions with
the subject Lecturer and Course Coordinator can significantly improve learning outcomes.

Learning analytics in this subject

Learning Analytics refers to the collection and analysis of student data for the purpose of improving
learning and teaching. It enables the University to personalise the support we provide our students. All
Learning Analytics activities will take place in accordance with the CSU Learning Analytics Code of
Practice. For more information, please visit CSUs Learning Analytics
(http://www.csu.edu.au/division/student-learning/home/analytics-and-evaluations/learning-analytics)
website.

Data about your activity in the Interact2 site and other learning technologies for this subject will be
recorded and can be reviewed by teaching staff to inform their communication, support and
teaching practices.

Services and Support

Your Student Portal (http://student.csu.edu.au) tells you can how you can seek services and support.
These include study, admin, residential, library, careers, financial, and personal support.

Develop your study skills

Develop your study skills (https://student.csu.edu.au/study/skills) with our free study services. We
have services online, on campus and near you. These services can help you develop your English
language, literacy, and numeracy.

Library Services
CSU Library (https://student.csu.edu.au/library) provides access to the eBooks, journal articles, books,
and multimedia resources needed for your studies and assessments. Get the most out of these
resources by contacting Library staff either online or in person, or make use of the many Library
Resource Guides, videos and online workshops available.

CSU Policies and Regulations

This subject outline should be read in conjunction with all academic policies and regulations, e.g.
Student Academic Misconduct Policy, Assessment Policy Coursework Subjects, Assessment
Principles Policy, Special Consideration Policy, Academic Progress Policy, Academic Communication
with Students Policy, Student Charter, etc.

Please refer to the collated list of policies and regulations relevant to studying your subject(s)
(http://student.csu.edu.au/administration/policies-regulations-subjects) which includes links to the CSU
Policy Library (http://www.csu.edu.au/about/policy) the sole authoritative source of official academic
and administrative policies, procedures, guidelines, rules and regulations of the University.

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 16 of 17
Subject Outline as a Reference Document
This Subject Outline is an accurate and historical record of the curriculum and scope of your subject.
CSU's Subject Outlines Policy (https://policy.csu.edu.au/view.current.php?id=00267) requires that you
retain a copy of the Subject Outline for future use such as for accreditation purposes.

Charles Sturt University Subject Outline

ITC597 201730 SM I-28 January 2017-Version 1 Page 17 of 17