CSCB544/CCSB5223 Computer Forensics
1
ASSIGNMENT 2
INSTRUCTIONS
TASK 1: Based on your PAPER OUTLINE in Assignment 1, prepare FULL PAPER.
 File name: CF ASSIGNMENT02-1 GROUPNo.pdf and
ASSIGNMENT02-1 GROUPNo.docx/doc
 Due date: 2 May 2021, 11:59 pm
 Number of paragraphs: Minimum – 8, maximum – 10
 Submission through Moodle
 Marks: 50
CF
TASK 2: Each group must select one of the given case studies and discuss with team members
to complete the task.
(i) Based on your discussion about the selected case study, prepare PRESENTATION
slides and RECORDED VIDEO to present your findings.
 File name: CF ASSIGNMENT02-2 GROUPNo.pptx/ppt/pdf and CF
ASSIGNMENT02-2 GROUPNo.txt (include link to video file)
 Due date: 2 May 2021, 11:59 pm
 Presentation duration: Minimum 15 minutes, maximum 20 minutes
 Number of slides: Minimum – 8, maximum – 15
 Submission through Moodle
 Marks: 50
GROUP MANAGEMENT
1) Discuss among the group members on task allocation.
2) When submitting the assignment, only include names of those who contributed to the
discussion/answer. Name of group member who is missing in action or not contributing
anything should NOT BE INCLUDED in the submission.
3) It is the group’s responsibility to assure that each one contributes in completing this
assessment. Anyone who does not cooperate may receive relevant penalty/ies.
SUBMISSION REQUIREMENT FOR FULL PAPER
1) Typed.
2) Spacing and Font Type: 1.5 spacing and Times New Roman size 12 only.
3) Plagiarism will not be tolerated.
CSCB544/CCSB5223 Computer Forensics
2
CASE STUDY 1
You are contracted to work as a computer forensics investigator for a case involves abuse of
company resources. The company believes that one of their engineers has deployed unauthorized
software that is intended to consume massive amounts of process power. This issue is brought up
when the company identified a dramatic increase in their electricity bill. The company would
like you to identify the source of the increase in process utilization. Assume that the first
responder steps were not performed. You find that the servers have been left powered on and
functioning. The servers are too large and important to be removed from the company data center
facility. Let’s assume you have been asked not to remove the servers, but you are authorized to
interact with them as you see fit.
Discuss the strategy and process that you will use to collect evidence and discuss the relevant
guidelines for collecting digital evidence.
CASE STUDY 2
You are working as an administrator of a company and responsible for network services and
security. The Human Resource (HR) wants you to investigate a harassment case between two
employees and wants you to collect everything that could be potentially useful for this case and
present your findings in a forensic report. It is obvious that before starting the investigation, we
need to have preparation in order to conduct the investigation efficiently.
Discuss the strategy and process that you will use to collect evidence and discuss the relevant
guidelines for collecting digital evidence.
CASE STUDY 3
One student was suspected of using his smartphone to intercept network traffic and launch manin-the-middle attacks against the university’s server in a computer lab. The IT Department seeks
your help to investigate the case and wants you to collect everything that could be potentially
useful for this case and present your findings in a forensic report.
Discuss the strategy and process that you will use to collect evidence and discuss the relevant
guidelines for collecting digital evidence.
CASE STUDY 4
A bank has hired your firm to investigate the fraud carried out by one of their employees. The
bank uses three 40TB workstation machines on a Local Area Network (LAN). Let’s assume you
have been asked not to remove the workstations, but you have access to consult their
administrator who is familiar with the stored data.
Discuss the strategy and process that you will use to collect evidence and discuss the relevant
guidelines for collecting digital evidence.
CSCB544/CCSB5223 Computer Forensics
ASSESSMENT RUBRIC
Assignment 2 Grading Criteria: FULL PAPER
3
Maximum Points
Content
 Paper objectives clearly stated
 Content is appropriately discussed
 Content is well organized into sections
5
15
15
Format/technical style
 Clearly written statements
 Citation format
10
5
Sub Total
Assignment 2 Grading Criteria: CASE STUDY PRESENTATION
Content is appropriately discussed
Content is well organized
Presentation
Sub Total
50
Maximum Points
15
15
20
Team member evaluation
50
10
Grand Total
110
CSCB544/CCSB5223 Computer Forensics
FULL PAPER
POINTS
Paper Objectives
Citation format
POINTS
Content is
appropriately
discussed
Content is well
organized
POINTS
Clearly written
statements
SLIDES AND VIDEO
POINTS
Content is
appropriately
discussed
Content is well
organized
POINTS
Enthusiasm
Organization
Subject knowledge
Presentation design
4
EXEMPLARY
5
Identifies & understands
all of the main issues in
the topic
Excellent formatting,
almost impeccable
consistency
EXEMPLARY
15 – 12
PROFICIENT
4–3
Identifies & understands
most of the main issues
in the topic
Good and consistent
formatting, very few
mistakes
PROFICIENT
11 – 8
LIMITED
2
Identifies & understands
some of the main issues in
the topic
Some efforts in formatting
UNSATISFACTORY
1–0
Identifies & understands
few of the main issues in
the topic
No obvious efforts in
formatting
LIMITED
7–5
UNSATISFACTORY
4–0
Insightful and thorough
discussion of all the
issues
Excellent discussion
about the issues with
clear flow
EXEMPLARY
10 – 7
No grammatical,
spelling or punctuation
errors
Thorough discussion of
all the issues
Superficial discussion of
all the issues
Incomplete discussion of
all the issues
Good discussion about
the issues with
acceptable flow
PROFICIENT
6–4
Almost no grammatical
spelling, or punctuation
errors
Limited discussion about
the issues with weak flow
Incomplete discussion
about the issues
LIMITED
3–2
A few grammatical
spelling, or punctuation
errors but do not interfere
with meaning
UNSATISFACTORY
1–0
Many grammatical
spelling, or punctuation
errors and interfere with
meaning
EXEMPLARY
15 – 12
Insightful and thorough
discussion of all the
issues
Excellent discussion
about the issues with
clear flow
EXEMPLARY
5
Demonstrate passionate
interest in the topic
Presentation was well
organized with logical,
interesting sequence that
audience easily follow
Demonstrates full
knowledge and concepts
Makes excellent use of
fonts, colours, graphics,
effects, links, transitions,
etc. to enhance the
presentation
PROFICIENT
11 – 8
Thorough discussion of
all the issues
LIMITED
7–5
Superficial discussion of
all the issues
UNSATISFACTORY
4–0
Incomplete discussion of
all the issues
Good discussion about
the issues with
acceptable flow
PROFICIENT
4–3
Demonstrate interest in
the topic
Presentation followed
logical sequence that
audience could follow
Limited discussion about
the issues with weak flow
Incomplete discussion
about the issues
Demonstrates substantial
understanding of the
knowledge and concepts
Makes good use of fonts,
colours, graphics,
effects, links, transitions,
etc. to enhance the
presentation
LIMITED
2
Limited evidence of
interest in the topic
Presentation jumped
around, audience had
difficulty following the
presentation
Demonstrates some
understanding of the
knowledge and concepts
Uses fonts, colours,
graphics, effects, links,
transitions, etc. but
occasionally these detract
from the presentation
content
UNSATISFACTORY
1–0
Lack of enthusiasm and
interest
Presentation had no
logical sequence, making
content difficult to
understand
Demonstrates very
limited understanding of
the knowledge and
concepts
Uses fonts, colours,
graphics, effects, links,
transitions, etc. but these
detract from the
presentation content