It is to note that this assignment consists of two parts a) Assignment 1a and b) Assignment 1b.
Students have to submit the Assignment 1a, by the end of week 3. Once the Assignment 1a is marked
and a constructive feedback is provided, the responses to the comments/feedback has to be
tabulated and appended to Assignment 1b that would be submitted in week 7.
Assignment 1a: Leaving Clues to a Crime
The following is the scope for Assignment 1a.
In this Assignment 1a you will create a pretended crime scenario that needs computer forensic
analysis. Along with the crime scenario, create digital clues that may be left on a small portable
IMPORTANT: Any names of persons or organizations in the crime scenario should be pretended;
DO NOT use the names of real people or businesses. Also, DO NOT develop a crime scenario
involving child pornography or anything that can be interpreted as a threat to the public.
Acceptable topics include theft, embezzlement, kidnapping a fictitious character, the murder of a
fictitious character, etc.
The chosen crime scenario must be discussed according to the following questions:
Q1) You will leave your digital “clues” on a flash/thumb drive. Provide your thumb drive (containing
your digital clues) for analysis as an image by using forensics tools listed in Table 1.
Include this screenshot in your final report!
Your digital clues must include at least one of each of the following:
– Hidden file
– Deleted file
– Graphic file
– Password-protected file
– Web access (browser history)
– Change extension of one file such as .docs to .pdf
Q2) Discuss what should you consider when determining which data acquisition method to use.
Q3) Discuss some options that can be used for preserving the data in this situation
Q4) Explain two acquisition methods that you should use in this situation.
Assignment 1b: Create and Delete Files on USB Drive
In this Assignment 1b, you need to find any evidence of the Assignment 1a, and any data that might
have been generated from the suspect’s hard drive, so that, it may be presented in a court of law.
To create your digital clues, please do the following task:
1. On your USB drive, create a word file named your Student ID, where the blank should be filled
with your name, mobile, citizen, address and some other information.
MN624 Digital Forensic 3 of 7
Prepared by: Dr. Ammar Alazab Moderated by: Dr. Ajay Shiv Sharma July, 2020
The file should contain the following sentence: “I have enrolled for MN624 Digital Forensic T2
2020.” The first blank in the sentence should be filled in with your Full name and the second blank
with the date when you registered for this unit.
2. On the same drive, create an excel file named “StudentID.xls”, where the First column should be
filled with your units name that you had at MIT last semester and the second column should be
filled with your marks with those units.
3. Store your current Photo on a USB drive and save it in JPG format or other images format.
4. Take a screenshot of your Windows Explorer window showing the content of the USB’s folder
hosting the three files. Include this screenshot in your final report! Now delete those files, and then
take another screenshot of the respective folder’s content (after the two files have been deleted).
Include this screenshot in your final report.
Table 1: Digital forensics Tools (You can choose any two tools for your demonstration with
your tutor’s consent)
Serial # Name of the security tool
1 The Sleuth Kit (Autopsy)
2 FTK Imager
3 X-Ways Forensics
4 CAINE (Computer Aided Investigative Environment)
5 SANS Investigative Forensic Toolkit (SIFT)
Q1) Use two computer forensics tool from table 1 to Acquire an Image of USB Drive. In the report,
you need to include the screenshots of each step.
Q2) Use two computer forensics tool from table 1 to Recover Deleted Images and to verify which
files have changed of extension. In the report, you need to include the screenshots of each step.
Q3) Discuss what techniques and tools that can be used to recover the passwords. Use one of these
techniques to recover the passwords from the protected files.
Q4) validate your results by using hash algorithms.
Q5) Comparison of the digital forensics tools that you used in this work. Your comparison could
– Digital forensics features
– Time is taken to detect acquire threat
– Ease of usage
Q6) Demonstration of the two digital forensics tools that you used in this work on week 7.