Computer Forensics Fundamentals (CFF) Assignment Sample Kaplan

The computer forensics fundamentals course is designed for anyone looking to enhance their skills and build a career in information security. The program will help you learn how to use forensic tools to find evidence from digital devices, track down hackers through data collection methods like network monitoring or log analysis, evaluate different challenges of an investigation including the importance of chain-of course custody protocol and fact gathering vs speculation during investigations among other things.

The Computer Forensics Fundamentals Course was created by experts in order that those who want more hands on experience could have it with some guidance based off real world scenarios they may encounter!

TOA,TMA, GBA Assignment sample of Computer Forensics Fundamentals module Singapore

 At the end of this course, Singaporean students will be able to learn Computer Forensics Fundamentals module with the help of the following learning outcomes:

1.Understand key issues related to computer forensics

Computer forensics is the examination of computer media by a digital forensics expert following a security incident.

Digital evidence is used to reconstruct events, and can be plaintiff or defendant led. The solid state drive (SSD) does not require data to be written in contiguous sectors, unlike ordinary hard disks which organize physical space on the surface of a disk using an indexing scheme.

The process of rebuilding fragmented SSDs is fundamentally different from data recovery from regular hard drives. Endpoint security refers to computer processes that are designed specifically for the protection of computers as they are used in organizations or enterprises.

To ensure trustworthy retrieval, endpoint security must provide appropriate authorization mechanisms, access control policy enforcement and configuration management capabilities at all layers from user interface through the operating system and its applications, and multiple levels of security.

Intel processors require a computer chip called the Management Engine (ME) which is used as part of the Intel Active Management Technology (AMT). AMT functionality can be separated into four categories: remote access, system management, data storage and firmware update.

2.Learn about trademarks, copyright, and patents

In the United States and many other countries, there are three “rights” that exist for protecting intellectual property: trademarks, copyright, and patents.

A trademark is a word, symbol or design used to identify goods and services from one producer instead of another. The trademark holder can take legal action against any unauthorized use of the trademark without permission (as long as they weren’t actively selling).

A copyright protects original work such as book writing or art design. If someone else copies your copyrighted work without permission you can sue them for violating intellectual property law.

Patents protect inventions such as new devices or mixes of old devices. Patents are issued by an individual government agency rather than through international treaties like most copyrights and trademarks are.

3.Master the incident handling and response process

The general incident handling process in Computer Forensics follows the following steps-

1. Response to a system security breach
2. Incident Communication
3. Data Preservation
4. IT Asset Protection
5. Digital Forensics Investigation and Analysis
6. Removal of Vulnerabilities or “Malware” Infections from Systems and Networks (following Digital Forensics Investigation)
7. Restoration Priorities (including business up time, customer relations, and cost)
8. Incident Analysis – Assessment and Learning
9. Mitigation of Threats
10. Recovery from Loss or Damage
11. Documentation
12. Follow up Investigation – as needed / requested by Client
13. Reporting

4.Master cyber crime and computer forensics investigation methodology

The Cyber Crime Investigation Methodology Certification by the National Association of Certified Fraud Examiners consists of a professional educational course, certifying exam, and validation of completion in order to establish the knowledge required to conduct computer crime investigations.

The curriculum covers applying for a search warrant; seizing electronic media and documenting evidence found during seizure; identifying where data is coming from with DNS ids.; internet/wireless hacking crime scene processing; interviewing complainants, victims and witnesses; social engineering for investigative purposes, exploitation detection and response used as a tactical procedure for reconnaissance or defensive purposes in an investigation.

In addition to theoretical instruction on these techniques by authors of leading texts in the field, participants gain hands-on experience through cyber case challenges they create themselves .

This certification is independent of any organization or vendor, and is a valuable credential for any security professional, especially those interested in networking, computing or data protection.

5.Understand the different types of digital evidence and digital evidence examination process

There are five major categories or types of digital evidence. They are formatted data, unformatted data, network traffic, chat messages and emails. Within each type there are several specific sub categories that you may encounter within your examination process. Let’s briefly examine the meaning and general characteristics of each type of digital information:

Formatted Data: Messages, Emails & Files: Formatted data is generally composed of previously stored files such as word processing documents or spreadsheets including audio files (e.g., MPEGs), video files (e.g., QuickTime) and image files (e.g., JPEGs). Some formatted data is created through ongoing synchronous exchange where it is received and created in real-time (e.g., chat sessions).

Unformatted Data: Disk Drives & Cell Phones: This is characterized by data that has not yet been accessed or format into a recognizable file type. These records are regularly only legible by the host that store them, because they have not yet had the required formatting.

Network Traffic: This contains evidence from information created by networked computers and services as they interact with other devices on the Internet or over a LAN/WAN. The type of traffic will differ based on the nature of the interaction and the protocols being used to communicate between the devices. T

Chat Messages: This is defined as any communication occurring in real-time over an Internet Relay Chat (IRC) or other instant messaging system. These messages may be stored on the server from which they originate or on a user’s computer depending upon how the provider of the service has configured their infrastructure.

6.Understand the different types of file systems and their comparison (based on limit and features)

There are different types of file systems. The two most popular are FAT32 and NTFS, although other outdated file systems exist. There is no significant difference in performance between FAT32 and NTFS because modern computers can handle them equally well. They have the same limitations, features, almost identical speeds on read/write operations but should be noted that older versions of Windows XP will not read or write to a drive with an NTFS partition and Vista may require ADMIN rights for reading or writing to an (N)NTFS formatted drive.

7.Learn to gather volatile and non-volatile information from Windows and network forensics analysis mechanism

Windows and network-related forensics involves gathering volatile and non-volatile information from RAM, the Security Account Manager (SAM), Registry, Evidence Files (stored on NTFS volumes) as well as boot sectors.

Tools used for collecting volatile data include antivirus scanners, FTK Imager or DIGLEX, Tasklist.exe , Autoruns.exe etc. Tools used for collecting non-volatile information include PassportMcLean PowerControls by Passport Forensics Software & TeraCopy Suite – Streaming Duplication Agent by Jetico Developers.

A forensic examiner will extract a wide variety of data related to system usage while conducting this investigation phase in order to recreate an accurate chronology of events .

8. Understand steganography and its techniques

Steganography is a form of security through obscurity which conceals a message, image, or file within another file (usually an image), in such a way that the hidden data cannot be detected without special knowledge.

The word steganography comes from the Greek words ‘steganos’ meaning “covered or concealed” and graphein meaning “to write.” It was employed by ancient Greeks to avoid censorship, and more recently it has been operationalized online to circumvent censorship issues in countries like Egypt and Syria.

For computer forensic purposes, one would map out all accessible media on the machine you are examining for potential stego files (images with captions added that say things like “the dog did something bad :-)”).

9. Gain an understanding of the different types of log capturing, time synchronization, and log capturing tools

There are three log capturing methods: rotating storage, momentary capture, and logging server. Rotating disks store only the newest events until they reach a certain capacity. Momentary captures gather event logs as applications or devices generate them.

Logging servers increase efficiency by gathering events in one location for any number of devices sharing that server. There are many who argue that each of these approaches has drawbacks.

For example, rotating storage can lead to deleted data if someone inadvertently deletes a log file before it is rotated; and event logs gathered on a logging server must be carefully indexed to track what part of an environment produced them so that analysts don’t have to sort through masses of information looking for the information they need to see.

10.Master the art of e-mail tracking and e-mail crime investigation

e-mail tracking and e-mail crime investigation are vital in this day of age where company information, consumer data such as social security numbers, and even banking information is made available through a simple e-mail account. While law enforcement officials have to investigate cases based on facts provided to them, obtaining access to the actual computer offers more specific evidence which helps authorities find the truth.

In addition to finding crucial evidence by investigating wrongdoing done with an email account; it’s also possible for criminals or other outside individuals who steal accounts to use it for nefarious purposes.

Law enforcement officials can track emails back from all servers that they were originally sent from, producing a timeline leading straight back to the original sender’s identity. Tracking an  email address is possible because every time an email message travels from one computer to another, it has a unique set of numbers that is attached to the message.

11.Learn to write an investigation report

A good investigation report starts with an introduction that briefly summarizes the purpose and scope of the report. If this is a forensic investigation, describe your qualifications as appropriate.

For example, if you are requesting lab review or clarification from a state crime lab. In contrast, if you are submitting a completed forensics analysis to your supervisor for review or approval, it would be appropriate to mention one’s training in forensic anthropology or entomology and related experience in criminal investigations.

The body of an investigative analysis can typically be subdivided into four sections: what happened; what did not happen; what were the results of other investigations–forensic science analyses (e.g., DNA phenotyping), interviews of involved personnel (not on duty at the time, etc.), or search (or surveillance) warrants; and the analysis itself.

The first two are primarily descriptive in nature while the last two would be more analytical oriented. However, keep in mind that a forensic investigation report is written to reflect an overall “story” of what happened.

Avail top-quality assignment answers on Computer Forensics Fundamentals module Singapore

The assignment experts at Singapore assignment help offer excellent Computer Forensic Assignment Help and Computer forensics tutoring for scholars of all marks.

If you are stressed out from the academic workload and need some help with dissertation, we are here to provide excellent assistance to finish your dissertation writing!

We have a team of final year project helper that will be able to assist in do my project online so don’t hesitate another minute – get our law essay helper by contacting us today!

We have a wide range of services to help students in their pursuit for university. We provide TMA, GBA, TOA and individual project assessment etc., just to name a few of our diverse options.