CSEC650 Lab 2 Instructions, Questions, And Grading Criteria

1csec650 Lab2 Instructions Questions And Grading Criteriascoring Ran

Preview the lab deliverables in Part I and the questions in Part II before starting your lab work. Log into UMUC Virtual Lab and perform steps 1 through 50 as specified in the PDF file "CSEC 650 Lab2 Write-up.pdf". During the process, capture and paste five specified screenshots into your Word answer file. Take notes for other deliverables and questions after previewing them. You cannot skip steps, as this may hinder completing the lab successfully. Create a single Word or PDF file named "Lab2-YourFirstInitial-LastName" including all deliverables and answers. Submit this file via WebTycho under the Lab2 assignment by the deadline.

Part I: Lab Deliverables (30 points)

A. Screenshots (10 points; 2 points each)

During the lab, capture and insert into your answer file the following five screenshots, each with a brief description:

1. A screenshot similar to the illustration on page 6 of the Lab2 Write-up.
2. A screenshot similar to the illustration on page 16 of the Lab2 Write-up.
3. A screenshot similar to the illustration on page 31 of the Lab2 Write-up.
4. A screenshot similar to the illustration on page 32 of the Lab2 Write-up.
5. A screenshot similar to the illustration on page 37 of the Lab2 Write-up.

B. Log of Forensic Analysis (10 points)

Draft a numbered list or table documenting sequential forensic actions, including dates, times, devices, tools, data files, search outcomes, and analysis summaries.

C. Report Letter to the Professor (10 points)

Write a formal business letter to the professor explaining the objectives, what was attempted and succeeded or failed, and insights gained. Use 4–5 paragraphs focusing on forensic goals, processes, results, and reflections derived from lab work.

Part II: Lab Questions (70 points)

Answer each question with up to two paragraphs, demonstrating clarity and correctness. Incorporate APA citations where appropriate and list references at the end.

1. Based on the Request for Analysis pdf, identify five effective keywords for the investigation.
2. What is the hash value of the forensic image during verification in Autopsy? Attach a screenshot showing this hash. Does it match the provided analysis request? Explain the importance of matching hash values.
3. Explain why it's crucial to mount the source drive containing the image as read-only.
4. Define a dd image.
5. Using Autopsy, find and explain a file of interest related to the investigation, and then find and explain a deleted file of interest. Justify why these files are significant.
6. Discuss why taking notes and annotating timestamps is essential and how it benefits the investigation.
7. Identify the file system type from which the forensic image was collected.
8. Based on your analysis, identify current communication contacts of Joey Lawless, supporting your answer with evidence.
9. What do you infer Joey Lawless was communicating about, supported by evidence from the image analysis?

References

• Carrier, B. (2005). File System Forensic Analysis. Addison-Wesley.
• Casey, E. (2011). Digital Evidence and Computer Crime. Academic Press.
• Garfinkel, S. L. (2010). Digital forensics research: The next 10 years. Digital Investigation, 7(2), 64-73.
• Higgins, M. (2017). Practical Digital Forensics. Syngress.
• Rogers, M. K., Seigenthaler, K., & Chio, M. (2006). Computer Forensics: Principles and Practices. John Wiley & Sons.
• Pollitt, M. M. (2010). Managing computer forensics on the network. Digital Investigation, 7, 57-63.
• Quick, D. (2020). Computer Forensics: Investigating Network Intrusions and Other Computer Crime. CRC Press.
• Rogers, M. (2008). The use of digital signatures in digital evidence. IEEE Security & Privacy, 6(5), 63-66.
• Santos, R. D., & Brodersen, E. (2018). Forensic investigation of mobile devices. Journal of Digital Forensics, Security and Law, 13(2), 23-42.
• Whitcomb, C. (2019). Practical Digital Forensics. CRC Press.