7906ICT Assignment Specification 1.
7906ICT Assignment Specification 1
CRICOS No. 00233E
3906ICT Digital Forensics A3 Assessment Specification
Due Date: 12th October 2020
This assignment is worth 35% of the total assessment for 3906ICT. It is individual work. While you can
discuss the assignment with your peers, your submission should be your own work. You should provide
evidence of your own work incorporated in your submission.
The objective of this assignment is to gain knowledge and understanding of digital forensics through
research and practical experience. This understanding is to be demonstrated by submission of a formal
technical report of an analysis of digital forensics artefacts and a Digital Forensics Investigator’s report
for non-technical audiences.
On his way to rendezvous with Maria Hill, the espionage agency S.H.I.E.L.D. Director, Nick Fury, is
ambushed by assailants led by a mysterious assassin called the Winter Soldier who works for the evil
secret society H.Y.D.R.A. Fury escapes to Steve Rogers’ apartment, and warns Rogers, also known as
Captain America that S.H.I.E.L.D. is compromised. Fury is gunned down by the Winter Soldier, before
handing Rogers a flash drive. Fury is pronounced dead during surgery, and Hill recovers the body. 1
Steve Rogers has asked you to investigate an internal S.H.I.E.L.D. transmission and a memory dump
were found on the flash drive. A burner phone was also found in Fury’s car. Rogers suspects that these
contain evidence of H.Y.D.R.A. double agents collected by Fury. Your task as his friend and S.H.I.E.L.D.
digital forensics analyst is to answer Rogers’ questions.
1. Who are the agents in the transmission? When does the first communication begin?
2. What browsers are the agents using and on what operating systems?
3. Are there double agents working for H.Y.D.R.A.? If so, who are they?
4. What was sent for Daisy to collect?
5. Is Daisy a H.Y.D.R.A. agent?
6. What applications are running on computer in the memory dump?
7. What web pages has the memory dump computer visited recently?
8. What is email address of the owner of the memory dump computer?
9. What is password of the memory dump computer?
1 The story, all names, characters, and incidents portrayed in this assignment are fictitious. No identification with actual persons (fictitious, living or deceased), places, buildings, events, and motion pictures is intended or should be
inferred. No person or entity associated with this assignment received payment or anything of value, or entered into any agreement, in connection with the depiction of tobacco products. No animals were harmed in the making of
7906ICT Assignment Specification 2
CRICOS No. 00233E
10. Create a detailed timeline of the significant events that take place on the memory dump
11. What are the non-stock applications installed on the phone?
12. Who is in the contacts list?
13. What messages and calls have been sent and received by the phone?
14. What Internet searches has the owner of the phone made?
15. Is there a link between this phone and the disk image provided in Assessment A2. If so what
As part of the answer for each of these questions you must include:
• A clear description of the evidence and reasoning for your answer.
• A detailed description of the process that you followed and the tools that you used to obtain
the evidence. It is expected that you will include screenshots in your description.
DiscoveredLaptopMemory.zip (md5sum: 3b10bf7ad91db0bbcfc08634293fb88c)
shieldcapture.zip (md5sum: 8dc95b2ff2f1db46337f0794348a59af)
suspectphone.zip (md5sum: ea59b1236d2d0f307cc401dc6c32a637)
Evidence for this assessment can be downloaded at the following links:
If you are using the SIFT workstation on the Griffith Cyber Range you can download it from the following link
if you are logged into the SIFT workstation. This link is only accessible if you are logged into the SIFT
After the Winter Soldier incident and the major part your digital forensics investigation played in the
outcome of that situation, Nick Fury has asked you to write a digital forensics report based on the
investigation you conducted. This report should follow the recommended report structure and be
addressed to non-technical possibly legal staff. Your answers for Task 1 should make up the appendix of
Your report on the investigation should include the following main headings:
• Introduction and Executive Summary – Provide an overview of the case, the relevance of the
evidential media being examined, who requested the forensic analysis, and what was requested.
• Evidence Summary – Describe the items of digital evidence that were analysed, providing details
such as MD5 values, make and models of equipment
7906ICT Assignment Specification 3
CRICOS No. 00233E
• Examination Summary – Provide an overview of the critical findings relating to the investigation,
an executive summary, with any recommendations or conclusions in short form
• Forensic Analysis and Findings – Provide a detailed description of the forensic analysis
performed and the resulting findings, along with supporting evidence.
• Conclusions – A summary of conclusions should follow logically from previous sections in the
report and should reference supporting evidence.
Please submit your assignment via the 3906ICT Blackboard web site under the Assessment section.
Reports should be submitted as a single docx or pdf file. Task 2 which should be written for a nontechnical audience, should be the main body of the report. Task 1 which should be written for a
technical audience should be detailed in the Appendix.
The quality of the presentation of a formal technical report is as important as the quality of the technical
content of the report in the profession. Your assignment will be assessed on:
1. The body text of your report for Task 2 should be no more than 2500 words or 5 pages in length.
Task 1 should be no more than 15 pages in length.
2. The text of your report should be in 12-point Times New Roman or 11-point Arial font or
something equivalent, and in single space;
3. Page size is A4 with 2cm in margins on all sides;