This module is a resource for lecturers
Student assessment
In addition to the exercises, other assessment tools used in this Module are review questions and homework assignments.
Review questions
The questions can also be used to promote class discussions during the lecture.
- What are the legal and ethical obligations of cybercrime investigators and digital forensics professionals?
- What are the essential phases in the digital forensics process?
- How is digital evidence identified?
- How should digital evidence be collected?
- How should digital evidence be acquired?
- How should digital evidence be preserved?
- How is digital evidence analysed?
- How should the findings of the analysis of digital evidence be reported?
- What needs to be substantiated before evidence is admissible in courts?
Homework
Students can be assigned one or more of the following assignments to be completed before class as either a written homework assignment (one to three pages long) and/or be part of the class discussion:
Homework # 1 ~ Analysis
The working hypothesis of a criminal case is that the suspect possesses child sexual abuse material. What type of analysis (or analyses) would you perform to provide sufficient evidence of criminal intent to possess child sexual abuse material?
Homework # 2 ~ Group assignment: Accreditation of digital forensics laboratories
Randomly assign students to a group. Randomly assign each group a country. Instruct the students to conduct research on digital forensics laboratories in their country. Students should come prepared to discuss the answers to the below questions in class.
Discussions questions
- Do the digital forensics laboratories need to be accredited in your assigned country? If so, which organization or organizations are responsible for accreditation? What are the requirements that a digital forensics laboratory should meet to be accredited?
- If no accreditation exists or is required in the country, how is competency of the laboratory in the handling and analysis of digital evidence and the production of reliable results assessed?
Homework # 3: Code of ethics
Codes of ethics for digital forensics practitioners can be found in certain digital forensics professional associations and/or licensing/certification organizations, as well as government agencies that conduct cybercrime investigations and/or digital forensics. Student should identify a professional association, licensing/certification organization, or government agency involved in cybercrime investigations and/or digital forensics andcome prepared to discuss the answers to the below questions in class.
- What type of ethical conduct does the association, organization, or agency prescribe?
- What type of unethical behaviour does it prohibit?
Homework # 4: Ethical considerations in cybercrime investigations
Write a three- to four-page paper on the ethical considerations in cybercrime investigations in your country. Your paper must have a minimum of five scholarly sources (not those assigned for core reading); for example, periodical and journal articles and scholarly books.
[*Note: This paper requires independent research]
Homework # 5 ~ Recover deleted entries in an SQLite database
SQLite is a popular database which is easy to use. Moreover, SQLite is a default database (DB) for data in Android devices, so it is very important to know how to analyse it for mobile digital forensics.
Walk-through
- Install VirtualBox and start a Ubuntu VM.
- Install a SQLite DB, create a sample DB and table with any data.
- Delete some rows in the created table (see SQL commands).
- Run the python script to find deleted entries.
Reference: Belkasoft. (2015). Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving. Forensic Focus.
Next:
Additional teaching tools
Back to top