NPA Cyber Security Contents

Explore

Digital Forensics

outcomes and performance criteria
outcomes and performance criteria

Level 4

df4outcome

df4outcome

⁠

df4PC

df4PC

⁠

Level 4 outcomes and performance criteria

Outcome 1

Describe the steps in the digital forensics process.

Performance Criteria

(a) Describe the role of forensic readiness in conducting a digital forensics investigation.

(b) Identify the legal, professional and ethical issues in digital forensics.

(d) Identify the tools and techniques which could be used during the digital forensics process.

Outcome 2

Apply basic techniques of data acquisition.

Performance Criteria

(a) Identify the type of data under investigation.

(b) Apply software tools to acquire the data from a basic investigation.

Outcome 3

Examine digital evidence.

Performance Criteria

(a) Select appropriate tools.

(b) Perform analysis of the digital evidence.

Level 5

df5outcome

df5outcome

⁠

df5PC

df5PC

⁠

Level 5 outcomes and performance criteria

Outcome 1

Explain the digital forensics process.

Performance Criteria

(a) Explain the legal, professional and ethical issues in conducting a digital forensics examination.

(b) Explain the tools and techniques used to conduct a digital forensics examination

(d) Explain the importance of recording all actions.

Outcome 2

Apply relevant techniques in acquiring data.

Performance Criteria

(a) Identify forensically sound techniques to acquire data.

(b) Select appropriate forensic tools.

(d) Preserve acquired data.

(e) Record relevant actions.

Outcome 3

Examine digital evidence.

Performance Criteria

(a) Identify system specific information.

(b) Perform an analysis of the evidence using software tools.

Level 6

df6outcome

df6outcome

⁠

df6PC

df6PC

⁠

Level 6 outcomes and performance criteria

Outcome 1

Explain the digital forensics process and job roles.

Performance Criteria

(a) Explain the main stages in the digital forensics process.

(b) Explain the main job roles associated with the digital forensics process.

(d) Describe the essential elements involved in securing a crime scene.

(e) Identify potential sources of digital evidence.

(f) Explain the tools and techniques used to conduct a digital forensics examination.

(g) Explain the importance of recording all actions.

Outcome 2

Apply complex techniques in acquiring data.

Performance Criteria

(a) Explain complex forensic techniques used to acquire data.

(b) Select a range of forensic tools to acquire data.

(d) Preserve acquired data.

(e) Verify acquired data.

Outcome 3

Evaluate digital evidence.

Performance Criteria

(a) Identify system specific information.

(b) Perform hard disk analysis.

(d) Record the findings of the process.

(e) Evaluate the results of the digital forensic examination.

(f) Communicate the evaluation results of the forensic examination.

df6 evidenceTask

EoU test LO 1, 2a, 3a SOLAR multiple choice

coursework LO 2, 3, acquire date, evaluate evidence, Assessment checklists, Pro forma 1, Pro forma 2, report of the findings and assessor’s checklist.

df6 coursework

Assessor instructions

The machine/setup to be forensically examined could be a digital device such as a desktop computer, laptop computer, Raspberry Pi, USB storage device etc.

The evidence that is evaluated must contain both hard disk and network analysis.

The types of evidence that could be included are:

files hidden within picture files that contain details of customers, products, usernames, passwords etc

browser history showing sites visited that would produce evidence that might incriminate the suspect, such as visits to courier companies, internet banking websites etc

communication between the employee and unknown customers

spreadsheets showing income and customers of the alleged illicit sales either on the drive or recently deleted which shows details of the sales of the prototypes

Scenario

You have been employed as a Forensic Examiner on a freelance basis by a company called CyberAssured. CyberAssured is a digital equipment manufacturing company with bases across the globe. They design, develop and build digital equipment for both business and military use.

The Product Development Manager has been made aware that some prototype military equipment technology is being leaked. There is a suspicion that a member of the Product Development team is selling the technology to a third party.

They are looking for a quick, concise resolution to the investigation, they wish to keep this investigation internal to the company and obviously do not wish the suspicious activity to be leaked for fear of bad publicity. To this end, they have asked you to sign a non-disclosure agreement.

You must forensically examine the computer system of the main suspect, this machine has been left switched on. You are looking for evidence that the employee has been illegally selling prototype technologies.

You should keep records of the steps taken during the investigation using the following three forms.

You should select and use a range of relevant forensic tools in order to undertake this task and do so in a forensically sound manner, by preserving acquired data and verifying it to ensure it has been preserved accurately.

In order to fully investigate the incident you should undertake hard disk and network analysis.

The results should be delivered to your assessor by submitting a brief report outlining your procedures, conclusions and findings. The report should be evaluative in nature and should incorporate the three forms.

Want to print your doc?
This is not the way.

Try clicking the ⋯ next to your doc name or using a keyboard shortcut (

CtrlP

) instead.

outcomes and performance criteriaoutcomes and performance criteria

Level 4

Level 4 outcomes and performance criteria

Outcome 1

Outcome 2

Outcome 3

Level 5

Level 5 outcomes and performance criteria

Outcome 1

Outcome 2

Outcome 3

Level 6

Level 6 outcomes and performance criteria

Outcome 1

Outcome 2

Outcome 3

df6 evidenceTask

df6 coursework

outcomes and performance criteria
outcomes and performance criteria