SIT282 Trimester 1 Assignment 1 Donald Price
THE CASE:
Donald Price is an employee from Joachim’s Art Gallery based in Melbourne, Australia. Mr. Price had been suspended from the gallery when an audit discovered that one of the pieces he was responsible for had disappeared. (This was a small watercolour of two boats.) Unfortunately, Mr. Price wiped the hard disk of his office PC before investigators could be deployed. However, a CD-ROM was found in the PC’s CD-ROM drive. Although Mr. Price subsequently denied that the CD-ROM belonged to him, it was seized and entered into evidence.
A forensic image in raw format of the CD-ROM can be found here: http://www.deakin.edu.au/~zoidberg/2013OZ.ISO And its MD5 hash value can be found here: http://www.deakin.edu.au/~zoidberg/2013OZ.ISO.md5
You, an ITS officer employed by Joachim’s Art Gallery, are assigned to examine the image for any information relating to the case. You should keep in mind malicious codes and other means which may potentially alter the evidence. YOU MUST CITE ALL REFERENCES INCLUDING TECHNICAL MANUALS AND LAW PARAGRAPHS.
Your analysis should be conducted on a virtual machine (VMware) and include the following information:
1. PROCEEDURE
1.1 Use an evidence form to document the evidence given to
you.
1.2 Describe the environment of your forensic
workstation and the access to the machine. Describe the
procedure that you used to download the image file to your
work directory.
1.3 Give at least two SHA-based hash
function values of the ISO image.
1.4 Explain why
multiple hash values are necessary to verify the validity of
the image file.
1.5 Explain the procedure that you
used before you could access the image file inside the
virtual machine.
2. BINARY DETAILS
2.1 Use a table to document the detailed information of the
files found in the root directory of the ISO image—file
names, file actual sizes and their MD5 hash values.
{" "}
2.2 Provide a description of any programs you would like to
use based on the files identified on the ISO image.
3. FORENSIC DETAILS
3.1 Describe the key words you used to search the ISO image and explain why you chose them. Detail your search result and give your conclusions. (Document your procedure including commands and screenshots.)
4. LEGAL IMPLICATIONS
4.1 List one violation conducted by Mr. Price against Cybercrime Act 2001, and one violation conducted by Mr. Price against the Crimes Act 1958. Back up your answers with definitions.
4.2 Is this case best pursued as a corporate or criminal investigation? Why?
