IMAT4042 Introduction to Computer Forensics Assignment, Assignments of Forensics

IMAT4042 Introduction to Computer Forensics Assignment

Typology: Assignments

2022/2023

Uploaded on 03/11/2024

chungyung-li
chungyung-li 🇭🇰

1 document

1 / 4

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
HKU SPACE College of Life Sciences and Technology
Advanced Diploma in Computer and Information Security
IMAT4042 Introduction to Computer Forensics
2023/2024 (Term 2165)
Assignment
Name: Poon Suet Ying
Student ID: 20217817
pf3
pf4

Partial preview of the text

Download IMAT4042 Introduction to Computer Forensics Assignment and more Assignments Forensics in PDF only on Docsity!

HKU SPACE College of Life Sciences and Technology

Advanced Diploma in Computer and Information Security

IMAT4042 Introduction to Computer Forensics

2023/2024 (Term 2165)

Assignment Name: Poon Suet Ying Student ID: 20217817

Base on the scenario, Chan Tai Man discovered a powered-on computer which appeared to be relevant to the case. (1) However, he proceeded to unplug the power supply without conducting further checks since the computer’s monitor displayed a dark screen. This may cause that the computer may activate destructive programs at shutdown or the data that is contained in the memory chips is lost when the computer is shut down. He should perform a live forensic investigation in that moment. He can capture and preserve the physical memory or volatile data before turning off the computer. (2) Also, Chan Tai Man has carefully removed the hard drive disk (HDD) from the computer, placed it in a non-woven bag, and securely sealed it with tamper-proof evidence tape. Removing the hard disk can ensure the preservation of evidence. However, removing the hard drive disk may tamper with potential timestamps and alter the state of the system. Moreover, place it in a non-woven bag is not suitable that may affect the status of the hard drive disk. For suggestion, Chan Tai Man should use the faraday bag to ensure the hard drive's integrity during removal. He should also document and photograph the hard drive's physical condition and connections before removal. (3) For the computer case, keyboard, monitor, and mouse, Chan Tai Man placed them inside a large paper box. Storing computer components in a paper box could potentially expose them to physical damage and other contamination during transportation. In suggestion, Chan Tai Man should use tamper-resistant evidence tape over the power port and edge of computer case and pack it using anti-static bag with seal. He should also keep the evidence away from magnetic sources such as radio transmitters, speaker magnets, and heated seats.

The assumption made is that sequential number for the parts of the computer is B for the HDD. The evidence label of the HDD should be look like below: Label: Evidence Number: ctm/20240214/0001/B Evidence: Hard Drive Disk (HDD) Case Number: #SPACE-A Date / Time: February 14, 2024 14: Location: SPACE Entertainment office Collected by: CHAN Tai Man Description: Hard Drive Disk (HDD) removed from a computer at the SPACE Entertainment office