Coursework Objectives

This assignment develops skills in digital investigation, focusing on computer forensics procedures and tools, while addressing legal issues in multi$-$jurisdictional contexts. The tasks cover standard forensic techniques and methodologies.

Case Study $1(20\%)$: Folder Naming Analysis

As a computer forensic analyst at Cado Security, you must analyze a client issue related to restricted folder names.

Introduction: Describe standard OS procedures for creating folders.

Folder Naming Restrictions: Explain why names like AUX or CON cannot be used. Provide a technical analysis.

Applicability: Identify other restricted names and verify if these restrictions apply across different OSs. Provide screenshots.

Verification of Claims: Analyze evidence from a user claiming to have created a restricted folder name, detailing if and how it was falsified.

Conclusion: Present findings with screenshots as evidence.

Case Study $3(30\%)$: EHR Business Case for SEGi Medical Hospital

Examine the value of Electronic Health Records $($EHR$)$ for improving doctor$$s practice management.

Objectives: Analyze EHR benefits and IT value issues to develop a business case.

Requirements: Identify needs, challenges, and regulatory factors at SEGi Medical Hospital.

EHR Vendor Analysis: Research an EHR provider in Malaysia, examining system features, IT architecture, security, costs, benefits, and implementation.

Data Collection: Explore doctor$$s practice workflows, service processes, and areas for improvement.

Key Sections:

Requirements and business context.

SEGi Medical Hospital challenges.

Regulatory, social, and ethical considerations.

EHR functions $($clinical$,$ appointments, billing$).$

IT architecture and EHR benefits.

Case Study $4(30\%)$: Memory Forensics

Analyze a memory dump from a suspect$$s computer to identify running processes, network connections, and potential malware.

Preparation: Set up a secure forensic workstation with tools like Volatility or Rekall, isolated from the internet.

Process Identification: Use volatility $-$f pslist to list running processes; look for suspicious processes.

Network Analysis: Identify active connections with volatility $-$f netscan; note suspicious IP addresses or unusual ports.

Malware Detection: Run volatility $-$f malfind to locate hidden code, and dump suspicious processes with procdump.

Documentation: Compile a report on findings, detailing malicious activities, including screenshots, logs$,$ and analysis results.

Key Tools:

Volatility: Memory forensics for process and malware detection.

Rekall: Similar to Volatility, useful for comprehensive memory image analysis.