CCJS 321 Assignment 2:  Digital Forensics

Answer each of the following questions as thoroughly as possible, using resources to support your answers.  Be sure to follow the format requirements. Locard’s exchange principle states, “A criminal action of an individual cannot occur without leaving a mark”. Explain what this principle means for digital evidence.Describe best practices that should be followed to ensure digital forensic practitioners don’t leave their own “marks” on the evidence during collection and acquisition. You must use the provided course materials for at least one of the examples. Choose three items of digital evidence from the following list and describe what types of digital “marks” (artifacts) might be left by a user. (Laptop, Router, External Hard Drive, Thumb Drive, Smartphone, Gaming Console, IoT devices, Home Surveillance Systems, Vehicles)How can examiners/investigators use this information to prove or disprove the allegations under investigation?What actions should a digital forensic professional take when encountering a running (live) laptop? What beneficial data may be found on the live system that would not be found on a powered off (dead) system?What is a hash value and what does it mean to hash data?Describe two ways hash values are used by digital forensic practitioners. Describe Chain of Custody and detail its importance in the Criminal Justice process. Format Requirements:Assignment must be double spaced, 11 or 12 pt font and 1” margins all around.All APA 7th edition format requirements must be followed (cover page, in text citations, reference page). Refer to the APA information found in Content -> Course Overview -> Course Resources.You must have resources to support your thoughts/opinions/information.  These must be cited both in text as well as at the end of the document. Your paper should not contain direct quotes, sourced material must be paraphrased. Course Outcomes:recognize, collect, and preserve digital evidence for forensic analysisdevelop an evidentiary file that properly documents analytical processes and results to prepare for case presentation and testimony. 
Due Date
Nov 21, 2023 11:59 PM

Hide Rubrics

Rubric Name: 321 Assignment #2 Rubric

Print

CriteriaExceeds ExpectationsAbove ExpectationsMeets ExpectationsBelow ExpectationsCriterion Score
Question 180 pointsStudent accurately and in great detail defined Locard’s exchange principle and explained how it pertains to digital evidence.Student accurately and in great detail described best practices for digital evidence collection and acquisition.Student accurately and in great detail described the types of artifacts that may be found for 3 or more items of digital evidence.Student accurately and in great detail explained how the types of artifacts listed above can be used to prove and disprove allegations.Content demonstrates critical thinking skills, sophisticated analysis, and other perspectives. The student displayed exemplary critical thinking and exemplary command of this subject and discussion. The student made thoughtful connections between the material and the answers to the prompts and all positions were supported by appropriate sources.Excellent understanding and application of theory and knowledge to the facts.Terminology is correct in all uses.Points Available: 72-8071.9 pointsStudent accurately and in some detail defined Locard’s exchange principle and explained how it pertains to digital evidence.Student accurately and in some detail described best practices for digital evidence collection and acquisition.Student accurately and in some detail described the types of artifacts that may be found for 3 items of digital evidence.Student accurately and in some detail explained how the types of artifacts listed above can be used to prove and disprove allegations.The writing indicates effort above and beyond in the areas of research, analysis, critical thinking, and other perspectives. While critical thinking, command of the material, or connections made may have been only adequate in limited incidences, the student generally displayed superior critical thinking and superior command of this subject and discussion. Positions were generally supported by appropriate sources.Clear application of theory and knowledge to the facts.Most terminology references are correctly applied.Points Available: 64-71.963.9 pointsStudent accurately defined Locard’s exchange principle and explained how it pertains to digital evidence.Student accurately described best practices for digital evidence collection and acquisition.Student accurately described the types of artifacts that may be found for 3 items of digital evidence.Student accurately described how the types of artifacts listed above can be used to prove and disprove allegations.While critical thinking, command of the material, or connections made may have been limited on occasion, the student displayed adequate critical thinking and adequate command of this subject and discussion. Most positions taken were adequately supported by appropriate sources.Application of theory and knowledge indicates a general understanding of the concepts and focus of the assignment. Terminology usage is generally correct.Points available: 56-63.955.9 pointsStudent inaccurately or insufficiently defined Locard’s exchange principle or did not adequately explain how it pertains to digital evidence.Student inaccurately or insufficiently described best practices for digital evidence collection and acquisition.Student inaccurately or insufficiently described the types of artifacts that may be found or described artifacts for less than 3 more items of digital evidence.Student inaccurately or insufficiently explained how the types of artifacts listed above can be used to prove and disprove allegations.The writing demonstrates less than sufficient work and does not generally reflect an adequate understanding of the content.The student generally displayed limited critical thinking and limited command of this subject and discussion. The student generally made limited connections between the material and the answers to the prompts and positions taken were largely not supported by appropriate sources.Application of theory and knowledge does not generally demonstrate an understanding of the concepts and focus of the assignment.Most terminology was used incorrectly or insufficiently to indicate an adequate understanding of the concepts.Points available D: 48-55.9Points available F: 0-47.9Score of Question 1,/ 80
Question 240 pointsStudent accurately and in great detail explained the steps a digital forensic practitioner should take when encountering a running laptop. Student accurately and in great detail explained the types of data found on a running laptop and why the data is beneficial.Student includes an accurate explanation of RAM and Order of Volatility.Content demonstrates critical thinking skills, sophisticated analysis, and other perspectives. The student displayed exemplary critical thinking and exemplary command of this subject and discussion. The student made thoughtful connections between the material and the answers to the prompts and all positions were supported by appropriate sources.Excellent understanding and application of theory and knowledge to the facts.Terminology is correct in all uses.Points Available: 36-4035.9 pointsStudent accurately and in some detail explained the steps a digital forensic practitioner should take when encountering a running laptop. Student accurately and in some detail explained the types of data found on a running laptop and why the data is beneficial.Student includes an accurate explanation of RAM and Order of Volatility.The writing indicates effort above and beyond in the areas of research, analysis, critical thinking, and other perspectives. While critical thinking, command of the material, or connections made may have been only adequate in limited incidences, the student generally displayed superior critical thinking and superior command of this subject and discussion. Positions were generally supported by appropriate sources.Clear application of theory and knowledge to the facts.Most terminology references are correctly applied.Points Available: 32-35.931.9 pointsStudent accurately explained the steps a digital forensic practitioner should take when encountering a running laptop. Student accurately explained the types of data found on a running laptop and why the data is beneficial.Student includes an accurate explanation of RAM or Order of Volatility.While critical thinking, command of the material, or connections made may have been limited on occasion, the student displayed adequate critical thinking and adequate command of this subject and discussion. Most positions taken were adequately supported by appropriate sources.Application of theory and knowledge indicates a general understanding of the concepts and focus of the assignment. Terminology usage is generally correct.Points available: 28-31.927.9 pointsStudent inaccurately or insufficiently explained the steps a digital forensic practitioner should take when encountering a running laptop. Student inaccurately or insufficiently explained the types of data found on a running laptop or why the data is beneficial.Student does not mention RAM or Order of Volatility.The writing demonstrates less than sufficient work and does not generally reflect an adequate understanding of the content.The student generally displayed limited critical thinking and limited command of this subject and discussion. The student generally made limited connections between the material and the answers to the prompts and positions taken were largely not supported by appropriate sources.Application of theory and knowledge does not generally demonstrate an understanding of the concepts and focus of the assignment.Most terminology was used incorrectly or insufficiently to indicate an adequate understanding of the concepts.Points available D: 24-27.9Points available F: 0-23.9Score of Question 2,/ 40
Question 340 pointsStudent accurately and in great detail defined hash values and the act of “hashing” data.Student accurately and in great detail described 2 ways hash values are used by digital forensic practitioners.Content demonstrates critical thinking skills, sophisticated analysis, and other perspectives. The student displayed exemplary critical thinking and exemplary command of this subject and discussion. The student made thoughtful connections between the material and the answers to the prompts and all positions were supported by appropriate sources.Excellent understanding and application of theory and knowledge to the facts.Terminology is correct in all uses.Points Available: 36-4035.9 pointsStudent accurately and in some detail defined hash values and the act of “hashing” data.Student accurately and in some detail described 2 ways hash values are used by digital forensic practitioners.The writing indicates effort above and beyond in the areas of research, analysis, critical thinking, and other perspectives. While critical thinking, command of the material, or connections made may have been only adequate in limited incidences, the student generally displayed superior critical thinking and superior command of this subject and discussion. Positions were generally supported by appropriate sources.Clear application of theory and knowledge to the facts.Most terminology references are correctly applied.Points Available: 32-35.931.9 pointsStudent accurately defined hash values and the act of “hashing” data.Student accurately described 2 ways hash values are used by digital forensic practitioners.While critical thinking, command of the material, or connections made may have been limited on occasion, the student displayed adequate critical thinking and adequate command of this subject and discussion. Most positions taken were adequately supported by appropriate sources.Application of theory and knowledge indicates a general understanding of the concepts and focus of the assignment. Terminology usage is generally correct.Points available: 28-31.927.9 pointsStudent inaccurately or insufficiently defined hash values and the act of “hashing” data.Student inaccurately or insufficiently described hash values and provided less than 2 ways they are used by digital forensic practitioners.The writing demonstrates less than sufficient work and does not generally reflect an adequate understanding of the content.The student generally displayed limited critical thinking and limited command of this subject and discussion. The student generally made limited connections between the material and the answers to the prompts and positions taken were largely not supported by appropriate sources.Application of theory and knowledge does not generally demonstrate an understanding of the concepts and focus of the assignment.Most terminology was used incorrectly or insufficiently to indicate an adequate understanding of the concepts.Points available D: 24-27.9Points available F: 0-23.9Score of Question 3,/ 40
Question 420 pointsStudent accurately and in great detail described the Chain of Custody and its importance to the Criminal Justice Process.Content demonstrates critical thinking skills, sophisticated analysis, and other perspectives. The student displayed exemplary critical thinking and exemplary command of this subject and discussion. The student made thoughtful connections between the material and the answers to the prompts and all positions were supported by appropriate sources.Excellent understanding and application of theory and knowledge to the facts.Terminology is correct in all uses.Points Available: 18-2017.9 pointsStudent accurately and in some detail described the Chain of Custody and its importance to the Criminal Justice Process.The writing indicates effort above and beyond in the areas of research, analysis, critical thinking, and other perspectives. While critical thinking, command of the material, or connections made may have been only adequate in limited incidences, the student generally displayed superior critical thinking and superior command of this subject and discussion. Positions were generally supported by appropriate sources.Clear application of theory and knowledge to the facts.Most terminology references are correctly applied.Points Available: 16-17.915.9 pointsStudent accurately described the Chain of Custody and its importance to the Criminal Justice Process.While critical thinking, command of the material, or connections made may have been limited on occasion, the student displayed adequate critical thinking and adequate command of this subject and discussion. Most positions taken were adequately supported by appropriate sources.Application of theory and knowledge indicates a general understanding of the concepts and focus of the assignment. Terminology usage is generally correct.Points available: 14-15.913.9 pointsStudent inaccurately or insufficiently described the Chain of Custody and its importance to the Criminal Justice Process.The writing demonstrates less than sufficient work and does not generally reflect an adequate understanding of the content.The student generally displayed limited critical thinking and limited command of this subject and discussion. The student generally made limited connections between the material and the answers to the prompts and positions taken were largely not supported by appropriate sources.Application of theory and knowledge does not generally demonstrate an understanding of the concepts and focus of the assignment.Most terminology was used incorrectly or insufficiently to indicate an adequate understanding of the concepts.Points available D: 12-13.9Points available F: 0-11.9Score of Question 4,/ 20
APA and general adherence to instructions20 pointsStudent followed APA format correctly (Cover page, in text citations and reference page) without format errors.Student followed all instructions for this assignment.Student used 4 or more appropriate resources overall to inform their thoughts and opinions for this assignment.Points available: 18-2017.9 pointsStudent mostly followed APA and format requirements for this assignment but had up to 2 errors.Student mostly followed the instructions for this assignment. Errors were minor.Student used at least 3 appropriate resources overall to inform their thoughts and opinions for this assignment.Points available: 16-17.915.9 pointsStudent mostly followed APA and format requirements for this assignment but had up to 3 errors.Student mostly followed the instructions for this assignment.Student used 2 or fewer appropriate resources overall to inform their thoughts and opinions for this assignment.Points available: 14-15.913.9 pointsStudent did not generally follow APA format requirements for this assignment.Student did not generally follow the instructions for this assignment.Student used 1 or fewer appropriate resources overall to inform their thoughts and opinions for this assignment.Points available D: 12-13.9Points available F: 0-11.9Score of APA and general adherence to instructions,/ 20
Writing Mechanics25 pointsWriting quality in terms of grammar, punctuation, usage, structure, spacing, etc. as well as reader engagement is excellent.Student had a few minor or inconsequential writing, grammar, or spelling errors.Points available: 22.5-2522.4 pointsWriting quality in terms of grammar, punctuation, usage, structure, spacing, etc. as well as reader engagement is good.Student had few writing, grammar, or spelling errors.Points available: : 20-22.419.9 pointsWriting quality in terms of grammar, punctuation, usage, structure, spacing, etc. as well as reader engagement is adequate.Student had several writing, grammar, or spelling errors.Points available: 17.5-19.917.4 pointsWriting quality in terms of grammar, punctuation, usage, structure, spacing, etc. as well as reader engagement is inadequate or contains many errors that disrupt flow an understanding of the presentation.Student did not meet writing, grammar, and/or spelling expectations.Points available D: 15-17.4Points available F: 0-14.9Score of Writing Mechanics,/ 25
Organization and Composition25 pointsThe ideas are arranged logically to support the purpose. Transitions link paragraphs. It’s easy to follow the line reasoning.The writing style is consistently academic and there is little to no superfluous language.Points available: 22.5-2522.4 pointsThe ideas are arranged logically to support the central purpose. Transitions usually link paragraphs. For the most part, the reader can follow the line of reasoning.The writing style is almost exclusively academic and there is very little superfluous language.Points available: : 20-22.419.9 pointsIn general, ideas are arranged logically, but sometimes, they fail to make sense together. The reader is fairly clear about what the writer intends.The writing style is generally academic and there is infrequent but some superfluous language.Points available: 17.5-19.917.4 pointsIdeas are not logically organized. Frequently, ideas fail to make sense together. The reader cannot identify a clear line of reasoning.The writing style is generally not academic and there is frequent use of superfluous language.Points available D: 15-17.4Points available F: 0-14.9Score of Organization and Composition,/ 25

Total

Score of 321 Assignment #2 Rubric,

/ 250

Overall Score

Exceeds Expectations – Equivalent to an A

225 points minimum

Above Expectations – Equivalent to an B

200 points minimum

Meets Expectations – Equivalent to an C

175 points minimum

Below Expectations – Equivalent to an D or F

0 points minimum

Submit Assignment

Files to submit
(0) file(s) to submit

Posted

in

by

Tags: