Imagine that your suspicions are now focused on an internal leak, perhaps a group or couple of employees located offsite in your ‘hot’ disaster recovery centre.

2023-03-11T18:07:31+00:00

Unit DCS02: Digital Investigations and Forensics

QUALIFI Level 5 Diploma in Cyber Security

Unit code: L/617/4635 RQF

level: 5

Aim

This unit describes and explains how to conduct investigations with cyber-enabled equipment, including on public-internet-facing networks, or other network environments. Much evidence is lost or ruled inadmissible within courts and tribunal environments because it has been mishandled and corrupted (or could have been) by investigators, or those with a perceived chain of custody over the data. Moreover, in a planet of several billion cyber-enabled devices, but few qualified cyber investigators, it is now the case that many organisations have to manage part or all of a cyber incident investigation, because the national CERT or police/security agencies are otherwise prioritised.

In this unit learners will examine the requirements for digital investigations including team formations and tools, understanding the prospects of recovering information, gathering evidential data (including from mobile and IoT devices), safeguarding evidential integrity, as well as the complexity and challenges of storing and presenting evidence within legal environments.

Learners will develop an understanding of security technical and generic management and leadership teaching. Much of this teaching will be particularly relevant to learners wishing to move into more advanced Information Security Management technical qualifications, including the CompTIA Security + accreditation and the cyber security industry gold standard: The Certified Information Systems Security Professional (CISSP).

Learning Outcomes and Assessment Criteria

Learning Outcomes. To achieve this unit a learner must be able to:

Assessment Criteria: Assessment of these outcomes demonstrates a learner can:

1 Understand the core principles of digital investigations

1.1 Explain the investigation lifecycle from initiation to conclusion

1.2 Explain how a ‘digital’ domain investigation is organised and managed

2 Apply the types of tool that support professional digital investigations at a strategic level

2.1 Analyse the range of tools that assist digital investigations in different situations

2.2 Select the appropriate tools to carry out a digital investigation for a given situation, justifying the selection

3. Plan for an investigations and forensics teams

3.1 Explain the types of skills required to undertake a variety of investigations and forensic-related work

3.2 Explain dynamics of forming and integrating digital investigation teams and geographically distributed and dispersed investigations and teams

3.3 Develop a plan for the formation of an investigation and forensics teams

4. Understand the importance of safeguarding evidential integrity in digital investigations

4.1 Explain how evidence can be retrieved from mobile devices and IoT devices

4.2 Analyse how evidential integrity is safeguarded during digital investigations

4.3 Assess how evidence is stored and presented within legal environments

Indicative Content

-Requirement for digital investigations

-Understanding evidential data and prospects of recovery

-Mobile, portable and apps in DI

-Evidential integrity and chain of custody

-Processes and timelines

-Legal domains and cross examination

-Management and budgeting

Assessment Guidance

Each unit will be worth 30 credits and the qualification is designed to be flexible for learners who are already working and in demanding jobs. Every unit must be passed in order to achieve the Diploma.

Learners will be able to progress sequentially through each unit, accumulating credits as they pass each unit assessment point.

During each of the four 30-credit units, every learner will have the opportunity to ‘practise’ and hone their ability to undertake the final (formal) assessment. Such non-mandatory practice will by way of completing a formative exercise/s throughout the unit.

Summative Assignment: (REPORT) Conduct an investigation into a suspected mega breach of an Internet Services Provider that has lost the login credentials for 150,000 business clients.

Questions:

  1. Explain to their CEO the investigative stages that you have passed through and why each stage was necessary. (1000 words)
  2. Imagine that your suspicions are now focused on an internal leak, perhaps a group or couple of employees located offsite in your ‘hot’ disaster recovery centre. Identify and explain what tools you might need to acquire to prove your case further, and estimate the costs (1000 words)
  3. Explain and evaluate how you will securely store the evidence until it is handed over to the local police. (1000 words)

The standard price quoted for this assignment is up to 3000 words. For custom word count and written work, contact via Click here → Whatsapp UK, OR Whatsapp Middle East  ← Click here OR Live Chat.

                             

Email: care@academiasupport.co.uk

100% Plagiarism Free & Custom Written, Tailored to your instructions