Set Task Electronic Template – Unit 11
Task B - Activity 4 Template: Forensic Incident Analysis
Activity 4: 136 mins
Activity 5: 63 mins
Proofread: 30 mins
Total: 226 mins
Use the section headings below to structure a response for each evidence item.
Evidence item: Charita’s account.
Method of acquiring the evidence: Notes from Charita.
Evidence detail: Charita’s account gives us a sequence of events that happened
before and during the attack happening.
Evidence reliability: The reliability of Charita’s account is good because she took
screenshots of the logs in order to preserve them. If she had something to do with the
attack, she wouldn’t have done this.
Conclusions: This evidence shows Charita was on her way back from helping the
ticket office to sign in, when she saw rude words being displayed on the southern
fences display. She carried on walking to HQ when the northern wall’s screen was
displaying rude words as well. She then states that the attack is likely to have
happened over the WiFi.
Evidence item: Hakeem’s report.
Method of acquiring the evidence: Documentation of the attack.
Evidence detail: It states the attack was planned and gives possible ways the attack
could’ve been carried out, such as via WiFi, physically or Bluetooth.
Evidence reliability: The reliability of this evidence is fair because he gives lots of
possibilities to how the attack could’ve taken place however, I think he should’ve
involved the police due to the anti-social behaviour.
Conclusions: This evidence shows Hakeem concluded the attack was planned rather
than an on the fly attack. It also states different ways an attacker could’ve changed
the material on the displays.
Evidence item: WiFi access logs.
Method of acquiring the evidence: Screenshots from Charita.
Evidence detail: It shows the access logs for the Public WiFi and the Event WiFi.
Evidence reliability: The reliability of this evidence is good because they are logs
that a computer has compiled so there is no bias data involved.
Conclusions: This evidence shows when people connected and disconnected to the
WiFi which, if the attack was via the WiFi, would show their activity on the lead up to
the initial attack. The SSID unicorn2 disconnects from the Public WiFi, then tries to
connect to the Event WiFi and fails. They then connect back to the Public WiFi a few
seconds later. This could’ve been an attempt to get into the network, but it failed.
Task B - Activity 4 Template: Forensic Incident Analysis
Activity 4: 136 mins
Activity 5: 63 mins
Proofread: 30 mins
Total: 226 mins
Use the section headings below to structure a response for each evidence item.
Evidence item: Charita’s account.
Method of acquiring the evidence: Notes from Charita.
Evidence detail: Charita’s account gives us a sequence of events that happened
before and during the attack happening.
Evidence reliability: The reliability of Charita’s account is good because she took
screenshots of the logs in order to preserve them. If she had something to do with the
attack, she wouldn’t have done this.
Conclusions: This evidence shows Charita was on her way back from helping the
ticket office to sign in, when she saw rude words being displayed on the southern
fences display. She carried on walking to HQ when the northern wall’s screen was
displaying rude words as well. She then states that the attack is likely to have
happened over the WiFi.
Evidence item: Hakeem’s report.
Method of acquiring the evidence: Documentation of the attack.
Evidence detail: It states the attack was planned and gives possible ways the attack
could’ve been carried out, such as via WiFi, physically or Bluetooth.
Evidence reliability: The reliability of this evidence is fair because he gives lots of
possibilities to how the attack could’ve taken place however, I think he should’ve
involved the police due to the anti-social behaviour.
Conclusions: This evidence shows Hakeem concluded the attack was planned rather
than an on the fly attack. It also states different ways an attacker could’ve changed
the material on the displays.
Evidence item: WiFi access logs.
Method of acquiring the evidence: Screenshots from Charita.
Evidence detail: It shows the access logs for the Public WiFi and the Event WiFi.
Evidence reliability: The reliability of this evidence is good because they are logs
that a computer has compiled so there is no bias data involved.
Conclusions: This evidence shows when people connected and disconnected to the
WiFi which, if the attack was via the WiFi, would show their activity on the lead up to
the initial attack. The SSID unicorn2 disconnects from the Public WiFi, then tries to
connect to the Event WiFi and fails. They then connect back to the Public WiFi a few
seconds later. This could’ve been an attempt to get into the network, but it failed.
