FOR3704 ASSIGNMENT 01 DUE 04 APRIL 2025
FOR EXAMS, PORTFOLIO, AND ASSIGNMENT ASSISTANCE WHATSAPP 0832868465 EMAIL:
Questions
QUESTION 1 The pre-examination phase of the digital forensic process consists of five specific processes that
must be completed before digital evidence can be examined by a digital forensic examiner. 1.1 What is a multiple
scene incident? (3) 1.2 Describe the key characteristics of a multiple scene incident. (3) 1.3 Describe five
requirements for seizing and transporting evidence if computers are not powered on. (5) FOR3704/102/1/2025 3
1.4 Discuss the requirements for seizing and transporting evidence if computers are powered on. (10) [21]
QUESTION 2 You have established that Company Y is involved in racketeering activities, during which fraudulent
offshore accounts are being used to channel money derived from fraudulent business activities. 2.1 Discuss how
you would provide proof of the offence of racketeering. (15) 2.2 Identify and explain three key methods used to
obtain information and evidence in criminal investigations. In your response, briefly describe each method and
discuss its significance in gathering reliable evidence. (15) 2.3 What does the phrase ‘method of operating’ mean
in a specific context? (2) [32] Question 3 A vehicle transporting cash was robbed of an undisclosed amount of
money when collecting cash at the All-in-All shopping complex by three African males and two white males. The
suspects escaped in two vehicles. Upon chasing the suspects, the police arrested two of the suspects hiding in a
house in the Here-we-Are suburban area. 3.1 In the scenario, identify the primary and the secondary scene of the
incident. (2) 3.2 List the objectives of an investigation (4) 3.3 Briefly discuss the language usage in statements as
provided for in section 6(1) of the Constitution. (4) [10] QUESTION 4 4.1 Briefly explain the language usage in
statements/affidavits as provided for in section 6(1) of the Constitution. (4) 4.2 FOR3704/102/1/2025 During the
walkthrough at the scene of the incident, how can investigators effectively gather and preserve evidence to
ensure accurate reconstruction of events? (6) 4.3 4.4 Describe the distinction between modus operandi,
signature, and fantasy in criminal behaviour. (10) Define the meaning of digital evidence QUESTION 5 Scenario-
Based Question Read the following scenario carefully: (2) [22] On 15 January 2025, the EveryOne’s bank
cybersecurity team head, Lulama Du Plessis, detected unusual login attempts from an external IP address. These
attempts bypassed multi-factor authentication, leading the team to suspect credential stuffing or phishing. The
bank’s logs showed that large volumes of customer data were accessed outside regular business hours. Our first
step was securing the bank’s server logs and network traffic data. We worked with their IT team to capture
system event logs, which showed repeated login attempts from an IP address traced to a rented virtual private
server (VPS). Additionally, we collected firewall logs, which indicated unauthorized outbound data transfers to an
encrypted external server. Preliminary investigation - Investigator Next, our forensic team obtained a warrant to
seize a suspect’s laptop, which was recovered from an apartment belonging to a former bank employee, Lopie.
Using a forensic imaging tool, we created a bit-by-bit copy of the hard drive, ensuring that the original data
remained intact. The analysis revealed scripts designed to automate login attempts and extract customer
information. Furthermore, we discovered a hidden folder containing authentication tokens stolen from the bank’s
system. To link the suspect to the crime, we analysed metadata and timestamps, confirming that the
unauthorised data was transferred shortly after the suspect’s VPN connection was 4 FOR3704/102/1/2025
established. Additionally, chat logs retrieved from the suspect’s encrypted messaging app indicated discussions
about selling the stolen data on the dark web. We also collected and preserved digital evidence from cloud
storage services where the suspect had backed up some of the stolen information. Through legal steps, we
obtained access logs from the cloud provider, showing that the same VPS IP address was used to upload sensitive
customer records. All digital evidence was properly documented and secured using forensic chain-of custody
protocols. We ensured every step of the investigation followed legal and procedural guidelines, making the
evidence admissible in court. As a result of this investigation, we have obtained a strong case against the
suspect, who is now facing charges related to unauthorised access, data theft, and fraud. Our next step is
presenting these findings to the prosecutor for formal charges and trial proceedings.” 5.1 As an investigator, write
a formal investigation statement detailing your findings regarding the incident. Your statement should include: • A
QUESTION
summary of what1 happened based on the evidence collected. • The methods used to investigate and gather
1
FOR EXAMS, PORTFOLIO, AND ASSIGNMENT ASSISTANCE WHATSAPP 0832868465 EMAIL:
Questions
QUESTION 1 The pre-examination phase of the digital forensic process consists of five specific processes that
must be completed before digital evidence can be examined by a digital forensic examiner. 1.1 What is a multiple
scene incident? (3) 1.2 Describe the key characteristics of a multiple scene incident. (3) 1.3 Describe five
requirements for seizing and transporting evidence if computers are not powered on. (5) FOR3704/102/1/2025 3
1.4 Discuss the requirements for seizing and transporting evidence if computers are powered on. (10) [21]
QUESTION 2 You have established that Company Y is involved in racketeering activities, during which fraudulent
offshore accounts are being used to channel money derived from fraudulent business activities. 2.1 Discuss how
you would provide proof of the offence of racketeering. (15) 2.2 Identify and explain three key methods used to
obtain information and evidence in criminal investigations. In your response, briefly describe each method and
discuss its significance in gathering reliable evidence. (15) 2.3 What does the phrase ‘method of operating’ mean
in a specific context? (2) [32] Question 3 A vehicle transporting cash was robbed of an undisclosed amount of
money when collecting cash at the All-in-All shopping complex by three African males and two white males. The
suspects escaped in two vehicles. Upon chasing the suspects, the police arrested two of the suspects hiding in a
house in the Here-we-Are suburban area. 3.1 In the scenario, identify the primary and the secondary scene of the
incident. (2) 3.2 List the objectives of an investigation (4) 3.3 Briefly discuss the language usage in statements as
provided for in section 6(1) of the Constitution. (4) [10] QUESTION 4 4.1 Briefly explain the language usage in
statements/affidavits as provided for in section 6(1) of the Constitution. (4) 4.2 FOR3704/102/1/2025 During the
walkthrough at the scene of the incident, how can investigators effectively gather and preserve evidence to
ensure accurate reconstruction of events? (6) 4.3 4.4 Describe the distinction between modus operandi,
signature, and fantasy in criminal behaviour. (10) Define the meaning of digital evidence QUESTION 5 Scenario-
Based Question Read the following scenario carefully: (2) [22] On 15 January 2025, the EveryOne’s bank
cybersecurity team head, Lulama Du Plessis, detected unusual login attempts from an external IP address. These
attempts bypassed multi-factor authentication, leading the team to suspect credential stuffing or phishing. The
bank’s logs showed that large volumes of customer data were accessed outside regular business hours. Our first
step was securing the bank’s server logs and network traffic data. We worked with their IT team to capture
system event logs, which showed repeated login attempts from an IP address traced to a rented virtual private
server (VPS). Additionally, we collected firewall logs, which indicated unauthorized outbound data transfers to an
encrypted external server. Preliminary investigation - Investigator Next, our forensic team obtained a warrant to
seize a suspect’s laptop, which was recovered from an apartment belonging to a former bank employee, Lopie.
Using a forensic imaging tool, we created a bit-by-bit copy of the hard drive, ensuring that the original data
remained intact. The analysis revealed scripts designed to automate login attempts and extract customer
information. Furthermore, we discovered a hidden folder containing authentication tokens stolen from the bank’s
system. To link the suspect to the crime, we analysed metadata and timestamps, confirming that the
unauthorised data was transferred shortly after the suspect’s VPN connection was 4 FOR3704/102/1/2025
established. Additionally, chat logs retrieved from the suspect’s encrypted messaging app indicated discussions
about selling the stolen data on the dark web. We also collected and preserved digital evidence from cloud
storage services where the suspect had backed up some of the stolen information. Through legal steps, we
obtained access logs from the cloud provider, showing that the same VPS IP address was used to upload sensitive
customer records. All digital evidence was properly documented and secured using forensic chain-of custody
protocols. We ensured every step of the investigation followed legal and procedural guidelines, making the
evidence admissible in court. As a result of this investigation, we have obtained a strong case against the
suspect, who is now facing charges related to unauthorised access, data theft, and fraud. Our next step is
presenting these findings to the prosecutor for formal charges and trial proceedings.” 5.1 As an investigator, write
a formal investigation statement detailing your findings regarding the incident. Your statement should include: • A
QUESTION
summary of what1 happened based on the evidence collected. • The methods used to investigate and gather
1
