Hi all,
You can return your hard drives on Friday 6th of December between 10am-4pm on Level 3 of J17.
Remember that your marks will not be submitted for the course until your hard drive is returned.
Congrats on making it through the exam :)
At a minimum you should have about half of your labs and mid-term today. There may be more grades, depending on how marking progress goes.
Any other questions please email cs6445@cse.unsw.edu.au
Hi everyone,
After feedback from the students we will be reviewing particular questions in the mid-term exam and making judgements regarding whether particular questions are remarked or voided. We will keep you updated.
Your lab marks will be released slowly over this week and next week. Our aim is to ensure that you have enough feedback to go into the exam with a sense of perspective and context of your current performance. The reality is that with this being a new course we were struggling to find great tutors with good experience, and while we found them (our brilliant team of 3) finding such awesome people usually means they're quite busy (as many awesome people are), and this has slowed down our output. This is more my fault than anyone else so send your anger my way.
Finally, while we loved your written feedback, it would be great if you could spend the time to fill out the
myexperience results
for this course. It only takes a couple of minutes, and you can be light on the comments to speed it up. It's just useful data to have.
Hi everyone!
Most of you can find where you'll be seated for your exam in this link . Due to limited capacities we're running small groups of people in other labs, which is quite dynamic, so we've omitted from this list.
This list is subject to change, but will not change within 24 hours of the beginning of your exam. So check now, then check back sometime on Sunday just to sanity check.
Please note the specific computer you have been allocated. They are labelled in the labs and your invigilator will expect you to sit at the appropriate computer.
As always pleasure ensure you bring a form of ID (student ID, or drivers license, or passport) to the exam.
Hi everyone,
Any further questions email us cs6445@cse.unsw.edu.au
Hi everyone,
Some answers to FAQs have been released
here
to help you with your major project.
If an answer contradicts assumptions you have made, that's okay! We don't require you to change your write-up, the important part is your justification.
Good luck :)
Dear students,
I have also uploaded a paper on Signal to the Week 8 lectures. This is neither required or optional reading and is merely provided in case any of you are curious.
Regards, Ajoy
Dear students,
I have uploaded required and optional readings for Week 8. Given the late publication, I will only be expecting you to have read one of the "required reading" papers prior to our lecture on Tuesday -- the one by Hugh Selby.
Regards, Ajoy
Hi everyone, please provide any feedback you have about the mid-term quiz in this form . Be honest, be clear, and be specific. All will be collated and we (teaching staff) will address.
Some of you may have seen today's media regarding the NSW Police and their use of FinFisher being raised in parliament. The link is the ABC reporting is here: https://www.abc.net.au/news/2019-10-24/police-chief-refuses-to-tell-parliament-about-secret-spyware/11632956?WT.ac=localnews_sydney
You will recall me referring you, during a lecture, to the relevant Wikileaks files that are here: https://wikileaks.org/spyfiles4/
Those of you who are curious may want to do some reading.
Regards, Ajoy
Dear students,
Week 7 is being presented mostly by Shane Bell, a partner of McGrath Nichol (see https://www.mcgrathnicol.com/our-experts/shane-bell/ ). There is no additional pre-reading for Week 7, as it has already been included in either the General reading or across prior weeks.
I will shortly be creating another notice with some interesting reading that those of you who are curious may want to explore.
Regards, Ajoy
Hi all,
We're trying to figure out what the capabilities of our student's personal devices are. This will allow us to provide both a rewarding and fair final assessment.
If you could ALL please fill out this poll ASAP (today/tomorrow) that would be great :)
It literally takes 5 seconds, so if you're reading this, the quickest and easiest time to answer the question is
now!
Hi everyone, the lectures section now has the PDF from the week 4 lectures up
Hi everyone,
All enrolled students should have received an email from me last night about your mid-term quiz details. If you have not received these, please email me ASAP cs6445@cse.unsw.edu.au
Dear Students,
We have had to change the mid-term quiz, so it will now be undertaken using the course WebCMS. There will be three seperate WebCMS quizzes, each being one part of the Mid-term quiz:
Part 1 - 20 x True/False questions each worth 1 mark;
Part 2 - 20 multiple choice questions, each worth 1 mark. Some questions have multiple correct choices and you will need to select all correct choices to gain the mark.
Part 3 - 3 x short answer questions, each worth 5 marks. The suggested answers are 200-300 words with a 300 word max. My suggestion is to create the short answers using a word processor and then copy and paste them to the WebCMS quiz.
This equates to 55 marks for the mid-term quiz will then be scaled to reflect 10% of the overall course mark (as per the course outline).
The mid-term quiz remains as open book and you will no longer need the VMs. You will still need to access common tools to do conversions and calculations - these are available on standard Linux and Windows command line (assuming you have root/admin access) and also online on the Internet. As it is open book, you can also use the VMs if you want to.
Hi everyone,
It was a bit too implicit in the last notice, but you will not be using any VMs to complete the mid-term exam.
EDIT: This is a new change compared to last week. Ajoy and the team have changed up how we want the exam to operate, so this is the current and final information - you will not be using any VMs to complete the mid-term exam.
Hi everyone,
Your mid-term quiz will be held for the majority of you (unless you've been notified otherwise) at 2pm-4pm on Tuesday the 15th of October.
It will be done on your own laptops, in an exam room (likely a lecture theatre), as a Webcms3 quiz. During this exam you will be allowed to refer to readings, lecture slides, and the general internet (i.e. Google), but you will be prohibited (by invigilator supervision) to use any communication tools to speak to other students or anyone from the outside world.
We need to get a sense of your laptop's battery performance so please fill out the survey below .
The exact location of the exam will come out on Monday.
Given I am away this week, I have published the readings for my lecture early. As usual there is a required and an optional reading pack.
In addition to the required reading pack, there are two links to media reporting of disturbing cases that I will be discussing. A printout is also in the required reading pack as are Court transcripts for each case (Sef Gonzales and Ram Tiwary). Reflect on the media and the Court reporting for each case and consider the different approaches. Also consider how reading the media report might influence you as a digital forensic examiner who becomes engaged years later in an appeal (doesn't matter whether you are engaged for the prosecution or the appeallant.
There is only one item in the optional reading. I am still waiting for the NSW Police guest lecturer to provide his readings and will publish them as they become available.
NOTE : the two case (Sef Gonzales and Ram Tiwary) contain material that some students my find disturbing. The examinable material for Week 5 Lecture 1 will be limited to recognising the escalation from anxiety though to PTSD and coping mechanisms. You will not be examined on cases and may choose NOT to read them. If you feel disturbed by the readings, please seek approapriate assistance including UNSW student counselling.
I will be in Melbourne this week (Week 4) and the lecture will be delivered by Tabitha Bauer & Tim Boyce, guest lecturers from CBA.
With regards to the mid term quiz in Week 5, it will be 20 true/false questions (1/2 marks each i.e. 10 marks), 20 multiple choice questions (1 mark each i.e. 20 marks) and two short answer questions (1-2 paragraphs and 5 marks each) and then scaled to 10% of your overall course mark. The quiz will be open book and you may need to refer to materials from the tutorial/labs or use tools on the Virtual Machines to answer some questions.
You will be expected to be familiar with content in the Required Readings, Lectures and Tutorials/Labs for Weeks 1-4. You will also be expected to be familiar with the relevant parts of the General Readings that have been introduced across Weeks 1-4 e.g. Expert Witness Code of Conduct (from the Uniform Civil Procedure Rules), sections of the Evidence Act listed in the lecture slides, ISO 27037, etc. You will be expected to be familiar with tools and tasks used in the tutorial/labs e.g. using dd and manipulating images, create/compare hashes, simple file carving, etc
You will also be expected to be familiar with concepts and perform simple tasks based on the course pre-requisites and assumed knowledge for entry-level digital forensics practitioners. For example, where to find the authoritative domain registration details for various top level domains (TLDs) such as mydomain.com.au or how to convert and compare differently formatted timestamps.
You will not be tested in material introduced from Week 5 onwards, unless it is based on the course pre-requisites and assumed knowledge for entry-level digital forensics practitioners.
At this time we are expecting to use the UNSW Moodle for the quiz (not CSE WebCMS) but also be prepared for a pen and paper quiz if for whatever reason we are unable to.
Finally, don't forget that we have a guest lecturer from NSW Police for Part 2 of Week 5 i.e. Mac Forensics.
Enjoy your week,
Ajoy
Hi everyone,
A reminder that you have a mid-term quiz happening in week 5 on Tuesday 15th October from 2pm-4pm .
!! If you can't make this time, please notify me at cs6445@cse.unsw.edu.au ASAP (today or tomorrow).
!!
I'm sure more detail about this will come through on Tuesday in your lecture with Ajoy!
Please see the additional required and optional readings that have been uploaded for week 3 - they relate to a recent case which sets precedent for how The Wayback Machine can be considered as evidence of what webpages were are a certain (historical) date.
Dear students,
Nothing to do with Digital Forensics, but some thoughts about the challenges of improving cyber security you may find useful across your SECedu studies. From two of Australia's cyber legends Alastair McGibbon and Peter Coroneus, two people who have been generous mentoring me and now good friends.
https://www.youtube.com/watch?v=seIqtwt6dU0&feature=youtu.be
Regards, Ajoy
Hi all,
Lecture Recordings for COMP6845 students should now be available via the sidebar.
Hi everyone,
Your first assessment/activity deadline has been extended to Sunday 29th September at 5pm. This is to both to simplify things for late-enrolling students, and to remain consistent with the course outline.
This has been updated on both give and webcms3.
Just to over-communicate, this first activity is worth 10% of your assessment marks for the course.
Hi everyone. Lecture recordings are up, but at the moment only for COMP6445. UNSW Engineering are aware of this and are attempting to resolve the problem today. This is likely due to the formal moving of COMP6845 => COMP6445 not being complete yet, so the systems default processes haven't granted the right access.
It's in the sidebar on the left.
Hi everyone,
For your lab tomorrow, Ajoy has created an awesome activity for you to do your own forensic copying. Hopefully, this won't take you two years...
For this first lab, you will need access to Linux box, here is a Kali VM with the files you need for the activities already on there. The password is: PASSW0RD!$toor
Here is
a guide
to help you set up the VM - feel free to add comments you feel might help your peers set their VMs up :)
Please try and set up a Linux box or the VM before tomorrow's lab. But if you are unable to do so, that's okay - we'll have hard drives with the VM, so you can get set up relatively quickly :)
Hi all - just another reminder that your Tuesday
tutorial
time is just a placeholder at the moment and no supervised learning is happening there (for this week at the very least). We will update you if that changes.
As expected the lecture is on tonight from 6pm-9pm!
Due to technical issues, I have re-posted the General Reading under Week 1.
The required and optional readings for Week 1 are now available for download on WebCMS. Whilst you are not expected to have read Week 1's readings prior to tomorrow's lecture, from Week 2 onwards you will be expected to have read the required reading prior to the lecture . Some readings have particular chapters or sections Imprinted on the first page and you are only expected to have read those -- if there is nothing imprinted, you are expected to have read the whole article/paper/presentstion.
There is also some general reading in the Resources section (at this time it is showing an error and we are working on fixing that). Within that, there is legislation and regulation. You are not expected to read the whole Act -- as we progress through the course you will be guided to particular sections.
Hi all,
The course outline has been updated to include more explicitly who the guest lecturers are for 19T3. This is nothing to be concerned about, it's just our obligation to notify you of any course outline changes.
Hi everyone! The course outline has been released. Please take a look and post any questions you have with it in the comments section underneath on that page.
The key things to note about the course are:
Your first physical class will be 6pm-9pm next Tuesday of week 1 in Vallentine 121
Hi everyone!
If you could just answer two pick polls so we could learn more about what hardware you're all working with, we can preempt potential issues much easier.
Hi there!
My name is Hayden, and I'm one of the course admins for COMP6445 19T3.
We have an exciting team here to look after you, including:
An industry expert (Ajoy Ghosh) has prepared completely new lectures, lab material, assessments, and exams for this cohort - and I can say from what I've seen already - it's really cool and interesting stuff (makes me wish I was still a student and enrolled in forensics!). Richard is engaged every step of the way working with Ajoy on course development and focused on making sure it's a thought-provoking 10 weeks.
Not only that, but we're buying dedicated hardware for COMP6445, as well as advanced software also dedicated for COMP6445. The CSE school have been very supportive in funding SecEdu courses so it's great to see them continuing to do so with this course. So, there are a lot of turning cogs, and a lot of new things being tried out. Will we have hiccups in the next 10 weeks? Definitely! We can't avoid a few hiccups. That's the nature of the beast when trying to create something genuinely new and exciting. We're just looking forward to going on this journey with a great community of students who will no doubt ensure we've making this course the best it can be.