Login
Menu

Environment and Experiment Plan

Home / Blog / Environment and Experiment Plan

Environment and Experiment Plan

Task

Prepare a controlled environment to run experiments.

Write a summary report that justifies the controlled environment.

Write an experiment plan that explains the approach taken to understand the artefacts created by the software.

 

Description

You will prepare and demonstrate a controlled environment. You should identify any environment control mechanisms you have added to avoid any confounding factors having an impact upon your experiments.

 

Your controlled environment would normally be contained within a virtual machine. It is highly advisable for you to use a virtual machine.

 

Your controlled environment should be well-considered and not simply be an installation of Windows. You should consider the setup of the operating system, the setup of the hardware, and ensure that only necessary services or background programs are running. Anything that can have an adverse effect on the data should be prevented from running. You should consider which services are necessary to run the software correctly, and disable any unnecessary services. Be careful not to disable too many, otherwise you may prevent some artefacts from being created that would normally be created.

 

 

You will create an experiment plan for each file system artefact. The software contains 4 file system artefacts and you must therefore provide 4 individual plans, one for each file system artefact.

 

The experiment plan should provide enough information that you could give it to another forensic investigator for them to run the experiments on your behalf. You should use divide and conquer techniques to identify a list of experiments that you will perform. Each experiment you identify should contribute towards identifying the data structures contained within the data files created by the software.

 

Your plan should contain enough information so that another forensic investigator would know exactly how to approach the experimentation task.

 

The list of experiments (produced using divide and conquer techniques) should provide a summary of what you intend to achieve.

 

 

There are 4 file artefacts for you to examine. For each data artefact you should provide a list of experiments that you will perform to understand the data inside those file artefacts. For one of those experiments you should provide a detailed plan of how you will perform the experiment.

 

Important: Don’t use the same experiment 4 times. You should choose a different experiment each time – you will lose marks for repeating the same experiment.

 

Your plan should identify how you will:-

 

  • Move from one file artefact state to another
  • Isolate each individual data structure artefact
    • Isolate grouped data structure artefacts
    • Isolate individual data structure artefacts
  • Understand what the software does to update the file system artefact metadata
    • Modified, Accessed, Created – and other metadata
  • Analyse the data and draw conclusions

 

Is this the question you were looking for? If so, place your order here to get started!