Assessment Information and Rubric
Subject Code
CY B601
Subject Name
Cyber Forensics
Assessment Number and Title
Assessment 2:
Case Study: research, analysis, and practical
design Report.
Video recording link presentation and practical
demonstration – Group
Assessment Type
Group Report and Video Recording
Presentation (3-4 students in each group)
Length / Duration
3000 + 10% words
10-15 slides, 10 minutes Video Recording
Weighting %
Assessment 2: 30%
Total Marks
100
Submission
(Tumitin Submission and recorded
presentation of 10 minutes showing presenter
face etc.)
Due Date
Assessment 2: Week 7 – Sunday 11:59 PM.
Mode
Assessment 2 : Group Assignment Report-
Word file only and attached Video recording
link from MS Stream (10 Mins)
Format
Report and Recorded Presentation
Assessment Description and Instructions
This assessment requires students to critically analyse a recent cybersecurity incident, conduct in-
depth research, and design a practical forensic response plan. The focus will be on applying cyber
forensic investigation techniques to understand the cause, impact, legal implications, and mitigation
strategies related to the case study. The assessment will be divided into two components:
- Assessment 2 (a) – Group Report (3000 + 10% words) (20%)
- Assessment 2 (b) – Group Presentation (10-15 slides & 10-minute recorded presentation)
(10%)
Case Study: MOVEit Data Breach (2023)
In May 2023, Progress Software’s MOVEit Transfer file-sharing tool was exploited by the CIOp
ransomware group, leading to one of the largest data breaches of the year. The attackers exploited
a zero-day vulnerability, allowing them to exfiltrate sensitive data from government agencies,
businesses, and financial institutions.
The breach impacted hundreds of organisations, including Shell, British Airways, U.S. Department
of Energy, and multiple banks, exposing personal data, financial records, and corporate documents.
The attack underscored vulnerabilities in third-party file transfer systems, regulatory challenges, and
the growing risk of supply chain cyber threats.
Your task is to analyse the MOVEit breach from a cyber forensic perspective and develop a detailed
response and mitigation plan.
Assessment Requirements
Assessment 2 (a): Group Report
Your group must produce a detailed forensic report that includes:
- Incident Overview & Timeline
a. What happened, when, and how was the attack discovered?
b. Key milestones in forensic investigation. - Attack Vector & Exploitation
a. How did the CIOp ransomware group exploit the MOVEit vulnerability?
b. Technical analysis of the vulnerability and exploitation method. - Forensic Investigation Process
a. How should forensic teams analyze such an attack?
b. Evidence collection, volatile and non-volatile artifacts.
c. Tools and methodologies (e.g., Autopsy, Wireshark, FTK, EnCase). - Legal & Regulatory Implications
a. Data privacy laws and compliance failures (GDPR, Australian Privacy Act 1988, etc.).
b. How organizations and governments responded legally. - Impact Analysis & Risk Assessment
a. Who was affected, and what were the consequences?
b. Financial, reputational, and operational impact.
c. How can similar organizations assess their cyber risk exposure? - Mitigation & Future Prevention
a. Steps taken post-breach to secure affected systems.
b. Recommendations for securing third-party applications.
c. Cybersecurity policies and frameworks (Zero Trust, ISO 27001, NIST, etc.). - Practical Task 1: Network Forensic Analysis & Log Investigation
a. Analyze network logs to identify Indicators of Compromise (loCs) related to the TE
POLITEOHNE
MOVEit breach.
b. Show the use tools such as Wireshark, Splunk, or ELK Stack to examine malicious
traffic patterns
c. Documentfindings and highlight how forensic investigators can track data exfiltration.
8. Practical Task 2: Memory Forensics & Malware Analysis
a. Extract and analyse memory dumps using Volatility or Rekall to detect malware
linked to the attack.
b. Identify running processes, registry modifications, and injected code used in the
exploit.
c. Provide a structured forensic report based on the findings.
9. Conclusion & Lessons Learned
a. Key takeaways from the breach.
b. Future trends in cyber forensics and supply chain security.
10. References & Citation
· Minimum 12 academic sources (journals, reports, case studies, white papers, etc.).
· APA referencing style.
Assessment 2 (a): Report Submission Requirements
. Read the assessment brief carefully, adhere to all instructions, and check the marking rubric
thoroughly
.
Submit one Word document with a cover page listing the names of all students who
contributed to the assessment to the report submission link
. The report must be in MS Word format, with 1.5 spacing, 12-pt Times New Roman font
and 2 cm margins on all sides
. Use appropriate section headings for clarity
.
All figures, tables, and screenshots must include captions and descriptions
. References must be cited within the text and listed in APA reference style at the end of the
report.
. All submissions must be completed on Moodle by the due date, along with a completed
Assignment Cover Page
.
One team member, preferably the group leader, must submit the report with the link for the
video recording on behalf of the entire group.
Assessment 2 (b): Group Presentation
Your group must deliver a 10-minute recorded presentation (10-15 slides) covering:
Summary of the MOVEit breach & forensic analysis.
·
. Technical breakdown of the attack methodology
Investigation steps and forensic tools used.
·
· Impact on businesses, governments, and individuals.
· Legal & ethical considerations in forensic investigations.
.
Recommendations for mitigating future supply chain cyber threats.
· Findings from Practical Task 1 & 2 with documented evidence.