Unit Outline
School of Information and Communication Technology
College of Sciences and Engineering
KIT725
Cybersecurity and eForensics
Semester 2, 2023
Bilal Amin
CRICOS Provider Code: 00586B
 
Unit Coordinator
Bilal Amin
Email: Bilal.Amin@utas.edu.au
 
 
What is the Unit About?
Unit Description
This unit focuses on the planning and implementation aspects of cybersecurity. Firstly, the unit introduces cybersecurity frameworks and incident response processes for effective cybersecurity planning. Secondly, it delivers details regarding the recent cybersecurity threats and their attack models; moreover, it develops the knowledge of modern-day security and safety measures to counter these attacks. These measures include topics such as identity management, the security of data in transit and at rest, and secure coding practices based on CWE listings. Lastly, this unit builds cybersecurity implementation skills by developing a software application for an organisational scenario and evaluating it by factors such as implementation challenges, limitations, and data privacy. The eForensics aspect of this unit develops the understanding and skill of digital forensics in the cybersecurity domain. It introduces the fundamentals of the digital forensic process, applied tools, and techniques. Students further develop their digital forensics skills by participating in a series of lectorials and workshops that are targeted around applying an industry-proven eForensics toolkit for evidence acquisition, processing, analysis, and reporting.
Intended Learning Outcomes
As per the Assessment and Results Policy 1.3, your results will reflect your achievement against specified learning outcomes.
On completion of this unit, you will be able to:
1
Explain modern-day digital security and safety measures in order to devise an incident response plan.
2
Design and develop a software application in order to demonstrate preventive measures by incorporating secure software development practices.
3
Recommend and apply eForensic tools in digital forensic scenarios.
4
Investigate eForensic artefacts by applying principles and techniques of digital forensics.
Requisites
REQUISITE TYPE
REQUISITES
Pre-requisite
KIT501
Alterations as a result of student feedback
1. An in-semester test/quiz worth 5% (due week #5) covering the topic of incident response is added
2. Some of the lectures (weeks 2-6, 8, 10, 12) are replaced with interactive workshops
3. Tutorial structure is updated
 
 
Teaching arrangements
ATTENDANCE MODE
TEACHING TYPE
LEARNING ACTIVITY
CONTACT HOURS
FREQUENCY
On Campus
Lecture
A real-time (i.e. synchronous) interactive activity involving the whole class whose primary purpose is the presentation and structuring of information/ideas/skills to facilitate student learning. All students are expected to attend.
2
Once only (2 times)
Workshop
A structured real-time (i.e. synchronous) activity that involves a mix of presentation of new information/ideas/skills and guided activities related to that information/ideas/skills. All students are expected to attend.
2
Once only (8 times)
Tutorial
A structured real-time (i.e. synchronous) activity in a small-group setting where the primary purpose is the clarification, exploration or reinforcement of subject content presented or accessed at another time or place (e.g. lecture, preparatory work). It is reliant on student-teacher and student-student interaction and dialogue for achievement of its learning outcomes. The students enrolled in the tutorial are expected to attend.
2
Once only (3 times)
Independent Learning
Involving reading, listening to audio, watching video, and/or completing exercises and/or quizzes, self-study is individual work undertaken when the student chooses (i.e. asynchronous), most likely through engagement with MyLO. The content is examinable, and may need to be completed prior to attending classes and/or attempting assessment tasks.
1.50
Weekly
Attendance/Engagement Expectations
It is expected that you will attend all on-campus and onsite learning activities. This is to support your own learning and the development of a learning community within the unit.
 
If you miss a learning activity for a legitimate reason (e.g., illness, family commitments) teaching staff will attempt to provide alternative activities (e.g., make up readings) where it is possible.
 
If you are unable to attend regularly, please discuss the situation with your course coordinator and/or our UConnect support team.
 
 
 
 
How will I be Assessed?
Assessment schedule
ASSESSMENT TASK #
ASSESSMENT TASK NAME
DATE DUE
WEIGHT
LINKS TO INTENDED LEARNING OUTCOMES
ASSESSMENT TASK 1:
Cybersecurity planning and incident response quiz
Week 5
10 %
LO1
ASSESSMENT TASK 2:
Cybersecurity incident analysis
Week 6
20 %
LO1, LO2
ASSESSMENT TASK 3:
Digital Forensic Tools Evaluation Report
Week 10
20 %
LO3, LO4
ASSESSMENT TASK 4:
Cybersecurity assignment
Week 13
20 %
LO1, LO2
ASSESSMENT TASK 5:
Forensic Toolkit (FTK) assignment
Week 13
30 %
LO3, LO4
Assessment details
Assessment Task 1: Cybersecurity planning and incident response quiz
TASK DESCRIPTION:
This is an individual assessment that consists of two in-semester quizzes. The first quiz (worth 5%), covering the topic of cybersecurity planning, is due in week #3. The second quiz (worth 5%), covering the topic of incident response, is due in week #5. Each quiz will have 10 multiple-choice questions, which must be completed in one attempt and within 30 minutes of total time.
Week of distribution and due date: The Cybersecurity Planning Quiz will be available after the second-week workshop. The Incident Response Quiz will be available after the fourth-week workshop. Students will have one week to complete each quiz.

TASK LENGTH:
30 min. for each quiz
DUE DATE:
Week 5
WEIGHT:
10 %
 
CRITERION #
CRITERION
MEASURES INTENDED LEARNING OUTCOME
1
Answer questions correctly on the cybersecurity framework based on framework specifications
LO1
2
Answer questions correctly on the incident response for the provided guidelines
LO1
 
Assessment Task 2: Cybersecurity incident analysis
TASK DESCRIPTION:
Students will work in groups to research cybersecurity incidents of high impact that have occurred in the last 10 years. The template of this research will follow the "Anatomy of a cyber-attack" guidelines provided in the third workshop. The outcome of this research will be a 15-minute presentation by each group. This presentation will highlight the background, timeline, impact, and preventive measures in relation to the incident. This assignment will enable students to learn about modern-day cybersecurity measures in place and explain their motivation and limitations to devise an effective incident response plan.
Week of distribution and due date: The topics for this research will be posted in week 3 on MyLO. Student groups will select the topic of their interest and research the relevant cybersecurity incident. The assessment will be due in week 6.

TASK LENGTH:
recorded presentation of 20-25 slides, depending on the incident under discussion
DUE DATE:
Week 6
WEIGHT:
20 %
 
CRITERION #
CRITERION
MEASURES INTENDED LEARNING OUTCOME
1
Research a high impact cybersecurity incident and discuss significant changes in the policy, planning, and implementation of global cybersecurity practices.
LO1, LO2
2
Analyse the incident and present the research using the required template
LO1
3
Recommend an incident response plan and justify appropriate countermeasures to defend against similar cybersecurity threats.
LO1
 
Assessment Task 3: Digital Forensic Tools Evaluation Report
 
TASK DESCRIPTION:
Students will work in groups to evaluate 3 current state-of-the-art digital forensics tools. The outcome of this assignment will be a 4-page survey that (1) explains the feature set of each tool; (2) provides a tool comparison matrix; (3) identify specialised use cases for each tool; and (4) a demonstration of one of the tools under evaluation. This assignment will enable students to develop the knowledge of current industry-applied digital forensics tools; moreover, the understanding of unique situations and scenarios for which specialised tools and protocols are required.

Week of distribution and due date: The assignment will be available in week 7 on MyLO. The survey report will be due in week 10.

TASK LENGTH:
2000 words
DUE DATE:
Week 10
WEIGHT:
20 %
 
CRITERION #
CRITERION
MEASURES INTENDED LEARNING OUTCOME
1
Provide evaluation of 3 industry-proven digital forensics toolkits
LO3
2
Develop a comparison matrix with a complete feature set of tools covering all 5-steps of digital investigation
LO3
3
Identify specialised and unique use cases for each tool under evaluation
LO3, LO4
4
Demonstrate one of the tools under evaluation to educate peers
LO3, LO4
 
Assessment Task 4: Cybersecurity assignment
TASK DESCRIPTION:
Students will work in groups to enhance a software application that demonstrates vulnerabilities at the code level. To develop the application, students will implement the source code in a high-level language and provide test cases. The application will address the secure programming challenges described in the latest CWE listings. In addition to the source code, students will submit a video demonstration and a post-implementation analysis that addresses the technical aspects of the assignment. These aspects include implementation challenges, limitations, data privacy, and outcomes of test cases. Through this assignment, students will learn to work as a team to produce a software solution without known vulnerabilities, following industry-based development practices.
Week of distribution and due date: Assignment specification will be made available in week 6. Assignment submission will be due in week 13.

TASK LENGTH:
In a software application with approximately 3 high-level requirements, each requirement may address 2-3 vulnerabilities.
DUE DATE:
Week 13
WEIGHT:
20 %
 
CRITERION #
CRITERION
MEASURES INTENDED LEARNING OUTCOME
1
Analyse a modern-day cybersecurity threat.
LO1
2
Complete a project plan with requirements specification, formal design, and test scenarios.
LO2
3
Incorporate the latest software vulnerability listings such as CWE-25 and OWASP top 10 where applicable.
LO2
4
Develop source code as per the project specification.
LO2
5
Report the analysis of the test results, project limitations and challenges.
LO1, LO2
 
Assessment Task 5: Forensic Toolkit (FTK) assignment
TASK DESCRIPTION:
This is an individual assessment in which students will apply their skills using Access Data's forensic tools, including Imager, Registry Viewer, and FTK. The assignment will enable students to apply digital forensics principles and techniques to eForensic artifacts such as files, registry keys, logs, images, messages, and timestamps. Students will submit the assignment as a Word document that reflects the outcomes of the steps taken during the investigation process.

Week of distribution and due date: The assignment will become available in week 9. The investigation process will take place during the eForensic tutorials in weeks #9, #11, and #13. The outcome of each tutorial will be submitted as a component of the assessment. The final component of the assessment must be submitted on MyLO by the end of week 13.

TASK LENGTH:
~6 hrs. (2 hrs. each for Imager, Registry viewer, and Forensic toolkit modules)
DUE DATE:
Week 13
WEIGHT:
30 %
 
CRITERION #
CRITERION
MEASURES INTENDED LEARNING OUTCOME
1
Acquire eForensic artefacts with forensic integrity intact
LO3, LO4
2
Investigation and evaluation of the key eForensic artefacts
LO4
3
Report key eForensics artefacts post-investigation
LO3, LO4
 
 
 
How your final result is determined
To pass this unit, you need to demonstrate your attainment of each of the Intended Learning Outcomes, achieve a final unit grade of 50% or greater, and pass any hurdle tasks.
 
Submission of assignments
Where practicable, assignments should be submitted to an assignment submission folder in MYLO. You must submit assignments by the due date or receive a penalty (unless an extension of time has been approved by the Unit Coordinator). Students submitting any assignment in hard copy, or because of a practicum finalisation, must attach a student cover sheet and signed declaration for the submission to be accepted for marking.
 
Requests for extensions
If you are unable to submit an assessment task by the due date, you should apply for an extension.
A request for an extension should first be discussed with your Unit Coordinator or teaching support team where possible. A request for an extension must be submitted by the assessment due date, except where you can provide evidence it was not possible to do so. Typically, an application for an extension will be supported by documentary evidence: however, where it is not possible for you to provide evidence please contact your Unit Coordinator.
The Unit Coordinator must notify you of the outcome of an extension request within 3 working days of receiving the request.
Late Penalties
Assignments submitted after the deadline will receive a late penalty of 5% of the original available mark for each calendar day (or part day) that the assignment is late. Late submissions will not be accepted more than 10 calendar days after the due date, or after assignments have been returned to other students on a scheduled date, whichever occurs first. Further information on Late Penalties can be found on the Assessments and Results Procedure.
 
Review of results and appeals
You are entitled to ask for a review of the marking and grading of your assessment task if there is an irregularity in the marking standards or an error in the process for determining the outcome of an assessment. Details on how to request a review of a mark for an assignment are outlined in the Review and Appeal of Academic Decisions Procedure.
 
 
 
Required resources
Required Reading Materials
All required reading materials will be made available on MyLO
 
Recommended Reading Materials
All recommended readings will be made available on MyLO
 
Other Required Resources