Faculty of Engineering & Technology

School of Computer Science and Mathematics

Coursework Title: CW1 - Web Forensics

Report Module Name: NETWORK FORENSICS

Module Code: 6502CSMM
Level: 6
Credit Rating: 20

Weighting: 50%
Maximum mark available: 100%

Lecturer: Tay Zar Thein

Contact: If you have any issues with this coursework you may contact your
lecturer. Contact details are:
Email : tayzarthein@auston.edu.mm

Hand-out Date: 7th November 2023

Hand-in Date: 28th November 2023

Hand-in Method: Assignment on Canvas

Feedback Date: 15 working days after Hand-in date

Feedback Method: Feedback form uploaded to Canvas

Programmes: Computer Forensics and Computer

Security

Introduction

Network Forensics can be associated with a number of activities including criminal or corporate
investigations, network management, or customer analysis. Performing Network Forensics in an efficient
manner requires a sound understanding of the underlying network technologies, especially as forensics is
applied to new and emerging areas of computing.

As an application, the Web (communicating web browsers and web servers) is undoubtedly the most
important application on the Internet today. Understanding traffic relating to the Web is therefore of key
importance in Network Forensics.
This coursework is concerned with examining the landscape regarding Network / Web Forensics and software
tools.

Learning Outcomes to be assessed

1. Compare and contrast how the fundamental concepts in computer networking can both help and
hinder network forensics.
2. Critically evaluate recent advances in network technologies to assess their impact and
applicability to network forensics.

Detail of the task

You will first provide a very brief introduction to the field of network forensics discussing the key concepts and
processes involved. This could include:
 A definition of Network Forensics
 A discussion on why network data is of forensic interest and to whom
 The sources of forensic information in networks and collection processes involved
 The general problems that need to be overcome

Next, you will review current techniques and practices for Web Forensics. This will be written from a Web
Server perspective and will discuss any special provisions needed to detect and investigate attacks against
web services in large organisations. You will not gain marks for discussing forensic investigations of web
browsers (clients).

The main topics you should cover are:

 The architecture of modern web services and the operational considerations involved.
 The common threats that may be encountered in web forensics and potential defences.
 The process that a forensic investigation should follow and the potential sources of information for web
forensics specifically.

What you should hand in

The coursework is an individual piece of work and you should submit a single word processed
document per person covering the topics outlined above. A typical report might contain at least 2500
words, excluding references and figures, though this represents neither a strict lower or upper limit.

The report should be submitted electronically via Canvas.

Marking Scheme/Assessment Criteria

Assessment Criteria % weighting for

each problem
part
1. Introduction to Network Forensics 30
Definition and initial discussion 10
Sources of network data and challenges 20
2. Discussion of Web Forensics 60
Overview of modern web services 20
Common threats and defences for web forensics 20
Web forensics process and information sources 20
Report format and presentation 5
References 5
Total 100

Recommended reading

You are expected to conduct your own research to investigate Web forensics in a sufficient level of technical
detail. You are free to consult research works published by IEEE Explore, the ACM Digital Library, or any
other repository.

Personal Circumstances
If something serious happens that means that you will not be able to complete this assignment, you need to
contact the module leader as soon as possible. There are a number of things that can be done to help, such as
extensions, waivers and alternative assessments, but we can only arrange this if you tell us. To ensure that the
system is not abused, you will need to provide some evidence of the problem.

More guidance is available at https://www.ljmu.ac.uk/about-us/public-information/student-

regulations/guidance-policy-and-process

Any coursework submitted late without the prior agreement of the module leaderwill receive
0 marks.

Academic Misconduct
The University defines Academic Misconduct as ‘any case of deliberate, premeditated cheating, collusion,
plagiarism or falsification of information, in an attempt to deceive and gain an unfair advantage in
assessment’.
This includes attempting to gain marks as part of a team without making a contribution. The Faculty takes
Academic Misconduct very seriously and any suspected cases will be investigated through the University’s
standard policy (https://www.ljmu.ac.uk/about-us/public-information/student-regulations). If you are found
guilty, you may be expelled from the University with no award. It is your responsibility to ensure that
you understand what constitutes Academic Misconduct and to ensure that you do not break
the rules. If you are unclear about what is required, please ask.

For more information you are directed to following the University web pages:
 Information regarding academic misconduct: https://www.ljmu.ac.uk/about-us/public-
information/student-regulations/academic-misconduct
 Information on study skills: https://www.ljmu.ac.uk/microsites/library/skills-ljmu/academic -
study-skills
 Information regarding referencing: https://www.ljmu.ac.uk/microsites/library/skills-
ljmu/referencing-and-endnote