Submission Requirements

Old policy of submission requires submitting the report both electronically and in hard copies. Electronically it has to be submitted by Moodle within 10 am on the day of the deadline. No submissions will be entertained after the deadline. PDF format without password protection should be used. The original file needs to be retained as long as the report is not passed in case any clarification is required. Certain rules should be followed while submitting the hard copies. Two copies are required to be submitted to the Programmes Office by 3 pm on the same day of deadline. A maroon cover with The City University London printed on it in gold and brass-binding screws should be used to bind the report. If someone wants to buy it second hand, the binders will be available in the Postgraduate office at zero cost. The new binders will be available from the City University branch of Waterstones in Northampton Square. The name, project title, degree and year of studying has to be mentioned on the spine of each copy. In case the project includes software development then two CD and DVD must be provided containing the codes. Same information has to be provided on the top of the CD and DVD’s. Whereas, in the new policy, the reports need to be submitted electronically via Moodle. The procedure is almost similar to the old policy. The only difference is that no hard copies need to be submitted. All the documents should be shared electronically. In case the reports deal with software development, then USB drives along with CD’s and DVD’s can be provided. However, the electronically shared documents are not viewable by all due to some limitations. In case the reports are not visible online, hardcopies of the files can be submitted. The tasks are to be submitted to a number of staff members. Name, student number and course name should be mentioned on the top cover. A4 size brown top covers and standard university binders will be available in the Programmes Office.

 Two risk scenarios for the new policy:

There are several risks of submitting assignments via Moodle. Two such scenarios can be explained as below:

• First, the students might face problem while uploading the solution online. Nowadays most of the Universities use the online method of assignment submission. However, they do not offer 24/7 hour service (City.ac.uk., 2018). Therefore, a student experiencing issues with submission cannot receive help from the module team for assignment settings, as they might not be available after the working hours. As a result, they might miss the deadlines and according to the new policy of submission, students will not be able to submit their tasks after the deadline. This might land the students into serious problems in addition with deduction of marks that might risk the careers of the concerned students.
• Secondly, some malware or unauthorized action might lead to distributed denial of service (DDOS) (Kiennert et al., 2017). In every university, there are some students those are involved in malware activities. They take such actions to put the university in problem (Cahyani Martini Choo and Al?Azhar, 2017). These activities leads to the deletion of the assignments submitted by the students along with staff files. Once the files are deleted from the database, it cannot be restored (Baytiyeh, 2017). The possible circumstances would be, the students working on the assignments once again for alternative solution or the university will have to compromise a bit and give average marking to the students (Rege, 2016). However, the later possibility is quite unethical and unfair for the students. They will not be marked based on their performances.   

Anticipatory measures:

• Triggers of the incident is a significantly good source of acquiring information. The events that are identified in the above scenarios are missing of deadline for submission, unauthorized activities performed on the network of the university and distributed denial of services (?nners, 2014). These scenarios will lead to career risk of the students. The files of the student was not found instead a broken link was attached to the existing student files. As a result the students were neither able to use the link nor edit the assignment (Tøndel Line and Jaatun, 2014). The frequency of occurrence of these actions are high because the network of the university are not so secured. It becomes easy to perform malicious actions on the network services thereby affecting the smooth working of Moodle (Nelson Phillips and Steuart, 2014). This information will help the tutors to set deadlines in such a way that the students does not face any problem regarding submission via Moodle further.
• Evidences can be collected from the back-up system of Moodle. This feature of Moodle proves to be helpful for restoring the deleted files and for collecting evidences of the risk scenarios (Chen Han and Chen, 2013). The back-up files are in the form of .mbz file, which is an archive of the Moodle file.
• Information can also collected from the analysis of the risk scenarios like the frequency of occurrence and comparing them with the previous evidences collected for a similar case.
• Setting up incident management team can also act as a method for gaining information of such malicious actions.

The incidents can be managed well by following the below listed guidelines:

• The evidences should be reported to the responder. Responder is the person to whom the fears and suspicions to produce evidences are first communicated (Martini and Choo, 2013). In any incident, he is the first one to make the initial diagnosis like the head of the university. The person should have strong analyzing powers so that he is able to diagnose the incident.
• It will not be possible for the main board to conduct investigation while maintaining supervision therefore, they should refer to a specialized team for this activity (Scanlon Du and Lillis, 2017). The special management team will efficiently resolve the situation.
• As the incident is related to cyber security therefore, a specialized IT team will perform efficiently (Carneiro, 2013). They should report the evidences to the controlling board of the university who has the powers to take decisions to combat the situation.
• However, most of the universities does not require forensic computing skills. For this, the higher authorities of the university should have the awareness of issues regarding collection of evidences and the knowledge of how the specialized team performs.

Long-term incident response measures:

• The long-term measures should be such that the incident does not occur frequently. Therefore, the existing gaps in the present evidences should be determined and further measures should be taken to identify the previous gaps in the investigation process.
• Management board of the university should arrange for the overall improvement of the decision-making procedures so that more potential worthwhile evidences can be collected.
• The IT team within the university should be given proper training to handle the local evidences. This will eliminate the cause to hire specialized IT team for detecting malfunctioning in Moodle. If the people within the organization are trained enough to determine the culprit then the cost of occurrence will be reduced. With the increasing number of IT crimes the methods of evidence collection has changed. Therefore, the professionals should have updated knowledge of evidence collection methods.
• The management board should also arrange for regular monitoring of the Moodle server so that if any kind of malware is noticed, it can be informed immediately to the top management and instant actions can be taken. This will be helpful for the students, as they will not miss the deadlines.

Literature Search for admissibility of digital evidence based on Daubert criteria (US):

Daubert criteria is the rule that the United States federal law follows regarding the admissibility of digital evidence in court (WG, 2018). A party raises a Daubert motion when he finds that the evidences provided before or during trial sessions in front of the jury are unqualified or inappropriate. The Daubert standard consists of the following guidelines:

• It is the task of the trial judge to analyze whether the evidences provided in front of the jury abide by the scientific knowledge or not. This is known as gatekeeping. Therefore, the trial judge act as the gatekeeper.
• The admissibility of digital evidence is governed by various rules that says evidences cannot be judged on its weightage, it has to be relevant to the task in hand (Pdfs.semanticscholar.org, 2018). The evidences and witnesses provided should be collected through reliable methods.
• It will be concluded that the evidences abide by scientific knowledge only if the methods of acquiring evidences are found to be scientific.
• There are set of rules that has to be followed to carry out scientific methodologies of evidence collection according to Daubert Standard. First several hypotheses has to be formulated and then experiments to falsify the hypotheses need to be carried out to determine whether the following criteria has been fulfilled:

1. Whether the scientific community has accepted the theory or technique of data collection.
2. Whether the rate of error is acceptable.
3. Whether it can be peer reviewed or not.

Electronic Submission Requirements

Literature Search for admissibility of digital evidence based on the ACPO guidelines:

According to the Association of Chief Police Officer (ACPO) guidelines:

• Same rules and laws follow for both digital evidence and documentary evidence (Digital-detective.net, 2018).
• Access to the original data must be given to the person for evidence collection where the image of the data cannot be taken and data is stored in a remote location. It should be kept in mind that the person should be given a chance to retrieve data and produce it as evidence in front of the jury.
• Alteration, deletion and other changes can happen in programs and operating systems without anyone being directly involved in doing so. This case should be considered while evaluating the evidences to arrive at a decision.
• It is the duty of the prosecution to present that the evidences are the same as it was at the time of possession by the law enforcement.
• Investigators should use relevant and reliable methods for the data collection.
• It is necessary to present before the court the methods by which the evidences were obtained. Evidences should be preserved so that whenever a third party requires them the evidences can be used to arrive at the same result as presented in the court (Barton and Azhar, 2016).

Discuss briefly on ACPO guidelines:

According to the above guidelines, a variety of legislation applies in digital evidence examinations. The first one is the Computer misuse act. According to the first act, it is a punishable offence to access personal data without legal authorization. This will be referred to as hacking. The Police and the Justice Bill 2006 has amended penalty for such actions. Computers are also hacked to impair or stop the smooth operation of the systems. This malicious activity affects the programs and according to the act carries a penalty of maximum 10 years imprisonment.  

Discuss briefly on Daubert criteria:

According to Daubert standard, the prosecution has to present before the jury a relevant and reliable evidence such that it becomes easy for the jury to arrive at a conclusion. The methods of collecting the evidences should abide by the rules of the Standard. The methods adopted for obtaining the witnesses should be as per the scientific methodologies. However, if the opponent party finds that the evidences are unqualified, then they might raise the Daubert motion.

Compare and contrast between ACPO guidelines and Daubert criteria for admissibility of digital evidence:

There is much debate on the admissibility of scientific evidence in court. Digital evidences are data or information that are stored and transmitted in an electronic device. They are obtained mainly from emails, text and instant messages (Forensicsciencesimplified.org, 2018). The evidences can be acquired only when these devices are seized. Digital evidences can be in any form. Fingerprints or DNA evidences are hidden (Poisel Malzer and Tjoa, 2013). They can be destroyed and altered at any point of time and is also time sensitive (Garrie, 2014). The two legal frameworks differs from each other in the following points:

• Daubert Standard mainly focuses on the methods the evidences are obtained. It says that the evidences should be collected in a reliable way.  It is the prime duty of the trial judge to analyze whether the witnesses collected are by scientific methodologies or not. Whereas, the ACPO guidelines mainly focuses on the rules and regulations of evidence collection (Scanlon Farina Khac and Kechadi, 2014). It says that both the digital evidence and documentary evidences follows the same rules and laws.
• Daubert criteria requires that the evidences provided at the time of trial should be same as that of the evidences possessed during the time of possession of the case by the investigator (Pakkanen Bosco and Santtila, 2014). Whereas, ACPO guidelines say that, as digital evidences are stored in electronic devices, some alteration or deletion in the programs and the operation system might happen. They are not performed intentionally by anyone. Therefore, the court needs to consider the case.
• Daubert standard sets certain rules for the process of obtaining data. First, a hypothesis is formulated and then experiments to prove the hypotheses is to be carried out. This will help the trial jury to judge whether the evidences have been approved by the scientific community, the errors have been approved or not and so on. This will eliminate the extra time required by the judge to check whether the data obtaining method was reliable or not. Whereas, according to the ACPO guidelines the evidence acquisition method is not given so much of importance (Daryabar Dehghantanha and Udzir, 2013). It is assumed from the beginning that the evidences has been collected in a reliable way.

Discussion on whether the two scopes are comparable or not:

 The two scopes are highly comparable because they both focus on the admissibility of digital evidence. They might differ in concept in their own ways however, both of the above guidelines can be used to solve the same problem. The comparison is given in the above points. ACPO guidelines say that the unauthorized access to computers for collecting evidences is a criminal offence and is punishable by law (Shaw and Browne, 2013). Whereas, Daubert criteria says that the methods of collecting evidences should be scientific which indirectly conveys the message that the method should be authorized.   

Hard Copy Submission Requirements

Discussion on the fact if the two scopes are solving the similar problems:

The two scopes are applicable for solving the same problem. Both can solve the problem related to the acquisition of data that are produced in the court.

Example that show they are required to solve the same problem:

For example, if we consider the scenario that the students were unable to submit their assignments via Moodle due to some malicious actions performed by some students on the universities network. This case has been reported to the top management who has hired investigators to investigate the case. Now, the investigators will collect evidences that will be helpful to detect the culprit. They can abide by either of the two guidelines. They can choose the evidence collecting guidelines mentioned by Daubert standard or the ACPO guidelines. Both will help them reach to a correct conclusion detect the actual criminal. 

References:

Barton, T. and Azhar, M.H.B., 2016, October. Forensic analysis of the recovery of Wickr’s ephemeral data on Android platforms. In The First International Conference on Cyber-Technologies and Cyber-Systems (pp. 35-40).

Baytiyeh, H., 2017. Perceptions of Professors and Students towards Moodle: A Case Study. In Exploring the New Era of Technology-Infused Education (pp. 206-229). IGI Global.

Cahyani, N.D.W., Martini, B., Choo, K.K.R. and Al?Azhar, A.M.N., 2017. Forensic data acquisition from cloud?of?things devices: windows Smartphones as a case study. Concurrency and Computation: Practice and Experience, 29(14), p.e3855.

Carneiro, M.M., 2013. Evaluating assessment procedures in a super-sized English as a foreign language online class. Glasgow, 10-13 July 2013 Papers, p.234.

Chen, Z., Han, F., Cao, J., Jiang, X. and Chen, S., 2013. Cloud computing-based forensic analysis for collaborative network security management system. Tsinghua science and technology, 18(1), pp.40-50.

City.ac.uk.(2018).[online]Availableat:https://www.city.ac.uk/__data/assets/pdf_file/0020/303653/6b-Major-Incidents-and-Online-Assessment-Report-Format.pdf [Accessed 29 Jul. 2018].

Daryabar, F., Dehghantanha, A. and Udzir, N.I., 2013. A review on impacts of cloud computing on digital forensics. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(2), pp.77-94.

Digital-detective.net. (2018). [online] Available at: https://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf [Accessed 29 Jul. 2018].

Forensicsciencesimplified.org. (2018). [online] Available at: https://www.forensicsciencesimplified.org/digital/DigitalEvidence.pdf [Accessed 29 Jul. 2018].

Garrie, D.B., 2014. Digital forensic evidence in the courtroom: Understanding content and quality. Nw. J. Tech. & Intell. Prop., 12, p.i.

?nner, B., 2014. PROBLEMS AND RECOMMENDATIONS ON USING A RESTRICTED COMPUTER ENVIRONMENT FOR EXAMS ON MOODLE. Engineering Sciences & Technologies/Nauki Inzynierskie i Technologie, 4(1).

Kiennert, C., Rocher, P.O., Ivanova, M., Rozeva, A., Durcheva, M. and Garcia-Alfaro, J., 2017, July. Security challenges in e-assessment and technical solutions. In Information Visualisation (IV), 2017 21st International Conference (pp. 366-371). IEEE.

Martini, B. and Choo, K.K.R., 2013. Cloud storage forensics: ownCloud as a case study. Digital Investigation, 10(4), pp.287-299.

Nelson, B., Phillips, A. and Steuart, C., 2014. Guide to computer forensics and investigations. Cengage Learning.

Pakkanen, T., Bosco, D. and Santtila, P., 2014. Crime linkage as expert evidence–making a case for the Daubert standard. Crime linkage: Theory, Research, and Practice, CRC Press, Boca Raton, FL, pp.225-50.

Pdfs.semanticscholar.org. (2018). [online] Available at: https://pdfs.semanticscholar.org/b386/f5131178d3e5f916698f62e83837c2587043.pdf [Accessed 29 Jul. 2018].

Poisel, R., Malzer, E. and Tjoa, S., 2013. Evidence and Cloud Computing: The Virtual Machine Introspection Approach. JoWUA, 4(1), pp.135-152.

Rege, A., 2016, June. Incorporating the human element in anticipatory and dynamic cyber defense. In Cybercrime and Computer Forensic (ICCCF), IEEE International Conference on (pp. 1-7). IEEE.

Scanlon, M., Du, X. and Lillis, D., 2017. EviPlant: An efficient digital forensic challenge creation, manipulation and distribution solution. Digital Investigation, 20, pp.S29-S36.

Scanlon, M., Farina, J., Khac, N.A.L. and Kechadi, T., 2014. Leveraging decentralization to extend the digital evidence acquisition window: case study on BitTorrent Sync. arXiv preprint arXiv:1409.8486.

Shaw, A. and Browne, A., 2013. A practical and robust approach to coping with large volumes of data submitted for digital forensic examination. Digital Investigation, 10(2), pp.116-128.

Tøndel, I.A., Line, M.B. and Jaatun, M.G., 2014. Information security incident management: Current practice as reported in the literature. Computers & Security, 45, pp.42-57.

WG, V. (2018). Post-Daubert admissibility of scientific evidence on malingering of cognitive deficits. – PubMed – NCBI. [online] Ncbi.nlm.nih.gov. Available at: https://www.ncbi.nlm.nih.gov/pubmed/11471788 [Accessed 29 Jul. 2018].