ITEC 4341 – Final Project
ITEC 4341 – Final Project
Throughout the semester we have covered a broad range of topics ranging from Criminal
and Civil Law through live network traffic collection and analysis. Digital Forensic Practitioners
specializing in Network Forensics must possess competency in all facets of computing,
networking, and technology systems as a whole, truly making them a “Swiss Army Knife” in the
Information Technology field; however, despite their wide range of knowledge and capabilities,
Network Forensics Practitioners have historically been absent in Cybersecurity Incident
The National Institute of Standards and Technology (NIST) has published two versions
of their Computer Security Incident Handling Guide over the last decade, a guide intended to be
the blueprint for cybersecurity incident response planning; however, the Computer Security
Incident Handling Guide only uses the word “forensics” four times in the discussion on incident
response planning. In footnote 43, the guide states “Evidence fathering and handling is not
typically performed for every incident that occurs – for example, most malware incidents do not
merit evidence acquisition. In many organizations, digital forensics is not needed for most
NIST’s incident response guide was the product of four cybersecurity professionals, Paul
Cichonski, Tom Millar, Tim Grance, and Karen Scarfone, who at the time of publication, had
experience only in the traditional information technology domain. They were all problem
solvers by experience, and with the exception of Ms. Scarfone who possessed a Master’s degree
in Computer Science, they all held Bachelor’s degrees in Computer Science. Their education
and experience taught them to diagnose, fix, and attempt to mitigate cybersecurity threats, and
thus, none of them possessed an understanding of what Digital Forensics, or specifically a
Network Forensics Practitioner, could provide during the incident response process.
Cichonski, Millar, Grance, and Scarfone had a limited understanding of forensics, one
which is shared by many leaders in the Cybersecurity world today. As a whole, the
cybersecurity community believes forensics is only needed to conduct an investigation and/or
when they suspect legal action, criminal or civil, is likely to arise out of an incident; however,
this line of thinking is flawed for two distinct reasons:
- Any incident response is in fact an investigation. Investigating is simply a process of
problem solving, and when an incident occurs, problem solving methodologies are
always utilized to discover the cause of the problem and then correct it.
- The belief that forensics is only needed when legal action is anticipated. When first
responding to a cybersecurity incident, it is impossible to know whether the cause of the
incident is nefarious or benign. Once the process of investigating the issue begins, absent
actions to preserve the integrity of data, the ability to utilize the data in court is
diminished. For this reason, all incident responses should be treated as though they are
criminal actions until proven otherwise.ITEC 4341 – Final Project
In order to combat the misinformation which exists pertaining to the role of Digital
Forensics in the Cybersecurity Incident Response Life Cycle, you will write a whitepaper1 on the
“Role of the Digital Forensic Practitioner in the Cybersecurity Incident Response Life Cycle.”
In this paper, you will be required to present:
- The current Cybersecurity Incident Response Life Cycle. You can present utilize the
NIST life cycle, the SANS Lifecycle, or a combination of the two. You cannot create
your own lifecycle.
- The issue(s) created when Digital Forensic Practitioners are not utilized in each step
of the life cycle. You must address whether or not Digital Forensic Practitioners are
or are not needed within each step, and what specific value they can add to the
Cybersecurity Team for each step.
- A revised Incident Response Lifecycle, which provides the additional
responsibilities/capabilities you propose a Digital Forensic Practitioner will add to
each phase of the cycle. (Note – You do not need to re-list any of the specific
requirements for each phase of the lifecycle if you listed this information in point 1
In order to present the information above, you will need to reference sources we have
used in class and additional outside sources. You should attempt to utilize the best sources
possible, which will come from technical documents and articles, court cases and legal opinions,
as well as academic programs which cover Digital Forensics and Incident Response. A well
written paper will cover both the legal and technical aspects of the need for Digital Forensic
practitioners within or throughout the Cybersecurity Incident Response Life Cycle.
The general structure for this assignment will largely follow the formatting for a
whitepaper outlined on the Purdue University Online Writing Lab website, a link to which is
provided in the footnote below. You WILL NOT be required to include an abstract for this
project. Your final paper will be submitted as one Word Document2 and MUST INCLUDE the
- A Title Page – It will list the title provided above, your name, your course name, number,
and section (ie – Network Forensics: ITEC4341-03), and the date of submission.
1 A whitepaper is a technical paper which is used to propose a solution to a problem, or to present a specific
position on an issue. These are professional documents, that when written appropriately, can effect change within
a profession. For more information on whitepapers
2 Other formats will not be accepted. If you submit assignments as a .zip file, PDF, or anything other than a
Word document, they will not be accepted. All students have access to Microsoft Word through their MGA
Accounts.ITEC 4341 – Final Project
DUE DATE – 11:59 PM, December 1, 2021
a. An introduction paragraph. As this is a professional paper, it should not be a
colorful display of your grasp of the nuances of the English language, but instead
should walk the reader down the road of “this is why you should care and keep
reading” this paper.
b. Background Section. Emphasis on the word “section.” This will be a multiple
paragraph section which explains the background of the issue to the reader,
specifically what is identified in point 1 of the Assignment section above. This
section will also include the problem, which is what is identified in point 2 of the
Assignment section above.
c. Solution Section: Again, a section with multiple paragraphs which outlines your
solution to the problem you presented in your background section, and then
supports your position with relevant references/facts. Your solution must be
clearly communicated, both in what the solution is and how/why it will mitigate
the problem you defined.
d. Conclusion: This will simply be one paragraph which summarizes the paper.
- References Page: You will include a “References” page at the end of your paper. This
should be spaced so as to begin at the top of the page immediately following the end of
your paper. You will utilize APA formatting3 for intext citations and to format your
Other General Formatting Requirements:
Font: Times New Roman, Size 12
Tense: The paper will be written in past tense, meaning you should not use statements
such as “I think, I believe” etc. Instead, conclusive statements should be made such as “The
inclusion of Digital Forensic data practices are necessary to ensure data integrity in every
Spelling/Grammar: Microsoft Word’s built-in spelling and grammar check is an 80%
solution to common errors; however, it will not replace you proof-reading your work. I
would recommend each of you intend to finish writing at least two days prior to the deadline,
and then give yourself a 24-hours mental break before proof-reading your paper. You will
catch the majority of your mistakes this way.
3 Purdue Online Writing Labs American Psychological Association format
(https://owl.purdue.edu/owl/research_and_citation/apa_style/apa_formatting_and_style_guide/general_format.html) ITEC 4341 – Final Project
Your grade will be based on your adherence to the following rubric:
Final Paper Formatting, Structure, and Readability: 15-Points
Paper Includes all sections (Title Page, Introduction, Summary, Solution,
Conclusion, and References)
Paper is at least 6 complete pages in length (not including Title, References, or
1 Paper is in Times New Roman, Size 12 font and double spaced
3 Paper is free or repetitive spelling and grammar errors
7 Paper is readable and flows in a logical manner.
Student identifies and summaries an Incident Response Life Cycle (NIST, SANS, or
combination of the two) This summary should include and overview of what
processes occur within each step of the lifecycle.
Student explains the current problem(s) created when digital forensics practitioners
are not utilized in the Incident Response Life Cycle. Specifically addressing
whether or not an issue exists by not including them in each step of the process.
10 Student addresses both legal and technical implications caused by the problem.
(+) Student uses Figures to help explain concepts
Student takes a well-defined stance on how to solve the problem(s) identified in the
Summary/Problem section above. Student must explain how their solution corrects
or mitigates each issue presented.
Student provides a breakdown of how/where Digital Forensics professionals and
practices should be inserted into the Cybersecurity Incident Response Lifecycle.
Citations and References: 15-Points
Student uses a minimum of 10 distinct references to present their paper. Each
reference can be used more than once; however, the reference only counts one time.
References must be cited in text and listed on the reference page.
5 Student used properly formatted in-text citations IAW APA Format
5 Student properly formatted References Page IAW APA Format
Plagiarism: The Turnitin function has been enabled for this assignment. Plagiarism is a serious
violation of the academic standards established by the University and accepted by each student.
Any student who plagiarizes their work will receive a zero for their Final Project grade and will
be reported for academic dishonesty.
- ITEC 4341 – Final Project