The coursework is to be completed in groups of 2. This is to simulate team working that would be present in the Computer Forensics industry. Each group will need to complete a peer assessment form to document the contribution from each group member. You can complete the coursework as an individual but you must accept that you would have an increased workload. Part 1. Evidence identification. You are required to analyse and interpret the data contained on the pen drive. In particular, you are looking for evidence related to identifying who the pen drive belongs to. If any potential crimes have been committed then what they are and evidence to support your claims. A section called Evidence will be included in your final report and should contain items such as: • Metadata for each of the files found on the pen drive. You need to decide what metadata needs to be recorded for each file type. Marks are awarded for choosing the correct metadata categories and for stating the correct information for the chosen metadata categories; • You need to include a reference for each of the applications used in your investigation; Part 2. Report. In addition to your Evidence section, you are required to present your methodology and findings within your report. Your methodology is the steps you took in the solving of the case. You are required to demonstrate that your evidence is robust and maintains integrity. You should include an overview of your methodology and the programs you used during the investigation. In addition, you must detail any findings and recommendations gained from your analysis with supporting evidence. Your report will be assessed on the following criteria: • Quality of the report. Ensure that the report is laid out in a logical order and that any figures or tables are clear to read. Please ensure that you have spell checked your work before submission; • An overview of your methodology. How did you recover the information that you have used as metadata. You need to explain the process for each file type on the pen drive; • Identification of relevant files. This should be a list of the files that are evidence and include an explanation as to why they are evidence; • The findings and recommendations of your analysis. You need to decide whether there is enough evidence to arrest the suspect for possession, distribution and creation of images of Penguins. Also need to give ideas for further investigation as to what else you would seize, investigate and those you would want to interview. To undertake the investigation, make use of tools and techniques that you have been introduced to in lectures, tutorial and lab sessions, such as the Forensics Toolkit. What you should hand in Report submitted via Canvas. There is no page limit for the report but your report must be 10MB or less. Ensure that you clearly mark all the names and registration numbers of the members of your group on the first page of your submission. You also need to include a peer assessment form to show the contribution of each group member.