72973 – IYZ Business & Law & Psychology

72973 – IYZ Business & Law & Psychology

IYZ Business & Law & Psychology – GOVERNMENT & SOCIETY: LIPCF016
Programme: IYZ
Module Title: Government & Society
Module Code: LIPCF016 Credit Value: 12
Owning Board: Joint Academic Board (DMU/OIEG)
Faculty: University Wide Learning (DMU)
Course Tutor: Sarah Gannon
Assessment Two: Case Study Report
Individual responses to questions and case studies
Assessment Weighting: 50%
Word Count: 1,200 words (Guidance – not including references, tables/fig’s)
(only up to 10% plus or minus this guidance is allowed)
Assessment outcomes
This assessment will contribute to 50% of the total module marks and cover the following learning objectives:
1. Demonstrate an understanding of the development of the political structure of the UK;
2. Explain the different strands of government within the UK;
3. Show the ways in which British society has changed in the post-war era;
4. Present information in a written format to a specific deadline.
Hand-in date: Week 9 Monday 30th May 2022, 09.00am via Turnitin on Blackboard
A major expectation of all assessments whilst at DMU/DMUIC is that students work in the English language and generate their assignments in the English language. Initial work should be produced in English not a second language. This means that the use of any language generation/translation or websites is discouraged. The use of such tools may be considered Bad Academic Practice and the consequences outlined in the previous section will apply.
Assessment task
You should read the case studies below and provide solutions to the questions which follow it.
__________________________________________________________________
Case study 1
The Mass Media and Political Participation
One of the most obvious ways in which an individual can participate in a political system is to vote. Therefore, levels of turnout are one important measure of political participation. Low turnout is a problem because it brings into question the government’s legitimacy and the strength of its electoral mandate.
It is clear that voters are more likely to turn out to vote when they value the institutions to which individuals are hoping to be elected. This may explain the relatively low levels of turnout at local elections. However, in some cases, intense coverage in the ‘mass media’ can encourage people to turn out in a particular election or constituency, especially when published opinion poll results seem to suggest that the contest is close and every vote might be important.
Case Study Questions:
a) Explain the term ‘mass media’, and state how the mass media may have influenced political participation since the second world war. (20 marks)
Case study 2
Electoral Systems and Democracy
a) ‘The use of referendums in the UK since 1975 has done little to enhance democracy.’ Discuss (20 marks)
b) Explain the arguments for and against the free movement of
labour within the EU. Discuss (20 marks)
Case Study 3
a) Evaluate the idea that racial stereotyping is the main factor in the high rates of crime with reference to the case above and the crime statistics provided. (20 marks)
Case Study 4
a) Outline 3 aims of custodial sentencing. (6)
b) Discuss the Psychological effects of custodial sentencing and the impact this might have on recidivism. (14)

Critical Appraisal of Evidence

Critical Appraisal of Evidence

Assessment 3 Critical Appraisal of Evidence

Further instructions related to this assignment can be found in Appendix B.

 

Due date: By 0900hrs Tue 24 May
Weighting: 50%
Length and/or format: 1200 words – 1500 words
Purpose: The purpose of this assignment is for you to demonstrate your ability in critical appraisal of two research publications.
Learning outcomes assessed: LO3, LO4, LO5
How to submit: Microsoft word format size 12 double spaced

AssignmentTutorOnline

 

Submit assessment to HLSC122 LEO Campus tile into appropriately labelled HLSC122 LEO Campus tile, Assessment task 3 Turnitin Drop Box

Return of assessment Assessments with feedback will be returned electronically within three weeks of the due date.

(for students who submit by the assessment due date)

 

Assessment criteria This assessment task will be graded against a standardised criterion referenced rubric (see Appendix E) Please follow the criteria closely during the planning and development of your assessment task. Please follow the assessment instructions precisely for correct formatting of  your essay. You must use APA 7th style guide for your citations and referencing. Please upload your essay as a Word document via Turnitin in your campus tile Assignment Dropbox.

Principles of Marketing

Principles of Marketing

Page | 1
Module Study Guide
Academic Year 2021–2022
MS4UK41O – Principles of Marketing
Level: 4
Credits: 20
Academic Partner: UK College of Business and Computing

Page | 2
Copyright © 2021 University of West London
Permission granted to reproduce solely for the purpose of teaching and learning at the University of
West London and its approved academic partners.
You are provided with study materials for your personal use only. You must not share these with others
or upload them to websites. Any student who is found to have shared materials, particularly for
personal gain, will be subject to disciplinary action if appropriate.

Page | 3
Table of contents
Key team contact details……………………………………………………………………………………………………4
1 Module overview 5
Introduction…………………………………………………………………………………………………………..5
Module summary content and aims………………………………………………………………………….6
Learning outcomes to be assessed………………………………………………………………………….6
Indicative Contact Hours ………………………………………………………………………………………..7
Placement/Apprenticeship……………………………………………
Error! Bookmark not defined.
2 Assessment and feedback 7
Summative assessment grid …………………………………………………………………………………..8
Assessment brief including criteria mapped to learning outcomes ………………………………..9
Learning materials……………………………………………………………………………………………….13
3 Things you need to know 15
Engagement……………………………………………………………………………………………………….15
Need help, just ask………………………………………………………………………………………………15
Getting support for your studies …………………………………………………………………………….16
Student support…………………………………………………………………………………………………..16
Module evaluation – have your say! ……………………………………………………………………….16

Page | 4
Key team contact details

Module Coordinator Anthony Osei Owusu
Subject Area & School/College UK College of Business and Computing
Email [email protected]
Phone 020 8518 4994
Location Eastgate House, 40 Dukes Street, EC3A 7LP

AssignmentTutorOnline

 

Module/ Course Administrator Florina Izbase
Email [email protected]
Phone 020 8518 4994
Location Eastgate House, 40 Dukes Street, EC3A 7LP

 

Subject Librarian Lucy Birch
Email [email protected]
Phone 020 8518 4994
Location Eastgate House, 40 Dukes Street, EC3A 7LP

The Course Leader overseeing this module is Dev Raj and can be contacted at [email protected].
The Course Directors overseeing this module is Sobhi D’cruz, Dev Raj, George Muwonge, and
can be contacted at
[email protected] , [email protected] , [email protected] .
The Director of Education responsible for this module is David Preston, and can be contacted at
[email protected] .
Page | 5
1 Module overview
Introduction
Principles of Marketing is a level four module, taken by first year students and so it is likely that you are
a new or relatively new student at UWL – so welcome to the University and welcome to Marketing. The
module is well established and previous feedback indicates that most students have enjoyed their first
opportunity to study Marketing in depth. This module seeks to introduce students to the subject. No
previous knowledge of marketing is assumed, although some students may have some experience of
the subject from earlier studies and of course through employment or their own experience as a
consumer. As you will discover marketing and consumption are inextricably linked and so as a consumer
you will find studying marketing helps you to improve the way you live and being a reflective consumer
helps you to study marketing. The University’s modular scheme allows students to combine a variety of
subjects so you may expect to meet and work with students from a number of courses whilst you study
this module.
The tutors who teach Marketing firmly believe that you, the student, need to be active in your participation
and contribution to this module for you and your fellow students to have the most rewarding experience
– from the word go you will be encouraged to “do your part”. This means taking an active interest in the
subject, preparing effectively for classes, voicing your views, responding to the opinions of others
constructively, asking questions, preparing assignments and reflecting on what you have experienced. It
is expected that you attend all lectures and seminars for this module your tutors will help and encourage
you to do this, but above all remember that good learning only really occurs with practice and for that
your tutors rely on your effort. Good luck, my colleagues and I hope you enjoy this module and that it
forms a sound basis for your future studies at UWL.
Module summary content and aims
This introductory module attempts to provide a variety of learning outcomes some of which are
knowledge based, however as with most things in life, just knowing the facts and the theories is not
enough – it’s whether you are able to see their relevance to a variety of situations and make use of them
to improve your decision making. So the key learning that takes place is your application of knowledge
and understanding to a number of realistic marketing scenarios /case studies to which you will be
introduced throughout the module. By taking this module you will get to know and understand the
environment within which a typical marketing manager operates particularly customers and competitors.
You will also learn about how marketing is applied in a range of different contexts – for example, how do

Page | 6
not-for-profit firms engage in marketing? How do firms market themselves in global markets? You will
also be able to identify the type of information required for marketing decision making concerned with
developing appropriate products, promotional campaigns, pricing and distribution policies.
One of the key variables that affect marketers’ decisions is the way in which consumers behave and so
one of the more important outcomes of the module will be to increase your knowledge and understanding
of customer behaviour and appreciate how this might help decision-making. This will include your
involvement in discussions of how customers may be divided into groups with similar behaviour patterns.
Once you have acquired an appreciation of the marketing environment you will be introduced to a number
of concepts, which will help you to evaluate marketing situations concerning products, promotion, pricing
and distribution. Following your assessment of a particular scenario you will be encouraged to say how
you (as a manager) would respond in those circumstances. Besides acquiring marketing knowledge and
skills this module aims to develop your ability to manage your own learning, communicate your views to
your tutor and other students and work effectively in groups.
Expectations
Specific expectations students can have of tutors
:
Tutors will focus on delivering the course content and support student development as autonomous
learners in line with the University mission to inspire our students to become innovative and creative
professionals connecting them to exciting and rewarding careers.
1. Guidance and support
Your tutor will provide you with academic guidance and will help you reflect on your academic
progress so that you get the most out of your studies. Your tutor and student support team will
also provide advice on the wider network of specialist student support services at the
University to help you have the best possible experience during your studies.
2. Confidentiality
Some information may be sensitive. Although it may be necessary to consult colleagues,
University staff will treat such information as confidential and will limit disclosures to the
minimum necessary.
3. Assessment marks and summative feedback
Assessment marks and summative feedback will be given within 3 working weeks from the
assessment submission deadline.

Page | 7
Specific expectations tutors will have of students:
Tutors expect students to fully commit to the learning process both online and in class. We expect
you to follow the University code of conduct and treat all staff, each other and all visitors with
respect and in a manner that is compatible with the University’s Equality and Diversity statement.
1. Engagement
You are expected to attend all the classes and seminars and be punctual. You will
get the most out of your support by working in partnership with your tutor and student support
team. This is a two-way process and by taking part in it fully you will gain more benefits from
your experience at the University. You are therefore, expected to actively participate and
engage in class activities and inform the tutor by e-mail when and if you are unable to attend
any classes.
2. Preparation
You are expected to read any preparation material / attempt any practice questions prior to
lectures/seminars as per instructions given.
3. Professional conduct
You are expected to behave professionally in classes and not cause any disruption that might
affect other students’ learning. You are also expected to communicate with your tutors in a
professional manner.
4. Attempt all assessments
You are expected to attempt all assessments by the submission deadline unless there are extenuating
circumstances (in which case please contact your Course Leader for extension request or mitigation
claim prior to the assessment deadline)
Learning outcomes to be assessed
A Knowledge and understanding
1. Students should be able to find out and state marketing terminology, principles,
classifications, theories/concepts and methodologies at an introductory level

Page | 8
2. Students should be able to refer to and explain in their own words marketing terminology,
principles, classifications, theories/concepts and methodologies relating to simple
marketing contexts
B Intellectual (thinking) skills – able to:
1. Demonstrate knowledge and understanding by giving practical examples of their use in
specific simple marketing situations.
2. Analyse simple relationships between businesses and their markets and make
judgements about simple marketing issues that affect the operation of businesses
3.
4. Formulate simple marketing solutions to problems concerning businesses and their
markets.
C Subject practical skills – able to:
1. Design outline survey methods appropriate to a simple market research scenario
2. Develop simple strategies and tactics appropriate to specific marketing scenarios.
D Key transferable skills – able to
1. Plan and prioritise their learning and assessment activities
2. Express their ideas clearly both verbally and in writing
3. Argue and defend their views both verbally and in writing
Work with others to assess problems and develop solutions to them.
Indicative Contact Hours

Teaching Contact Hours 48 hours
Independent Study Hours 152 hours
Total Learning Hours 200 hours

Page | 9
2 Assessment and feedback
Summative assessment grid
If your course is accredited by a Professional Statutory Regulatory Body (PSRB), the module
requirements will specify the elements of assessment that must be passed and may override
the University regulations. Please speak to your Course Leader for further advice.

Assessment
(insert below type
of assessment as
per the table
above)
Teaching Weeks in
which Assessment
Support Takes
Place (enter each
week no. in a new
row)
Outline of Type
and Form of
Assessment
Support to be
Provided
Student
Preparation
Required Prior to
or After the
Support Session
How will the
Support
Session to be
Delivered

Assessment brief including criteria mapped to learning
outcomes
Assessment 1 – 1,500 words
This assessment is an individual report
In this written report, you are expected to undertake an environmental analysis of an organisation
of your choice in the food retail industry making use of the relevant models and frameworks. Your
report should identify the current position of the organisations in relation to their competitors and the
key issues that is impacting on the said organisation. Please
discuss your selected organisation

Type of
Assessment
Word
Count or
equivalent
Threshold
(if Professional
Body-PSRB
applies)
Weighting Pass
Mark
Indicative
Submission
week
Method of
Submission
& Date of
Feedback
(refer to BB)
Assessment 1
Written
Course work
1500 N/A 50% 40% The last
Friday of
Week 7
15 working
days after
submission
Assessment 2
Written
Coursework
2500 N/A 50% 40% The last
Friday of
Week 14
15 working
days after
submission

Page | 10
with your tutor as early as possible to make sure that you are on the right path
The report will provide the highlights of your work. Harvard Style referencing must be used in the
body of the report and in the bibliography. Further information can be found in the electronic library
through this link:
http://www.uwl.ac.uk/library/finding-and-using-information/referencing/harvardreferencing-guide
Assessment 1 Marking Criteria:

Assessment criteria Maximum
Marks
Introduction and Background –The introduction should include
among others the following information. The purpose of the report,
what the report aims to achieve and the background of the
organisation including the mission and vision.
10%
Environmental Analysis (Macro –Micro) – This should include
information on
internal factors in the company for example,
product issues, marketing issues, management issues. The
external factors should include among others, Political, Economic,
Social, Environmental, Legal, Technological and Competitor
Information.
30%
SWOT analysis to summarise the issues in the external and
internal analysis. Also discuss the
SECONDARY DATA
SOURCES used
to collect your data in this section
30%
Conclusion and Recommendations– Recommendation should
be based on issues being considered as weakness and threats
identified in the SWOT analysis
20%
Report writing style and format, Professionalism and contribution
to group work
10%
Total 100%

Page | 11
Assessment 2
Assessment task: Individual written report weighting: 50%.
Date/time/method of submission: Week 14, online via Blackboard and ‘turnitin’.
Word count or equivalent: 2500 words
Referring to the issues identified in Assessment one, prepare a marketing plan with clear analysis
and strategy as to how your organisation would be able to improve their market share and growth.
The marketing plan should be medium term from 2022-2025. It is recommended that the following
can be followed.
1.
Introduction – This could be a summary of the issues identified in A1 to justify the objectives
for the marketing plan that you will be demonstrate in your report, what you want to achieve
for the company. Therefore, you need to follow the SMART criteria: (Specific: Clear goals.
Measurable: profitability. Attainable: describe the result. Realistic: is it doable? Time: By
when?
2.
Develop the marketing strategy: in this section you provide a strategy to increase market
share/growth of the company, you can use Ansoff marketing growth strategy and be as
creative as possible.
3.
Discuss the marketing Mix: In this section you analyse the company based on the 4Ps.
4.
Discuss the customer driven strategy: In this section you need to analysis the
segmentation, targeting, positioning and differentiation separately.
5. Conclusion
Assessment Criteria

Assessment criteria Maximum Marks
Introduction:
Objectives of marketing plan
5%
Marketing Mix
You should discuss the 4Ps
20%
Marketing analysis BCG 20%
Marketing developing Strategies 20%

Page | 12

(Ansoff matrix /growth strategy matrix)
Customer Driven Strategy
(STPD)
20%
Conclusions 5%
Coherence and presentation 10%
Total 100%

For guidance on online submission of assignments, including how to submit and how to access online
feedback, please refer to the UWL Blackboard student-help pages at:
uwl.ac.uk/blackboardhelp
Learning materials
The reading list for this module is available on Blackboard in the module area and online by searching
https://ulearn.ukcbc.ac.uk/course/view.php?id=83 & uwl.rl.talis.com. This shows real-time availability of
books in the library and provides direct links to online resources, recommended by your lecturer.
Remember to log into Ulearn and Blackboard daily to receive all the latest news and support
available at your module sites!
Subject guides https://ulearn.ukcbc.ac.uk/course/view.php?id=83 are also available to help you find
relevant information for assignments, with contact details of the Librarian for your School.
You are reminded that the College applies penalties to students who commit an academic
offence, in which case the
Academic Offences Regulations will be used to deal with any cases
of academic misconduct including examination offences, plagiarism, use of ghost writing
services and other means of cheating to obtain an advantage.

Page | 13
3 Things you need to know
Engagement
Teaching at UKCBC during the academic year 2021-22 will be conducted face to face and may involve
a range of on site and online teaching and learning activities. Whether you are engaging with teaching
and learning activities on site or via the UKCBC – Ulearn Virtual Learning Environment (VLE), we
expect the same level of commitment and engagement from you. If you are unable to attend scheduled
on site or online activities or complete activities in the time frames set out, you should let your tutors
know. You should aim to stick to assessment deadlines; if you are concerned that you will not be able
to complete your assessments on time, you should talk to your tutors. Your engagement, whether
online or on site, will be tracked and if we see that you are not engaging, we will get in contact with you.
However, we encourage you to let us know if you are having problems so we can work with you to find
solutions and get you back on track as soon as possible. Give yourself the best possible chance to
succeed by engaging with the full range of learning and teaching activities available to you.
Need help, just ask
The College recognises that there are times when you may encounter difficulties during your course of
study and provisions are made to help you. Your Module Coordinator can help with any questions
specifically related to your module. Any query regarding your course can be discussed with your
Course Coordinator.
If you think you will be unable to meet deadlines please talk to us, whether it’s your lecturer, module
coordinator or course coordinator, personal tutor or any member of staff, so they can get you the
support you need to succeed.
You can extend your deadline if you have a good reason why you are not able to submit a piece of
coursework on time,
apply for an extension before your deadline. If an extension is not sufficient and
circumstances beyond your control are preventing you from completing your assessment, then
you can,
apply online for mitigation. To apply for any extension, the links are available on your module
page under Extension tile or you can visit your student portal through Evision (360-degree portal).
Please remember late submission without extension or mitigation may result in penalties depending on
how late it is, see University
Academic Regulations.
You are expected to behave in line with UKCBC expectations, irrespective of whether your interactions
with staff and other students are in person or online. As you will be engaging with others online and
with a range of online materials, it is important to consider how to stay safe online and ensure your
communications are secure and appropriate. If you have any questions about how to manage your
online UKCBC activities, please contact your module coordinator.
If you have an issue about the module, you should speak to your Module Coordinator or Course
Coordinator informally in the first instance. Your Course Representative can also raise your concerns at
Course Committees, which take place each semester. If you are unable to resolve it informally, you
should refer to the Complaints Procedure. The College aims to ensure that issues are resolved
informally as quickly as possible to have minimum impact on your studies.

Page | 14
Getting support for your studies
Throughout your course of study, you will have access to a wide variety of sources of support
depending on your individual circumstances and needs. Your first point of call for getting general
academic support is your Personal Tutor. They would provide academic advice in relation to your
studies and your academic development. This includes One-to-One Academic Support opportunities
helping you to develop skills relevant to your degree. Academic Skills Workshops throughout the year
include the following:
Essay Planning and Writing
Critical Thinking
Reflective Writing
Group Work and Presentation Skills.
Apart from the College-wide support framework, which encompasses the Module Coordinator, Course
Coordinator, the Librarian, and your Course Administrator, you will also have at your disposal the
UKCBC Student Engagement Team.
Student support
In addition to the support listed in the previous section, You are an associate member of UWLSU
https://www.uwlsu.com/ there is also more help offered by UWL Student Support Services. The
Student Hub is located in The Street at St Mary’s Road, Ealing campus
Module evaluation – have your say!
Towards the end of the module you will be invited to provide some anonymous feedback to the Module
Coordinator through an online survey. This is your opportunity to give some direct feedback about the
module through a series of questions and free text. Your constructive feedback will help the Module
Coordinator and teaching team to understand the module experience from your perspective and helps
inform the development of the module. At the end of the survey period, a response to the survey will be
available so that you can see exactly how your voice has been heard.

Organise any additional resource,Organise any additional resource

Organise any additional resource,Organise any additional resource

t, oh, flay,
1 . staff Meting
neseurce Required

AssignmentTutorOnline

It (
A mt’et inn rOOM fOr c14RMOM WOO ft 1044161ed Olikeita% rows A4Ritt t:3 c a 1 resources as rerimi dews, Wank *kW Pollimot 1004ft, powerP ()int pres.eritewm, headeuti
Task 1: Conduct Rotel)la/ Learner instructIon 5 You are running a staff meeting on the three nevi are/ precookiwei kitedtaill in Task 1 of A T34 wmr UMW Use the meeting agenda th.at you created in Ta‘sif 2 Staff fneetwoi 40-4,14 pflv ill 14 communicate the new arstomef see proccdore: to $talf_ You muse ha ie at least three staff rnfritert. (c( $twient$//xifikaiOki 14 a fanmaki1a4 eftiw”.1″41 attending the meeting, Your asSe55/Jr #trli ai6o atttnd the meeting. Organs tome *04 itaa mot Your attendees and your 11116es,sov
1 2
3
Provide the meeting agenda to all attentlieet poof to the meaty% Organise the time and date of the meeting Organise any additional resource: iou require for the tweeting such as laptop, pitipiellar, PowerPoint presentation, chairs, h4ndout5, etc_ In the meeting *0041 must cover ail the meeting agenda items Outnine and espial() an three mew custornef tar ilia 00.414/10,00140101 Include informatioc about the pow*, tte4.im44, (AMNON SAMNA, procedures and how moneormg and conettwif, feedlot* we lciao Ask for employee feedback on each of the three new stariderda procedures, 4 klentity ways tor eacih new poitcy/pfocidure t p,ertonstored 04504$ how 0w new policie5 4(4 v (Aitflutel todr, rf4.4* too 4144§toti cuStomert Mow for question Do emoiloyees Owe arpo awry” 6 make? Any SisipallOM fOf ■MpfelVtintfitt Aftv mow, , outing the rowyliey, you we MOW to denkwistrate the toloPong Wilk 04 knowledge, Mass amitonwer tows needs with stiff Comoniunicite any new practices to sun Use questioning and Intening techniquettiitAws twit feeds& Provide opportuneies for staff to participate m demiwnore mum.
5

service maims Camille the role-play

,0-4,0 fl

,

t, oh, flay,
1 . staff Meting
neseurce Required

AssignmentTutorOnline

It (
A mt’et inn rOOM fOr c14RMOM WOO ft 1044161ed Olikeita% rows A4Ritt t:3 c a 1 resources as rerimi dews, Wank *kW Pollimot 1004ft, powerP ()int pres.eritewm, headeuti
Task 1: Conduct Rotel)la/ Learner instructIon 5 You are running a staff meeting on the three nevi are/ precookiwei kitedtaill in Task 1 of A T34 wmr UMW Use the meeting agenda th.at you created in Ta‘sif 2 Staff fneetwoi 40-4,14 pflv ill 14 communicate the new arstomef see proccdore: to $talf_ You muse ha ie at least three staff rnfritert. (c( $twient$//xifikaiOki 14 a fanmaki1a4 eftiw”.1″41 attending the meeting, Your asSe55/Jr #trli ai6o atttnd the meeting. Organs tome *04 itaa mot Your attendees and your 11116es,sov
1 2
3
Provide the meeting agenda to all attentlieet poof to the meaty% Organise the time and date of the meeting Organise any additional resource: iou require for the tweeting such as laptop, pitipiellar, PowerPoint presentation, chairs, h4ndout5, etc_ In the meeting *0041 must cover ail the meeting agenda items Outnine and espial() an three mew custornef tar ilia 00.414/10,00140101 Include informatioc about the pow*, tte4.im44, (AMNON SAMNA, procedures and how moneormg and conettwif, feedlot* we lciao Ask for employee feedback on each of the three new stariderda procedures, 4 klentity ways tor eacih new poitcy/pfocidure t p,ertonstored 04504$ how 0w new policie5 4(4 v (Aitflutel todr, rf4.4* too 4144§toti cuStomert Mow for question Do emoiloyees Owe arpo awry” 6 make? Any SisipallOM fOf ■MpfelVtintfitt Aftv mow, , outing the rowyliey, you we MOW to denkwistrate the toloPong Wilk 04 knowledge, Mass amitonwer tows needs with stiff Comoniunicite any new practices to sun Use questioning and Intening techniquettiitAws twit feeds& Provide opportuneies for staff to participate m demiwnore mum.
5

service maims Camille the role-play

,0-4,0 fl

MARKING GRID FRAMEWORK

MARKING GRID FRAMEWORK

SHSC MARKING GRID FRAMEWORK
The SHSC generic framework for marking course work is identified below. Marking grids for each of
the academic levels 4 – 7 will be built into the VLE. You will note that the major components appear
at each level but the relative importance of the component in the work as a whole varies.
FHEQ Level 4
You should be able to demonstrate:


appropriate foundational factual knowledge
knowledge of the underlying concepts and principles associated with your area of study, and an
ability to evaluate and interpret these within the context of that area of study
an ability to present, evaluate and interpret qualitative and quantitative data, in order to develop
lines of argument and make sound judgements in accordance with basic theories and concepts of
their subject(s) of study

AssignmentTutorOnline

LSBU Level 4:

Scope of students’ learning is within defined boundaries and uses specified range of standard
techniques.
Learners operate within defined guidelines with limited autonomy.

 

Marking grid Level 4
At level 4 the way in which you present or organise factual knowledge is more important than your
ability to analyse it – the key criteria and the relative weighting of the total percentage available is
as follows:
Coherence, organisation and academic integrity – 40%.
Content, knowledge and evidence of reading – 40%
Conclusion and application to assessment task – 20%
This means that in the first year of undergraduate study, what you know, how you present it and
how you apply the information to practice are almost equally important.

FHEQ Level 5
You should be able to demonstrate:

that you have begun to develop the skills to undertake work that requires the ability to reflect
constructively and critically upon the material presented
knowledge and critical understanding of the principles of your area(s) of study, and of the way in
which those principles have developed
an ability to apply these concepts and principles to practice
knowledge of the main methods of enquiry and ability to evaluate critically the appropriateness
of different approaches to solving problems in the field of study
an understanding of the limits of their knowledge, and how this influences analyses and
interpretations based on that knowledge

LSBU Level 5:

The scope of students’ learning is simple and unpredictable, or complex and predictable, and demands
application of a wide range of techniques.
Learners are sufficiently organised in quality and quantity of disciple, knowledge and skills and academic
opinion, evaluate their own work, report effectively and conduct straightforward tasks autonomously.
They are ready to develop professional working relationships.

 

Marking grid Level 5
At level 5, factual knowledge is still important but you are developing your ability to analyse (break
down) information and begin to synthesize (reconstruct in a different form). So the weighting of
the grid reflect this shift of emphasis.
Coherence, organisation, attention to assessment purpose and academic integrity – 20%.
Content – knowledge and use of literature – 40%
Analysis, synthesis, conclusion and application to practice – 40%

FHEQ Level 6
You should be able to demonstrate:

a systematic and detailed understanding of your field of study which is informed by the professional practice
developments

 

an ability to synthesise material from a number of areas and to take a critical and independent
stance towards it

 



an ability to deploy accurately established techniques of analysis and enquiry within a discipline
conceptual understanding that enables you to devise and sustain arguments, and/or to solve problems
an ability to describe and comment upon particular aspects of current research, or equivalent advanced
scholarship, in the discipline

LSBU Level 6:

The scope of students’ learning is complex and unpredictable, demanding selection and
application from a wide range of innovative or standard techniques using familiar and unfamiliar
data.
Learners have comprehensive and detailed knowledge of major discipline(s) with specialisation

and depth in some areas. They are sufficiently organised to work with complex knowledge/skills
towards a specified purpose and with limited guidance.

They are reflective and have developed critical and evaluative skills. They engage effectively in
professional behaviour.

 

Marking grid Level 6
At level 6, factual knowledge remains important but your level of analysis, synthesis and application
to practice become even more important and this is reflected in the relative weightings shown
below.
Coherence, organisation, attention to assessment purpose and academic integrity – 10%.
Content – knowledge and use of literature – 40%
Analysis, synthesis, conclusion and application to practice – 50%

FHEQ Level 7
You should be able to demonstrate:


a systematic understanding of knowledge which is informed by innovations in professional practice
originality in the application of knowledge, together with a practical understanding of how established
techniques of research and enquiry are used to create and interpret knowledge in the discipline
conceptual understanding that enables the student to evaluate critically current research and advanced
scholarship in the discipline
an ability to evaluate methodologies and develop critiques of them and, where appropriate, to propose new
hypotheses.

 

Marking grid Level 7
At level 7, critical thinking and application to practice are the most important aspects of your ability.
This will require that you demonstrate your ability to critically evaluate a range of situations or tasks
with reference to contemporary literature and that you are able to apply this to the clinical
situation.
The marking grid for level 7 is constructed to reflect the change in emphasis in key criteria
Coherence, organisation, attention to assessment purpose and academic integrity – 10%.
Conceptualisation, content – knowledge and use of literature – 40%
Analysis, synthesis, critical thinking, conclusion and application to practice – 50%

You will see that as you progress through the levels of study it becomes increasingly important to use
literature, to develop skills of critical analysis and critical thinking, especially in relation to practice. As
it is hoped that, ultimately, you might be thinking of writing for publication, presentation is a constant
feature in all levels.
Other forms of assessment, for example presentations, will have additional criteria that will be
identified within the individual module guide.
Students registered with DDS as having a specific learning difficulty (for example, dyslexia, dyspraxia,
dyscalculia, ADHD) and who have support arrangements in place will have your work marked in
accordance with the University’s DDS Marking Policy.

MARKING GRID FRAMEWORK

MARKING GRID FRAMEWORK

SHSC MARKING GRID FRAMEWORK
The SHSC generic framework for marking course work is identified below. Marking grids for each of
the academic levels 4 – 7 will be built into the VLE. You will note that the major components appear
at each level but the relative importance of the component in the work as a whole varies.
FHEQ Level 4
You should be able to demonstrate:


appropriate foundational factual knowledge
knowledge of the underlying concepts and principles associated with your area of study, and an
ability to evaluate and interpret these within the context of that area of study
an ability to present, evaluate and interpret qualitative and quantitative data, in order to develop
lines of argument and make sound judgements in accordance with basic theories and concepts of
their subject(s) of study

AssignmentTutorOnline

LSBU Level 4:

Scope of students’ learning is within defined boundaries and uses specified range of standard
techniques.
Learners operate within defined guidelines with limited autonomy.

 

Marking grid Level 4
At level 4 the way in which you present or organise factual knowledge is more important than your
ability to analyse it – the key criteria and the relative weighting of the total percentage available is
as follows:
Coherence, organisation and academic integrity – 40%.
Content, knowledge and evidence of reading – 40%
Conclusion and application to assessment task – 20%
This means that in the first year of undergraduate study, what you know, how you present it and
how you apply the information to practice are almost equally important.

FHEQ Level 5
You should be able to demonstrate:

that you have begun to develop the skills to undertake work that requires the ability to reflect
constructively and critically upon the material presented
knowledge and critical understanding of the principles of your area(s) of study, and of the way in
which those principles have developed
an ability to apply these concepts and principles to practice
knowledge of the main methods of enquiry and ability to evaluate critically the appropriateness
of different approaches to solving problems in the field of study
an understanding of the limits of their knowledge, and how this influences analyses and
interpretations based on that knowledge

LSBU Level 5:

The scope of students’ learning is simple and unpredictable, or complex and predictable, and demands
application of a wide range of techniques.
Learners are sufficiently organised in quality and quantity of disciple, knowledge and skills and academic
opinion, evaluate their own work, report effectively and conduct straightforward tasks autonomously.
They are ready to develop professional working relationships.

 

Marking grid Level 5
At level 5, factual knowledge is still important but you are developing your ability to analyse (break
down) information and begin to synthesize (reconstruct in a different form). So the weighting of
the grid reflect this shift of emphasis.
Coherence, organisation, attention to assessment purpose and academic integrity – 20%.
Content – knowledge and use of literature – 40%
Analysis, synthesis, conclusion and application to practice – 40%

FHEQ Level 6
You should be able to demonstrate:

a systematic and detailed understanding of your field of study which is informed by the professional practice
developments

 

an ability to synthesise material from a number of areas and to take a critical and independent
stance towards it

 



an ability to deploy accurately established techniques of analysis and enquiry within a discipline
conceptual understanding that enables you to devise and sustain arguments, and/or to solve problems
an ability to describe and comment upon particular aspects of current research, or equivalent advanced
scholarship, in the discipline

LSBU Level 6:

The scope of students’ learning is complex and unpredictable, demanding selection and
application from a wide range of innovative or standard techniques using familiar and unfamiliar
data.
Learners have comprehensive and detailed knowledge of major discipline(s) with specialisation

and depth in some areas. They are sufficiently organised to work with complex knowledge/skills
towards a specified purpose and with limited guidance.

They are reflective and have developed critical and evaluative skills. They engage effectively in
professional behaviour.

 

Marking grid Level 6
At level 6, factual knowledge remains important but your level of analysis, synthesis and application
to practice become even more important and this is reflected in the relative weightings shown
below.
Coherence, organisation, attention to assessment purpose and academic integrity – 10%.
Content – knowledge and use of literature – 40%
Analysis, synthesis, conclusion and application to practice – 50%

FHEQ Level 7
You should be able to demonstrate:


a systematic understanding of knowledge which is informed by innovations in professional practice
originality in the application of knowledge, together with a practical understanding of how established
techniques of research and enquiry are used to create and interpret knowledge in the discipline
conceptual understanding that enables the student to evaluate critically current research and advanced
scholarship in the discipline
an ability to evaluate methodologies and develop critiques of them and, where appropriate, to propose new
hypotheses.

 

Marking grid Level 7
At level 7, critical thinking and application to practice are the most important aspects of your ability.
This will require that you demonstrate your ability to critically evaluate a range of situations or tasks
with reference to contemporary literature and that you are able to apply this to the clinical
situation.
The marking grid for level 7 is constructed to reflect the change in emphasis in key criteria
Coherence, organisation, attention to assessment purpose and academic integrity – 10%.
Conceptualisation, content – knowledge and use of literature – 40%
Analysis, synthesis, critical thinking, conclusion and application to practice – 50%

You will see that as you progress through the levels of study it becomes increasingly important to use
literature, to develop skills of critical analysis and critical thinking, especially in relation to practice. As
it is hoped that, ultimately, you might be thinking of writing for publication, presentation is a constant
feature in all levels.
Other forms of assessment, for example presentations, will have additional criteria that will be
identified within the individual module guide.
Students registered with DDS as having a specific learning difficulty (for example, dyslexia, dyspraxia,
dyscalculia, ADHD) and who have support arrangements in place will have your work marked in
accordance with the University’s DDS Marking Policy.

Comprehensive Review of Tools and Techniques

Comprehensive Review of Tools and Techniques

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/351998718
Network Forensics: A Comprehensive Review of Tools and Techniques
Article in International Journal of Advanced Computer Science and Applications · May 2021
DOI: 10.14569/IJACSA.2021.01205103
CITATIONS
0
READS
1,521
6 authors, including:
Some of the authors of this publication are also working on these related projects:
Information Security and Data Hiding View project
Large for Gestational Age Fetus Prognosis View project
Sirajuddin Qureshi
Beijing University of Technology
21 PUBLICATIONS 26 CITATIONS
SEE PROFILE
Saima Tunio
13 PUBLICATIONS 7 CITATIONS
SEE PROFILE
Faheem Akhtar
Sukkur Institute of Business Administration
62 PUBLICATIONS 230 CITATIONS
SEE PROFILE
Ahsan Wajahat
Beijing University of Technology
12 PUBLICATIONS 15 CITATIONS
SEE PROFILE
All content following this page was uploaded by Sirajuddin Qureshi on 31 May 2021.
The user has requested enhancement of the downloaded file.
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 5, 2021
Network Forensics: A Comprehensive Review of
Tools and Techniques
Sirajuddin Qureshi1, Saima Tunio2, Faheem Akhtar3, Ahsan Wajahat4, Ahsan Nazir5, Faheem Ullah6
Faculty of Information Technology,
Beijing University of Technology, Beijing 100124, China.
1;2;4;5;6
Department of Computer Science, Sukkur IBA University, Pakistan3
Abstract—With the evolution and popularity of computer
networks, a tremendous amount of devices are increasingly being
added to the global internet connectivity. Additionally, more
sophisticated tools, methodologies, and techniques are being used
to enhance global internet connectivity. It is also worth mentioning that individuals, enterprises, and corporate organizations
are quickly appreciating the need for computer networking.
However, the popularity of computer and mobile networking
brings various drawbacks mostly associated with security and
data breaches. Each day, cyber-related criminals explore and
devise complicated means of infiltrating and exploiting individual
and corporate networks’ security. This means cyber or network
forensic investigators must be equipped with the necessary mechanisms of identifying the nature of security vulnerabilities and
the ability to identify and apprehend the respective cyber-related
offenders correctly. Therefore, this research’s primary focus is
to provide a comprehensive analysis of the concept of network
forensic investigation and describing the methodologies and tools
employed in network forensic investigations by emphasizing on
the study and analysis of the OSCAR methodology. Finally, this
research provides an evaluative analysis of the relevant literature
review in a network forensics investigation.
KeywordsNetwork forensics; Tshark; Dumpcap; Wireshark;
OSCAR; network security
I. INTRODUCTION
The evolution of computer networks and the internet has
created many opportunities for the perpetration of cyber-related
crimes. Numerous computing devices are connected to a
complex mesh of computer networks all over the globe. Cyber
attackers are continuously adapting complicated strategies to
perpetuate cyber-related crimes. The nature and the type of
crimes are costly to the affected victims [1]. In some instances,
the committed cybercrimes not only cause significant financial
losses but might also render the affected organization inoperable. Thus, it is essential to have a mechanism of performing
necessary investigation and audit to establish the course and
the perpetrators of the associated cybercrimes. In the context
of cyber-criminal investigations, the mechanism is referred to
as network forensics.
Network forensics is a digital forensic process that involves the investigation, Analysis, and monitoring of computer
networks to discover essential information that helps in the
apprehension of cybercriminals [2]. Network forensics also
helps in gathering necessary and legal information, evidence,
and traces of intrusion detection. In essence, network forensics
helps a cyber-forensic investigator monitor network traffic
and identify any malicious content within network traffic.
Network forensics is data-centric, and thus it is not primarily
restricted to the Analysis of network traffic. Instead, it is also
associated with related concepts, notably mobile forensics,
memory forensics, and host-based forensics [1].
Primarily recent Internet technology advances drive the
evolution of network security and its associated forensic processes and related toolsets. When more facets of our everyday
lives move to electronic networks and databases where they
are vulnerable to illegal activity, there is a growing need
for advanced analytical resources. Some widely mentioned
explanations for the use of network forensics are based on
Analysis of computer systems belonging to victims or
authorities.
Collection of facts for use in court; Recovery of lost
data in the event of software and hardware failure.
Analysis for a computer system after a break-in.
Collection of information about how the computer
systems function for debugging purposes, optimization
of their computer systems The list only scratches the
surface of what network forensics can do in the sense
of risk management and data recovery;
The following example illustrates the critical role that this
technology can play in an investigation process. The companies
usually use different items when it comes to network security.
Such devices typically approach protection from two main
perspectives; detection and monitoring, in other words. Types
of items for protection include firewalls and systems for access
controls. Likewise, the intrusion detection systems and antivirus software are examples of detection products. Although
the used products foil several attacks, novel attacks often
bypass protection products without being detected. Investigating the attacks in these cases is a challenging job. Serious
attackers are, in many cases, skilled at removing evidence.
Consequently, firewall logs and intrusion detection warnings
that miss such attacks entirely or may prove insufficient for a
thorough investigation, mainly when the goal is to apprehend
the attacker.
Network forensics has been suggested in information security literature to incorporate investigative capabilities in
existing networks. This refers to a dedicated research infrastructure that enables network packets and events to be captured
and evaluated for research purposes. Complementation of
the above Network Security optimization is performed. The
forensic network is of significant importance to companies
worldwide. On the one hand, it helps learn the specifics of
www.ijacsa.thesai.org 879
j P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 5, 2021
recent threats, ensuring that potential attacks are thwarted.
Furthermore, network forensics is essential to investigate the
abuses of insiders that constitute the second most costly model
of corporate assault. Lastly, law enforcement refers to network
forensics for cases in which a device or digital machine is
either the object of a crime or used to carry a criminal offense.
Network forensics is a complex phenomenon that needs
the utilization of a variety of tools and methodologies. It is
thus essential to have a good understanding of how these tools
and techniques can aid in the process of network forensics
and the discovery of malicious activity and intrusion attempts.
This paper aims to provide a comprehensive description of
network forensics’ concept to understand the tools and methodologies used. Emphasis is based on giving a vivid portrait of
the OSCAR methodology as used in network forensics. An
analysis and review of critical related works that illustrate the
practical implementation of the network forensics concept are
extensively discussed.
II. R
ELATED WORK
The field of network forensics attracts diverse interests
that ultimately have led to the publication of various research
works aimed at bridging the knowledge gap within the topic
domain. In particular, much of the related works in the field of
network forensics is related to security. It is essential to note
that any network provided that is connected to the internet is
prone to a variety of cyber-attacks. The attacks are generally
designed in such a way that they exploit ay vulnerabilities
within the network. A forensic investigator is thus tasked with
the responsibility of coming up with essential strategies to
perform a comprehensive network forensic process to identify
potential cases of network intrusion [3]. In addition to the
fact that the legislature has borne some of the cost of crime
prevention, company secrets are compelled to utilise the most
dynamic security measures available to secure their essential
information [4].The advent of information and communication
technologies has ushered in a new era of human existence
known as the information society. As the most well-known
product of this community, cyberspace has provided people
with enormous opportunity to search for and store large
volumes of data. This has not only improved the visibility of
information, particularly scientific and economic conclusions,
but it has also resulted in an increase in targeted cyber-attacks
aiming at gaining unauthorised access to such sensitive data.
Meanwhile, the concept of safeguarding trade secrets has taken
on new significance as information with independent economic
or competitive worth [5]. One of the numerous issues that trade
secrets have produced as valuable and sensitive knowledge as a
result of the expanding space of information and communication interchange is the widespread response of governments
to the use of coercive instruments with powerful deterrent
effects, such as Terry’s case [6]. This research comprehensively
discusses it as discussed in the related domain [7], [8], [9],
[10], [11].
A. Network Security and Network Forensic
Apart from assisting in identifying and apprehending cyberterrorists and attackers, network forensics also plays a significant role in extending the security model within a network. As
noted by Almulhem, network forensics helps network administrators to enhance the prevention and detection of network
and cyber-related attacks. In essence, network forensics makes
it possible to perform a comprehensive vulnerability analysis
process to identify potential threats facing a network [12].
Almulhem adds that network forensics is more associated
with a security model than a product or service aimed at
enforcing security or network prevention. Instead, network or
digital forensics emphasizes the design and implementation of
methodologies, tools, and concepts that aim to enhance the
process of forensic investigation [12].
Kilpatrick et al. suggest the implementation of SCADA
(supervisory control and data acquisition systems that form
a vital infrastructure for network forensics [13]. SCADA
networks are essential for forensic investigations in that the
underlying architecture makes it possible to analyze, monitor,
and monitor network behavior [13]. In particular, the SCADA
network forensics makes it possible to design and build robust SCADA networks. This is because traffic analysis is an
essential constituent of the architecture of a SCADA network.
Network forensics also plays a significant role in the implementation of security mechanisms in the machine to machine
networks (M2M) [14]. M2M networks utilize artificial intelligence and machine learning to improve the communication
process. Network forensics is used to identify security issues
in M2M networks by implementing two distinct modules;
forensic and attack detection module. Further, a forensics
strategy that uses anti-distributed honeypot is used to aid in
detecting and preventing DDoS attacks [14].
To illustrate and reiterate the importance of network forensics investigations, it is paramount to review several case
studies whereby the concept has been adequately implemented.
Particularly, Kurniawan and Riadi [15] managed to explore and
device a unique framework upon which it was made possible
to utilize the concept of network forensics to analyze and
identify the behavior of the notorious Cerber Ransomware.
The approach is aimed explicitly at establishing an attempt to
reconstruct the timestamp of an attack [15]. Focus is placed on
the need to exact malware deemed to have infected a particular
network host. The eventual results indicate that analysis of
network forensics behavior can identify patterns of infections,
exploits channels, and the ultimate payload associated with the
Cerber Ransomware.
1) Network Security Forensic Mechanisms: A firewall
within a network environment provides a network forensic
investigator with a perfect opportunity to conduct a comprehensive analysis of all the previous network intrusion attempts.
As noted by Messier, the majority of firewall systems are
equipped with the ability to either implement the software
capability in UNIX or Windows [16]. Consequently, a forensic
network investigator can either analyze Syslog or Event Logs
files to identify and analyze the nature of intrusion activities
within and targeted towards a network. An analysis of firewall
logs is also essential. It greatly assists in identifying the existing security vulnerabilities and eventually enables the security
administrator to develop essential security enhancements.
Bensefia and Ghoualmi reiterate the importance of having
a unique branch of network forensics primarily dedicated to
analyzing firewall logs [17]. Firewall forensics is a dedicated
www.ijacsa.thesai.org 880
j P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 5, 2021
effort aimed at analyzing firewall logs with the specific objective of gaining useful insights regarding the nature of attacks
identified and blocked by the network firewall. While the
contents of a firewall log file might be difficult to decode,
it is noteworthy to provide essential information that will
eventually help a cyber-forensics investigator apprehend a
suspected cybercrime offender.
2) Honeypot Forensics: A honeypot is a specialized part
of a computer or network system that is designed is such a
way that it appears and seems to have critical and sensitive
information. At the same time, in a real sense, it is mainly
isolated from the main network. An elaborate illustration of
how a honeypot device(s) is placed in a network is indicated
in Fig. 1. It is worth noting that most of Honeypot’s services
are secret though it is difficult to assert their suspicious nature
[18]. Honeypots are considered to be essential components
that help to enhance the security of an organization [19].
Having a honey port within a network makes it possible for
a forensic investigator to conduct a comprehensive analysis
of all the possible network-related activities and logs carried
throughout the honeypot device. Additionally, network forensic
investigators are in a good position to perform a comparative
analysis of the data obtained from the Honeypot with similar
data extracted from other network devices. A network forensic
investigator must perform a comprehensive analysis of the
existing honeypots in a network whereby the interaction level
can be categorized as low, medium, or high level.
Network forensics is restricted to the analysis of firewalls
and honeypots systems, but instead, it is widely applicable
among most popular network devices. IDS and IPS are perhaps
some of the most common types of devices and systems that
are commonly targeted by a network forensic investigator
to obtain essential cyber forensic evidence that will culminate with the apprehension of a cyber-forensic offender [19].
Routers and switches also provide essential value in that it is
possible to obtain essential intrusion information from MAC
address tables, ports, and routing tables, among others. Web
proxies, as well as, special types of servers such as DCHP,
name, and application servers also provide a network forensic
investigator with rich information aimed at obtaining crucial
cyber forensics evidence [19].
III. N
ETWORK FORENSICS
Network forensics is a scientific method used to discover
and retrieve information with evidential value and is used
to solve a cyber-crime or apprehend a cyber-criminal. The
evidence is retrieved from network and computing devices
such as hard disks, routers, switches, memory devices, wireless devices, and mobile devices. Table I provides additional
information related to possible viewpoints based on potential
areas where the forensic investigation could be performed.
Network forensics differs from intrusion detection in that the
gathered evidence should be admissible in a court of law and
thus should satisfy both legal and technical requirements [20].
Consequently, for forensic evidence to be accepted in a court
of law, it must be authentic, relevant, complete, reliable, and
believable. It is also noteworthy that the tools and techniques
used to perform network forensics should also meet a court of
law’s legal and technical requirements.
While intrusion detection helps strengthen and improve a
computer network’s security, network forensics is primarily
associated with the need to identify the evidence related to
a security breach. In most cases, network forensics helps to
solve matters related to cyber-terrorism, child pornography,
narcotics, homeland security, online fraud, and corporate espionage, among others [21]. Public police mostly use the
evidence obtained from network forensics and private investigators working for individuals, businesses, law enforcement
agencies, and even the military [20]. It is also essential to
note that business organizations and the military might also
use network forensics to ensure continuity and availability of
core services. In this context, network forensics help to identify
vulnerabilities in corporate networks that make it convenient
to implement the necessary security enhancements.
The context of the discussion offered in the paper is to
explore the investigative purposes of network forensics. The
investigation process starts with identifying a malicious activity
upon which the evidence is then collected and preserved. The
forensic activity proceeds to examine and analyze the evidence
to establish the source and the nature of the malicious activity.
Finally, the evidence is reported and presented to the relevant
stakeholders and eventually used to make the required decision.
All the essential processes involved in network forensic investigation are strategically executed using OSCAR principles that
are explained in the next section.
IV. N
ETWORK FORENSICS METHODOLOGY (OSCAR)
To ensure that forensic evidence is both accurate and
reproducible, the OSCAR methodology of Network Forensics
Investigation is applied. OSCAR [22] is an acronym that stats
for,
O for Obtaining Information
S for Strategizing
C for Collecting Evidence
A for Analyzing Evidence
R for Reporting
Fig. 2 illustrates the flow chart model for the OSCAR
methodology.
A. Obtaining Information
This stage is associated with obtaining information regarding the incident itself and the environment in which the
event took place. It is essential to collect as much information
about an event to know exactly what took place. Usually, it
is advisable to collect information on the description of the
incident, time, date, and how it was discovered [15]. Other
entities related to the event include the systems, persons, and
devices involved and the summary of actions taken after the
incidence discovery. It is also essential to note details about the
review of discussions made, any legal issues, and the identity
of the incident manager. The environment helps the forensic
investigator have a good understanding of the organization’s
response towards an incident and the stakeholders who should
be involved in the investigation process [23]. It is thus vital
to collect as much information related to the organization as
www.ijacsa.thesai.org 881
j P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 5, 2021
Fig. 1. Logical Placement of a Honeypot within a Network.
TABLE I. P
RESENTS ADDITIONAL INFORMATION RELATED TO POSSIBLE VIEWPOINTS BASED ON POSSIBLE AREAS WHERE FORENSIC INVESTIGATION
COULD BE PERFORMED

View Point Nature of Forensics
Application
System
Hardware
Internet browser, email, register files, application software, virus, worm, Trojans,
and files (slack, erased, and swap)
UNIX, Windows, log system, and audit system
PC, PDA, printer, router, switches, firewall, and IDS

AssignmentTutorOnline

Processing Victim’s, intermediate’s, and attacker’s side
Fig. 2. Network Forensics Investigation Methodology (OSCAR).
possible. Relevant information includes the business model,
any legal issues, available resources, communication systems,
network topologies, and the procedures and processes used for
incidence response management.
B. Strategy
Strategy requires the formulation of a detailed plan on
how to carry out the investigation. Strategizing also details
how evidence will be acquired [15]. This should be done
using various criteria, mainly because pieces of evidence from
different sources have varying levels of volatility. As indicated
in Table II, the acquisition of proof should be based on several
parameters such as source, the effort required, volatility, and
the expected value. Evidence prioritization is vital because
it helps the forensic to establish the priority of assigning
personnel and resources required in network forensics. An
important aspect worth noting is that each organization has
different policies associated with data retention, access, and
configurations [22]. Consequently, the evidence prioritization
should be based on specific organizational policies. When
formulating an evidence acquisition strategy, it is paramount
to consider the following tips.
www.ijacsa.thesai.org 882
j P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 5, 2021
Understand the goal of investigation and time frame
List of your recourses
Prioritize your evidence acquisition
Estimate the value and cost of obtaining evidence
Identify sources of evidence
Plan to initial analysis
Keep in mind that network forensics is a process that
can be performed reiteratively
C. Collecting Evidence
The strategizing step requires the formulation of an acquisition plan and prioritization of evidence sources. Evidence
used in network forensics can be obtained either from the end
or intermediate devices [22]. In the former, the evidence can
be gathered from the attacker’s or the victim’s devices, while
in the latter, evidence can be obtained from third-party devices
and networks. A summary of the probable sources of evidence
is provided in Table III.
The next step is to collect evidence from the identified
sources using the established priority. Consequently, three
vital components must be considered, notably documentation
capture, and store or transport.
Documentation: This means that all actions, including a
list of all systems, files, and resources, should be carefully
logged. It is also essential to maintain self-descriptive notes
that make it easy to identify the collected evidence. The
descriptive content should contain the date, time source, investigating officer, and the method used to acquire the evidence.
Ensure that all devices accessed and all actions were taken
during the gathering of evidence are kept to a careful log.
Your notes must be kept appropriately and can be cited in
court. If the case is not going to court, the notes will also be
very helpful during the review. Make sure to document the
date, time, source, acquisition process, investigator name(s),
and custody chain.
Capturing: evidence involves ensuring that the data or
network traffic packets, as well as logs, are written to a hard,
CD, or removable hard drive. Network forensics tools such as
Wireshark and tcpdump are used to capture data packets [15].
Store/Transport: implies that the evidence should be stored
in a secure place to maintain the chain of custody. It is essential
to keep updated and signed log containing the details of all the
parties who have obtained access to the evidence. Care should
also be exerted when handling and disposing of evidence to
maintain its integrity, reliability, and admissibility before a
court of law.
TABLE II. PRESENTS EXAMPLE OF PRIORITIZATION OF EVIDENCE THAT
LIST POSSIBLE SOURCES OF PROOF IN THE CASES, THE PROBABLE
VALUE, LIKELY EFFORT OF OBTAINING AND THE EXPECTED VOLATILITY.
F
OR EVERY INVESTIGATION THESE PRINCIPLES WERE SELECT DISTINCT

Source of Evidence Likely value Effort Volatility Priority
Web Proxy Cache
Firewall logs
ARP tables
High
High
Low
Low
Medium
Low
Medium
Low
High
1
2
3

In summary, the following tips are crucial during the
process of evidence collection.
Obtaining evidence as soon as possible.
Make verifiable steganography copies of collected
evidence.
Use reliable and reputable tools
Document everything, which helps you later.
Keep secure your notes and hide the original under
restricted custody and access.
D. Analyze
The strategizing step requires the formulation of an acquisition plan and prioritization of evidence sources. Evidence
used in network forensics can be obtained either from the end
or intermediate devices [22]. In the former, the evidence can
be gathered from the attacker’s or the victim’s devices, while
in the latter, evidence can be obtained from third-party devices
and networks. A summary of the probable sources of evidence
is provided in Table III.
The next step is to collect evidence from the identified
sources using the established priority. Consequently, three
vital components must be considered, notably documentation
capture, and store or transport.
Documentation: This means that all actions, including a
list of all systems, files, and resources, should be carefully
logged. It is also essential to maintain self-descriptive notes
that make it easy to identify the collected evidence. The
descriptive content should contain the date, time source, investigating officer, and the method used to acquire the evidence.
Ensure that all devices accessed and all actions were taken
during the gathering of evidence are kept to a careful log.
Your notes must be kept appropriately and can be cited in
court. If the case is not going to court, the notes will also be
very helpful during the review. Make sure to document the
date, time, source, acquisition process, investigator name(s),
and custody chain.
Capturing: evidence involves ensuring that the data or
network traffic packets, as well as logs, are written to a hard,
CD, or removable hard drive. Network forensics tools such as
Wireshark and tcpdump are used to capture data packets [15].
Store/Transport: implies that the evidence should be stored
in a secure place to maintain the chain of custody. It is essential
to keep an updated and signed log containing the details of
all the parties who have obtained access to the evidence.
Care should also be exerted when handling and disposing of
evidence to maintain its integrity, reliability, and admissibility
before a court of law.
In summary, the following tips are crucial during the
process of evidence collection.
E. Report
This is perhaps the most crucial aspect of forensic investigation primarily because it helps to convey the results to the
concerned parties. Thus, it is vital to present the report in a
manner that can be understood by a lay and non-technical
www.ijacsa.thesai.org 883
j P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 5, 2021
TABLE III. PROVIDES EVIDENCE USED IN NETWORK FORENSICS THAT CAN BE OBTAINED EITHER FROM THE END OR INTERMEDIATE DEVICES

Affiliation Source
End side (attacker and/or victim side)
Intermediate
Operation system audit trail, system event log, application event log, alert log,
recovered data, and swap files
Traffic data packets, firewall log, IDS log, router log, and access control log

TABLE IV. TOOLS & DEVICES USE FOR VARIOUS TESTING APPLICATIONS

Device/Tool Usage Software/OS Version Company/Developed
Mac-Book Air
iPad
Charles Proxy
Wireshark
Burp Suite
Windows Laptop
NetworkMiner
Create a test network, host proxies
Test device connected to test network
Capture/save live network traffic
Capture/save live network trafficv
Capture live network traffic
Network forensics of iOS apps
Analyze network traffic
macOS Siera (10.12.6)
iOS 11.2.6
4.2.5
2.6.0
1.7.33
Windows 10
2.3.1
Apple
Apple
Karl von Randow
Wireshark
PortSwigger Security
Windows
NETRESEC Erik Hjelmvik

audience. Additionally, the report should be not only factual
but also contains defensible details. The report’s technical
information and results should be explained thoroughly to aid
in the decision-making process.
V. N
ETWORK FORENSIC TOOLS
Network forensic tools help in network investigation to
gather essential information about an intrusion activity. These
tools are used to analyze network traffic to identify the nature
and type of activities within the network over a specific
duration [45]. The forensic tools are designed so that they are
compatible with network hardware devices such as firewalls,
thereby making it possible to collect and preserve network
traffic.
Additionally, these tools are equipped with the ability to
perform a quick analysis of network traffic. Network forensics tools can be categorized based on either host-based or
network-wide-based. Additional categories include generalpurpose tools, specific tasks tools, or libraries/framework tools
[46]. A review of the most frequently used network forensic
tools is summarized in Table IV. The following subsections
discuss them comprehensively.
A. Wireshark
Wireshark is an open-source graphical user interface application software tool designed to capture, filter, and analyze
network traffic. It is easy to use, and thus it is helpful in
the analysis of network forensics data. Wireshark has more
packet filtering capabilities, decoding protocol features, and
packets detail markup language (PDML). In Wireshark, it
is possible to view network packets as they are captured in
real-time. Wireshark also shows the results of lost pockets
due to CPU power [47]. Wireshark can be used as several
instruments in one Anwendung. Program. You will use it to
evaluate the structure of Network traffic checking for potential
security flaws And assaults on health. This can detect other
types of Encapsulation, isolation, and show of all fields in the
Packet network. You have all those powerful capabilities. Do
you think Wireshark’s hard to know? For specific instances,
Respect it, but you can quickly learn how to use it, the filters
with the app, and how to use them Packets unique to the
network. Filters in WireShark refer to Berkeley Packet Filters.
That is simply a language for microprogramming Compiled
against packets and executed at run time Taken off by software
like tcpdump and Wireshark. Primarily, filters are used to
separate a Quite small parcel set among a large number of
Packets focused on search criteria. The filter is compiled
to run as best Quality, significant when you are doing a
quality Real-time grab. Filtering is for others WireShark’s
most essential features since it makes Achieving two purposes:
selectively collecting the packets From the network, and to
locate interested parties Packages [47][48] [49].
B. Tshark
Tshrak is a command-line tool used for data network
protocol analysis. It helps to capture traffic from a live data
network and read traffic information from saved packet data
files. It can also print a decoded form of network packets to a
quality output or writes the packet to a pcap file. For instance,
tshark can capture data traffic on the network interface “eth1”
filtering out all traffic from port 22 and sorting the results
in the file “test1.pcap. # tshark I eth1 w test1.pcap” not
port 22. Capture on eth1 235. Tshark is a packet capture
application that can potent-sensing and explain pcap scrutiny
functionality. It captures packet-data from an alive network
or inspects packets from an earlier trapped file and decodes
those packets’ form into the standard output file. The default
capture file format built into TShark is pcap. Weka consists
of data pre-processing, classification, regression, clustering,
correlation and visualization methods that are well-suited to
the creation of new schemes [22] [50] [51].
C. Dumpcap
The dumpcap is a network traffic analysis tool, which is
designed to capture data packets. It is a Wireshark distribution
tool, which comes in command-line. The tool captures traffic
from a live network and is equipped to write the output in
a pcapng file format. Dumpcap has the added advantage of
using fewer system resources, making it possible to boost the
capture capabilities. Table V provides a summative analysis of
popular tools used for network forensics [47].
D. Network Forensic Analysis Tools (NFATs)
Network Forensic Analysis Tools (aka NFATs) allow network investigators and system administrators to track networks
and gather any anomalous or malicious traffic information.
Such tools synergize with network infrastructure and network
www.ijacsa.thesai.org 884
j P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 5, 2021
TABLE V. MOST COMMONLY USED TOOLS TO SUPPORT VARIETY OF NETWORK FORENSIC INVESTIGATIONS

Tools Open Sourece/
Proprietary
software
Plateform Website Attributes
TCPDump
Win dump
[24], [25]
Ngrep [26], [27]
Wireshark [28]
[29] [28]
Driftnet [28]
NetworkMiner
[30] [31]
Airmon-ng.
Airodump-ng
& Aireplay-ng.
[32] [33]
Kismet [33]
NetStumbler [34]
Xplico [35]
DeepNines [35]
Sleuth Kit [36]
Argus [33]
Fenris [31]
Flow-Tools [30]
EtherApe [31]
Honeyd [37] [38]
SNORT [24], [25]
Omnipeek/
/EtherPeek [37]
Savant [31]
Forensic Log
Analysis-GUI [31]
Dragon IDS [39] [40]
Infinistream [40]
RSA En Vision [31]
NetDetector [41] [42]
NetIntercept [43]
NetWitness [44]
Open Source
Open Source
Open Source
Open Source
Open Source
/Prop
Open Source
Open Source
Open Source
Open Source
Proprietary
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Open Source
Proprietary
Proprietary
Open Source
/Prop
Proprietary
Proprietary
Proprietary
Proprietary
Proprietary
Proprietary
Unix/Windows
Unix
Unix/Windows
Unix/Windows
Windows
Unix
Unix/Windows
Windows
Unix
Unix
Unix
Unix
Unix
Unix
Unix
Unix
Unix/Windows
Windows
Appliance
/Windows
Unix
Unix
Appliance
Appliance
/Windows
Appliance
Appliance
Windows
www.tcpdump.org
http ://ngrep.sourceforge.net
www.Wireshark.org
www.backtrack-linux. Org/backtrack-S-releue
[Release 3, August 2012]
www.netresec.com/?page=NetworkMiner
www.backtrack-linux. Org
/backtrack-S-releue [Release 3, August 2012]
www.kismetwireless.net
www.netstumbler.com
http://packetstormsecuity.org/files/tags/forensics
www.deepnines.com
www.sleuthkit.org
www.qosient.com/argus
http://camtuf.coredump.cx/fenris/whatis.shtml
www.splintered.net/sw/flowtools
http ://etherape.sourceforge.net
www.citi.umich.edu/u/provos/honeyd
www.snort.org
www.wildpackets.com
www.intrusion.com
http://sourceforge.net/projects/pyflag
www.enterasys.com
www.netscout.com
www.emc.com/security/rsa-envision.html
www.niksun.com
www.nikson.com/sandstom.php
www.netwitness.com [www.rsa.com]
F
F
F
F
F
F
F L R C
F L R C
F
F
F
F
F R C
F L
F
F L
F
F
F
F L R
F R
L
F R L C
F R C
F L R C A
F R C A
F R C A
F L R C A

appliances, such as firewalls and IDS, to make it possible to
maintain long-term network traffic records. NFATs allow for
rapid analyzes of patterns detected by network security tools.
VI. S
YSTEM TYPES ARE USED TO GATHER DATA /
T
RAFFIC FROM THE NETWORK
Two types of Network traffic collecting data systems can
be “stop, look and listen” or “catch-it-as-you-can.”
“Catch-it-as-you-can”: All packets are sent to the database
through a traffic point where they are stored in. The analysis is
then conducted on stored data. Data from the analysis is also
stored in the database. The data saved can be preserved for
future review. Nevertheless, it should be noted that this type
of device demands a considerable storage capacity.
The “stop, look and listen” method is different from the
“catch-it-as-you-can” approach because only data is stored
in the database needed for analysis. The incoming traffic in
memory is filtered and processed in real-time, meaning this
device needs less storage and a much faster processor.
Since the two systems need ample storage space, it is
necessary to weigh and address privacy issues with the “catchit-as-you-can” system. This program also collects user data;
however, ISPs are prohibited from receiving or revealing
information without user permission.
VII. C
HALLENGES RELATING TO NETWORK EVIDENCE
Network-based evidence faces specific challenges in many
fields, including collection, storage, content, privacy, confiscation, and admissibility. Below we’ll cover some of the
significant issues Below.
Collection : Within a network environment, clear proof
can be hard to locate. Networks include as many bits of data
as possible; from wireless devices to web proxies to big log
servers; which often makes it difficult to determine the proof’s
correct position. Even if you know where a specific piece of
evidence exists, it can be difficult for political or technological
purposes to access it.
Storage: Commonly, the network of computers can not use
permanent or secondary data. As a result, the data they hold
can be so fragile they won’t survive a computer reset.
Content: Unlike files, management to contain all file contents and their metadata, network devices with the desired
degree of granularity may or may not store information.
Network computers also have minimal storage capacity, instead
of full data records that have crossed the network, only selected
transaction or data transfer metadata are typically retained.
Privacy: Legal problems related to personal privacy occur unique to computer network-based retrieval techniques,
depending on the jurisdiction.
Sezure: Seizing a hard disk may disturb a person or an
www.ijacsa.thesai.org 885
j P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 5, 2021

organization. Nonetheless, it is also possible to design and
implement a replica of the original, so that critical operations
[7] F. Akhtar, J. Li, M. Azeem, S. Chen, H. Pan, Q. Wang, and J.-J. Yang,
“Effective large for gestational age prediction using machine learning
techniques with monitoring biochemical indicators,”
The Journal of

can continue with minimal disruption. Seizing a networked
device can be even more damaging. A whole part of the
network can be downgraded indefinitely for more extreme
situations. Investigators can, however, minimize the impact on

computer network operations in such circumstances. 2018.
[9] F. Akhtar, J. Li, Y. Pei, A. Imran, A. Rajput, M. Azeem, and Q. Wang,

Admissibility: For criminal and civil cases, evidence-based
on file systems is now widely acknowledged. So long as

the evidence stored on the file system is legitimate collected,
adequately interpreted, and relevant to the case, there are clear
precedents for the processing and presenting the evidence in
court. In comparison, network forensics is a modern approach
4317, 2019.
[10] A. Imran, J. Li, Y. Pei, J.-J. Yang, and Q. Wang, “Comparative analysis
of vessel segmentation techniques in retinal images,”
IEEE Access,
vol. 7, pp. 114 862–114 887, 2019.
[11] J. Li, L. Liu, J. Sun, H. Mo, J.-J. Yang, S. Chen, H. Liu, Q. Wang,

to automated investigations. There are often contradictory
or even non-existent legal precedents for accepting different
kinds of facts based on the digital network. With time, digi

tal network-based testimony becomes more prevalent, setting
precedents for the case and standardizing them.
[12] A. Almulhem, “Network forensics: Notions and challenges,” in 2009
IEEE International Symposium on Signal Processing and Information
Technology (ISSPIT)
. IEEE, 2009, pp. 463–466.
[13] T. Kilpatrick, J. Gonzalez, R. Chandia, M. Papa, and S. Shenoi,
“An architecture for scada network forensics,” in
IFIP International
VIII. CONCLUSION

Network forensic investigation is an essential process that

helps a cyber-forensics investigator to obtain, analyze, eval
uate, categorize, and identify crucial evidence. It ultimately
makes it possible to apprehend a cyber-criminal or any person
suspected of committing a cyber-criminal offense. Conse
[14] K. Wang, M. Du, Y. Sun, A. Vinel, and Y. Zhang, “Attack detection and
distributed forensics in machine-to-machine networks,”
IEEE Network,
vol. 30, no. 6, pp. 49–55, 2016.
[15] A. Kurniawan and I. Riadi, “Detection and analysis cerber ransomware
based on network forensics behavior,”
International Journal of Network

quently, it is paramount for a network forensic investigator
to consider adopting and utilizing an efficient and robust
forensic network investigation methodologies that ultimately
help improve the investigation process. As intimated in this
research, the OSCAR methodology provides a forensic inves

tigator with essential tools and guidelines that determines the
approach, methods, and strategies used to obtain, strategize,
collect, analyze, and report the findings of a network forensics
investigations. It is also paramount for the network forensic
Springer, 2011, pp. 470–484.
[18] S. Krasser, G. Conti, J. Grizzard, J. Gribschaw, and H. Owen, “Real
time and forensic network data analysis using animated and coordinated
visualization,” in
Proceedings from the Sixth Annual IEEE SMC Infor
mation Assurance Workshop
. IEEE, 2005, pp. 42–49.

investigation process to follow and be executed using essential
tools such as Wireshark, tshark, Burpe Suite, and tcpdump
that tends to help in simplifying and improving the forensics
investigation process. Future work: To developed a tool-kits

that parse various network protocols commonly used in various
sorts of different networks are required. And, because most
data in networks is volatile, it may be necessary to preserve
or document it selectively in advance to speed up the forensic
process.
informaticos,” Ph.D. dissertation, Universidad Central” Marta Abreu” ´
de Las Villas, 2014.
[21] W. Ren, “Modeling network forensics behavior,”
Journal of Digital
Forensic Practice
, vol. 1, no. 1, pp. 57–65, 2006.
[22] S. Davidoff and J. Ham,
Network forensics: tracking hackers through
cyberspace
. Prentice hall Upper Saddle River, 2012, vol. 2014.
[23] J. Buric and D. Delija, “Challenges in network forensics,” in
2015
38th International Convention on Information and Communication
Technology, Electronics and Microelectronics (MIPRO)
. IEEE, 2015,
pp. 1382–1386.
[24] P. Arlos and M. Fiedler, “A comparison of measurement accuracy for
dag, tcpdump and windump,”
available online at Blekinge Institute of
Technology (Sweden)¡ www. its. bth. se/staft/pca
, 2007.
[25] P. Goyal and A. Goyal, “Comparative study of two most popular packet
sniffing tools-tcpdump and wireshark,” in
2017 9th International Con
ference on Computational Intelligence and Communication Networks
(CICN)
. IEEE, 2017, pp. 77–81.
[26] D. Dittrich, “Dissecting distributed malware networks,”
Availabel from:¡
http://security. isu. edu/ppt/pdfppt/Core02. pdf
, 2002.
[27] J. R. Binkley and S. Singh, “An algorithm for anomaly-based botnet
detection.”
SRUTI, vol. 6, pp. 7–7, 2006.
[28] U. Banerjee, A. Vashishtha, and M. Saxena, “Evaluation of the capabili
ties of wireshark as a tool for intrusion detection,”
International Journal
of computer applications
, vol. 6, no. 7, pp. 1–5, 2010.
REFERENCES
[1] M. Matsalu et al., “Digitaalse ekspertiisi to¨oj ¨ ou p ˜ adevuse arendamine ¨
eesti kaitseliidu naitel,” Ph.D. dissertation, 2019. ¨
[2] G. S. Chhabra and P. Singh, “Distributed network forensics framework:
A systematic review,”
International Journal of Computer Applications,
vol. 119, no. 19, 2015.
[3] G. A. Pimenta Rodrigues, R. de Oliveira Albuquerque, F. E. Gomes de
Deus, G. A. De Oliveira Junior, L. J. Garc ´ ´ıa Villalba, T.-H. Kim
et al.,
“Cybersecurity and network forensics: Analysis of malicious traffic
towards a honeynet with deep packet inspection,”
Applied Sciences,
vol. 7, no. 10, p. 1082, 2017.
[4] D. Chang, M. Ghosh, S. K. Sanadhya, M. Singh, and D. R. White,
“Fbhash: A new similarity hashing scheme for digital forensics,”
Digital
Investigation
, vol. 29, pp. S113–S123, 2019.
[5] L. Liebler, P. Schmitt, H. Baier, and F. Breitinger, “On efficiency of
artifact lookup strategies in digital forensics,”
Digital Investigation,
vol. 28, pp. S116–S125, 2019.
[6] K. Karampidis, E. Kavallieratou, and G. Papadourakis, “A review
of image steganalysis techniques for digital forensics,”
Journal of
information security and applications
, vol. 40, pp. 217–235, 2018.

Supercomputing, pp. 1–19, 2019.
[8] J. Li, D. Zhou, W. Qiu, Y. Shi, J.-J. Yang, S. Chen, Q. Wang, and
H. Pan, “Application of weighted gene co-expression network analysis
for data from paired design,”
Scientific reports, vol. 8, no. 1, pp. 1–8,
“Diagnosis and prediction of large-for-gestational-age fetus using the
stacked generalization method,”
Applied Sciences, vol. 9, no. 20, p.
and H. Pan, “Comparison of different machine learning approaches to
predict small for gestational age infants,”
IEEE Transactions on Big
Data
, 2016.
Conference on Digital Forensics. Springer, 2006, pp. 273–285.
Security, vol. 20, no. 5, pp. 836–843, 2018.
[16] R. Messier,
Network forensics. John Wiley & Sons, 2017.
[17] H. Bensefia and N. Ghoualmi, “An intelligent system for decision
making in firewall forensics,” in
International Conference on Digital Information and Communication Technology and Its Applications.
[19] Q. Al-Mousa and Z. Al-Mousa, “Honeypots aiding network forensics:
Challenges and notins,”
Journal of Communication, vol. 8, no. 11, pp.
700–707, 2013.
[20] J. Llano Tejera, “Herramientas forenses para la respuesta a incidentes
www.ijacsa.thesai.org 886 j P a g e
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 12, No. 5, 2021
[29] L. Chappell, “Wireshark 101: Essential skills for network analysiswireshark solution series,” Laura Chappell University, USA, 2017.
[30] R. Chowdhary, S. L. Tan, J. Zhang, S. Karnik, V. B. Bajic, and J. S. Liu,
“Context-specific protein network miner–an online system for exploring
context-specific protein interaction networks from the literature,”
PLoS
One
, vol. 7, no. 4, p. e34480, 2012.
[31] R. Umar, I. Riadi, and B. F. Muthohirin, “Live forensics of tools on
android devices for email forensics,”
Telkomnika, vol. 17, no. 4, pp.
1803–1809, 2019.
[32] P. Cisar and S. M. ˇ Cisar, “Ethical hacking of wireless networks in kali ˇ
linux environment,”
Annals of the Faculty of Engineering Hunedoara,
vol. 16, no. 3, pp. 181–186, 2018.
[33] O. Barybin, E. Zaitseva, and V. Brazhnyi, “Testing the security esp32
internet of things devices,” in
2019 IEEE International ScientificPractical Conference Problems of Infocommunications, Science and
Technology (PIC S&T)
. IEEE, 2019, pp. 143–146.
[34] S. Ekhator, “Evaluating kismet and netstumbler as network security
tools & solutions.” 2010.
[35] J.-N. Hilgert, M. Lambertz, and D. Plohmann, “Extending the sleuth
kit and its underlying model for pooled storage file system forensic
analysis,”
Digital Investigation, vol. 22, pp. S76–S85, 2017.
[36] J.-N. Hilgert, M. Lambertz, and S. Yang, “Forensic analysis of multiple
device btrfs configurations using the sleuth kit,”
Digital Investigation,
vol. 26, pp. S21–S29, 2018.
[37] N. Provos, “Honeyd-a virtual honeypot daemon,” in
10th DFN-CERT
Workshop, Hamburg, Germany
, vol. 2, 2003, p. 4.
[38] R. Chandran, S. Pakala
et al., “Simulating networks with honeyd,”
online], Technical paper, Paladion Networks, December, 2003.
[39] P. Kazienko and P. Dorosz, “Intrusion detection systems (ids) part 2-
classification; methods; techniques,”
WindowsSecurity. com, 2004.
[40] J. Kipp
et al., “Using snort as an ids and network monitor in linux,”
GIAC, pp. 1–4, 2001.
[41] P. Lin, K. Ye, and C.-Z. Xu, “Netdetector: an anomaly detection platform for networked systems,” in
2019 IEEE International Conference
on Real-time Computing and Robotics (RCAR)
. IEEE, 2019, pp. 69–74.
[42] Y. R. Wang and A. Kanemura, “Designing lightweight feature descriptor
networks with depthwise separable convolution,” in
????????????? ?
34 ????? (2020)
. ?????? ??????, 2020, pp. 2K1ES204–2K1ES204.
[43] R. Joshi and E. S. Pilli, “Network forensic tools,” in
Fundamentals of
Network Forensics
. Springer, 2016, pp. 71–93.
[44] T. A. Moore, M. E. Longworth, B. Girardi, and D. Love, “Apparatus
and method for network analysis,” Dec. 15 2009, uS Patent 7,634,557.
[45] M. H. Mate and S. R. Kapse, “Network forensic tool–concept and
architecture,” in
2015 Fifth International Conference on Communication
Systems and Network Technologies
. IEEE, 2015, pp. 711–713.
[46] A. Lazzez, “A survey about network forensics tools,”
Int. J. Comput.
Inf. Technol
, vol. 2, no. 1, 2013.
[47] R. Hunt and S. Zeadally, “Network forensics: an analysis of techniques,
tools, and trends,”
Computer, vol. 45, no. 12, pp. 36–43, 2012.
[48] S. Wang, D. Xu, and S. Yan, “Analysis and application of wireshark
in tcp/ip protocol teaching,” in
2010 International Conference on EHealth Networking Digital Ecosystems and Technologies (EDT), vol. 2.
IEEE, 2010, pp. 269–272.
[49] V. Ndatinya, Z. Xiao, V. R. Manepalli, K. Meng, and Y. Xiao, “Network
forensics analysis using wireshark,”
International Journal of Security
and Networks
, vol. 10, no. 2, pp. 91–106, 2015.
[50] Y. Lee and Y. Lee, “Toward scalable internet traffic measurement and
analysis with hadoop,”
ACM SIGCOMM Computer Communication
Review
, vol. 43, no. 1, pp. 5–13, 2012.
[51] R. Menon and O. G. MENON, “Mining of textual databases within the
product development process,” Ph.D. dissertation, 2004.
www.ijacsa.thesai.org 887 j P a g e
View publication stats

meeting agenda to all attentlieet poof,meeting agenda to all attentlieet poof

meeting agenda to all attentlieet poof,meeting agenda to all attentlieet poof

?t, oh, flay,
1 . staff Meting
neseurce Required

AssignmentTutorOnline

It (
A mt’et inn rOOM fOr c14RMOM WOO ft 1044161ed Olikeita% rows A4Ritt t:3 c a 1 resources as rerimi dews, Wank *kW Pollimot 1004ft, powerP ()int pres.eritewm, headeuti
Task 1: Conduct Rotel)la/ Learner instructIon 5 You are running a staff meeting on the three nevi are/ precookiwei kitedtaill in Task 1 of A T34 wmr UMW Use the meeting agenda th.at you created in Ta‘sif 2 Staff fneetwoi 40-4,14 pflv ill 14 communicate the new arstomef see proccdore: to $talf_ You muse ha ie at least three staff rnfritert. (c( $twient$//xifikaiOki 14 a fanmaki1a4 eftiw”.1″41 attending the meeting, Your asSe55/Jr #trli ai6o atttnd the meeting. Organs tome *04 itaa mot Your attendees and your 11116es,sov
1 2
3
Provide the meeting agenda to all attentlieet poof to the meaty% Organise the time and date of the meeting Organise any additional resource: iou require for the tweeting such as laptop, pitipiellar, PowerPoint presentation, chairs, h4ndout5, etc_ In the meeting *0041 must cover ail the meeting agenda items Outnine and espial() an three mew custornef tar ilia 00.414/10,00140101 Include informatioc about the pow*, tte4.im44, (AMNON SAMNA, procedures and how moneormg and conettwif, feedlot* we lciao Ask for employee feedback on each of the three new stariderda procedures, 4 klentity ways tor eacih new poitcy/pfocidure t p,ertonstored 04504$ how 0w new policie5 4(4 v (Aitflutel todr, rf4.4* too 4144§toti cuStomert Mow for question Do emoiloyees Owe arpo awry” 6 make? Any SisipallOM fOf ■MpfelVtintfitt Aftv mow, , outing the rowyliey, you we MOW to denkwistrate the toloPong Wilk 04 knowledge, Mass amitonwer tows needs with stiff Comoniunicite any new practices to sun Use questioning and Intening techniquettiitAws twit feeds& Provide opportuneies for staff to participate m demiwnore mum.
5

service maims Camille the role-play

,0-4,0 fl

,

?t, oh, flay,
1 . staff Meting
neseurce Required

AssignmentTutorOnline

It (
A mt’et inn rOOM fOr c14RMOM WOO ft 1044161ed Olikeita% rows A4Ritt t:3 c a 1 resources as rerimi dews, Wank *kW Pollimot 1004ft, powerP ()int pres.eritewm, headeuti
Task 1: Conduct Rotel)la/ Learner instructIon 5 You are running a staff meeting on the three nevi are/ precookiwei kitedtaill in Task 1 of A T34 wmr UMW Use the meeting agenda th.at you created in Ta‘sif 2 Staff fneetwoi 40-4,14 pflv ill 14 communicate the new arstomef see proccdore: to $talf_ You muse ha ie at least three staff rnfritert. (c( $twient$//xifikaiOki 14 a fanmaki1a4 eftiw”.1″41 attending the meeting, Your asSe55/Jr #trli ai6o atttnd the meeting. Organs tome *04 itaa mot Your attendees and your 11116es,sov
1 2
3
Provide the meeting agenda to all attentlieet poof to the meaty% Organise the time and date of the meeting Organise any additional resource: iou require for the tweeting such as laptop, pitipiellar, PowerPoint presentation, chairs, h4ndout5, etc_ In the meeting *0041 must cover ail the meeting agenda items Outnine and espial() an three mew custornef tar ilia 00.414/10,00140101 Include informatioc about the pow*, tte4.im44, (AMNON SAMNA, procedures and how moneormg and conettwif, feedlot* we lciao Ask for employee feedback on each of the three new stariderda procedures, 4 klentity ways tor eacih new poitcy/pfocidure t p,ertonstored 04504$ how 0w new policie5 4(4 v (Aitflutel todr, rf4.4* too 4144§toti cuStomert Mow for question Do emoiloyees Owe arpo awry” 6 make? Any SisipallOM fOf ■MpfelVtintfitt Aftv mow, , outing the rowyliey, you we MOW to denkwistrate the toloPong Wilk 04 knowledge, Mass amitonwer tows needs with stiff Comoniunicite any new practices to sun Use questioning and Intening techniquettiitAws twit feeds& Provide opportuneies for staff to participate m demiwnore mum.
5

service maims Camille the role-play

,0-4,0 fl

72968 – Workbook ResponsesInstructionsThis workbook includes

72968 – Workbook ResponsesInstructionsThis workbook includes

Workbook Responses
Instructions
This workbook includes 8 short answer responses.
Each response is to be written for an academic audience.
Each response should be composed in one paragraph and should be no longer than 250 words. Additional words will not be marked.
Responses should be referenced using peer review publications (other relevant publications such as text books and appropriate reports may also be used if required). APA or Vancouver style referencing can be used.
The reference list will not be included in the word count (in text references will be included). Please include the reference list for each question immediately after your response.
Marks will be allocated to the content, articulation of your discussion and references (including correct referencing style). A rubric will be provided.
Most questions ask you to apply a concept or principle and give you the opportunity to select a specific focus. When selecting an issue, country/region and/or focus be specific – it is easier to be concise if you are clear with your focus.
Workbook questions
1. Define the socio-ecological model for health and use examples to describe the interactions that may influence mental health.
(10 marks)
2. Climate change represents a significant challenge globally and locally. Using a specific country or region, explain advice you would provide to policy makers to mitigate the impact of climate change. (10 marks)
3. Some public health strategies raise a number of ethical dilemmas. Using immunisation as an example critique ethical dilemmas to population-based immunisation programs.
(10 marks)
4. Drawing on the work of the authors discussed in this unit discuss how social gradient impacts equity. (10 marks)
5. Provide a critical discussion around John Rawls’ Theory of Justice and why it is sometimes at odds with utilitarianism.
(10 marks)
6. Environmental sustainability has emerged as a paradigm in providing healthy diets. Critique threats to achieving healthy and sustainability diets.
(10 marks)
7. Vector-borne diseases transmitted by mosquitos represent a significant public health issue in many countries. Select a specific mosquito borne disease and a specific country or region. Critically assess public health responses in your country/region.
(10 marks)
8. Provide a critical discussion around the impact of transnational corporations in influencing choice in global markets.
(10 marks)

[Solved] 72946 – ASSESSMENT TWO: LITERATURE REVIEW – DATA MINING

[Solved] 72946 – ASSESSMENT TWO: LITERATURE REVIEW – DATA MINING

ASSESSMENT TWO: LITERATURE REVIEW – DATA MINING TO RESEARCH PROPOSAL – DESIGN RESEARCH INSTRUMENT – PRESENTATION)
Task Length:
Mini Report (750 words) – Research Proposal)
Presentation – Not more than 15 Slides –
(Templates Provided for both the mini report and presentation)
Duration of the Video Presentation – Not more than 10 minutes
Task Type
Individual
A due week and the submission deadline
Week 6 – SUNDAY – 29 May 2022 – 23:
Value
Mini-report and Video Presentation – 40% (Explain as per the template)
Part A of the Presentation – Not more than 5 Slides – LITERATURE REVIEW
· This part introduces the concept of data mining and analysis of secondary literature for theory testing and application in the Tourism and Hospitality Sector.
· The exploration of the contemporary issues of the hospitality and tourism sector.
· The type, quality and various sources of data available in the Tourism and Hospitality – sector will be critically explored as part of the response.
· The is an individual assessment where the students will undertake a literature review element of the primary research on a chosen contemporary issue/ trend from the Tourism and hospitality industry.
Part B of the Presentation – Not more than 5 Slides – DATA MINING TO RESEARCH PROPOSAL
On the basis of the data mining and analysis of secondary literature for theory in the assessment part A, in this part, you will develop the Research proposal, conceptual and methodological approach relevant to your topic in the Tourism and Hospitality Sector. This is an application-based assessment and will test the understanding and effectiveness of the application of the research concepts learned in the unit.
You will answer the following question in the slide –
• Background to the Problem
• Gap Analysis
• Research question
• Objectives of the study
• Develop their hypothesis.
Part C of the Presentation – Not more than 5 Slides – DESIGN RESEARCH INSTRUMENT
As per the assessment Part A and B, you will be introduced to the various methods of data collectionand to the concept of designing and development the quantitative mode of data collection, namely the Questionnaire. This will help them to considered and explore the link between theoretical frameworks and research project design. As part of this assessment, you will design a data collection tool (questionnaire) for your chosen research topic and pertinent to their conceptual framework. This tool will then be used to collect primary data.
You will answer the following question in the slide –
• Research Design
• Sampling
• Data Collection -Tools
• Fieldwork
• Data Analysis
• Ethical Considerations
• Timeline
Assessment Criteria used to grade this task: Students should demonstrate the ability to:
a. Summarise the background of the contemporary chosen issue from the tourism and hospitality industry.
b. Meaningfully identify the gap in the literature and pitch their own research.
c. Identify the research question and the objectives for the research proposal
d. Develop their hypothesis.
e. Discuss all the parameters of the methodological framework and provide justifications for their choices.
f. Use relevant concepts and theories to support your discussion.
g. Discuss the ethical issues and limitations of the research.
h. Identify the timeframe and propose the budget for the research
i. Prepare actual Research Proposal in light of the tourism and hospitality projects/issues.
j. Design the questionnaire.
You may select from any of the topics:
1. Online reviews and destination images impact the Tourism flows in regional Australian XXXX destination
2. Online reviews and destination images create regional Australian tourism XXX destination context
3. User review and social media (consider any 1 type) impact on the Tourism flows in regional Australian XXXX destination
4. The trustworthiness and credible information of social media in selecting Australian tourist destination – XXX destination context
5. The trustworthiness and credible information of social media in selecting food shop in your suburb – XXX destination context
6. COVID-19 and overseas travel restriction impacts on the domestic tourism demand