Computer Forensics for a Computer-based Assessment: The Preparation Phase

Laubscher, Rabe, Olivier, Eloff, and Venter


Citation information

R. Laubscher, D. J. Rabe, M. S. Olivier, J. H. P. Eloff, and H. S. Venter. Computer forensics for a computer-based assessment: The preparation phase. In H. S. Venter, J. H. P. Eloff, L. Labuschagne, and M. M. Eloff, editors, Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005), Sandton, South Africa, 6 2005c. Research in progress paper, published electronically


When conducting a computer-based assessment, several infringements of assessment regulations could arise. Examples are illegal communication (e.g. by email, web, cell phone), hiding of computer objects with the aim of accessing or utilizing it, impersonation of another learner and presenting the project of another learner. If infringement is suspected, a computer forensic investigation should be launched. Almost no academic institution has a computer forensic department that can assist with a computer forensic investigation and therefore the responsibility rests upon the lecturer.

The purpose of this project is to apply forensic principles to a computer-based assessment environment in order to facilitate the identification and prosecution of any party that contravenes assessment regulations. The aim of the current paper is to consider the nature of a forensic ready computer-based assessment environment in more detail. This nature is derived from established computer forensic principles. In particular the focus is on the forensic process to determine the policies, procedures, processes and types of tools that should be present in such an environment. The computer-based assessment forensic process proposed in an earlier paper consists of four phases: 1) preparation of the environment, 2) collection of evidence, 3) analysis of evidence and 4) reporting the findings. The current paper will focus on the first step.

The utilization of different forensic tools for evidence collection and analysis used for crosschecking namely a key logger, CCTV camera, audit logs and a report of logins, will facilitate identification of any party that contravenes assessment regulations. The primary tool proposed in this paper is the key logger. The proposed process forms the backbone of the forensic process.

Full text

A pre- or postprint of the publication is available at

BibTeX reference

AUTHOR={Rut Laubscher and D Jacobus Rabe and Martin S Olivier and Jan H P Eloff and Hein S Venter},
TITLE={Computer Forensics for a Computer-based Assessment: The Preparation Phase},
BOOKTITLE={Proceedings of the Fifth Annual Information Security South Africa Conference (ISSA2005)},
EDITOR={Hein S Venter and Jan H P Eloff and Les Labuschagne and Mariki M Eloff},
ADDRESS={Sandton, South Africa},
NOTE={Research in progress paper, published electronically} )

[Publications] [Home]
Page maintained by Martin Olivier
Record refreshed: January 16, 2018

Beta version of new bibliography database; please report errors (or copyright violations) that may have slipped in.