Use of Windows based investigation tools
Use of Unix/Linux based investigation tools
Operating Systems
File Handling Systems
File attributes and their forensic significance
Data hiding
Legal and ethical implications of data recovery
Stages of an e-Investigation
Digital storage analysis
Evidence reporting

Task based assignment 100%. Students will produce a portfolio of work, detailing their use and understanding of forensic tools and the situations in which specific tools would be used to give the investigator better or more accurate information regarding a case. The portfolio will consist of ten separate items of practical work, showing the students use of a number of forensic tools and techniques. This will assess learning outcomes 1 - 4.

Practical tasks and tutorials will be used to re-enforce and apply theory to encourage an analytical and problem based approach to forensic investigation.

Students will build a portfolio of evidence demonstrating the use of a number of tools to recover and analyse various files/data items from a number of digital storage devices.

1 lecture and 2 practicals per week ; (1:n) (1:20) 2

Nelson B, A. Phillips, et. al, Guide to Computer Forensics and Investigations, 2004, Thompson, ISBN: 0619131209

Sammes T, B. Jenkinson, Forensic Computing: A Practitioners Guide, 2000, Springer-Verlag, ISBN: 1852332999

Dick, D, PC Support Handbook, 2003, Dumbreck, ISBN: 095417111X

Good Practice Guide for Computer Based Evidence, Version 3. Association of Chief Police Officers of England, Wales and Northern Ireland.

G8_proposed_principles-for_forensic_evidence.html [available online] http://www.ioce.org/ [accessed 2007]
Forensic tool sets e.g. DriveSpy, NetAnalysis
Sanitized cases accumulated by the Faculty

None.