Prior study of CE00300-1 Hardware and Software Systems and Networks

Microsoft operating systems, file system options, file recovery and archives, histories, registry and user accounts.
Linux, I-node, command line, use as an examination tool for Microsoft products.
Security features such as I/O masks & sandboxes.
Analyzing a variety of file systemss such as FAT & NTFS file systems, data recovery methods and Chaining.
Bit locking, encryption and tamper resistant storage.
Removable media.
File formats, headers, checksums, HTML & e-mail files.

A selection of the weekly practical exercises to be put together into a portfolio. These exercise will involve the students in using forensic investigation software to examine file systems and other aspects of operating system behaviour and performance within a forensic context. 70% (learning outcomes 1-3)

A poster (academic style) produced by a small group of students, detailing the results of an investigation into e.g. comparative file handling in Windows and Linux and the implications this has for forensic investigation. 30% (learning outcome 1 & 4)

The focus will be problem led learning using practical tasks and case study scenarios supported by theoretical underpinning delivered in a lecture.
Students will build a portfolio of evidence that they have analyzed a variety of operating systems and accomplished a range of data recovery tasks.
(1:n)2 (1:20)

Administrative access to operating system, access to recovery software and forensic tools and on-line library.

Carrier, B., File System Forensic Analysis. Addison-Wesley, 2005, ISBN: 0-321-26817-2

Nelson, Philips, Enfinger & Stuart (2006) Computer Forensics and investigations 2nd Ed. Thompson ISBN 0619217065

Jones, Bejtilich & Rose (2006) Real Digital Forcensics. Addison - Wesley ISBN 0321240693

Stallings, W. Operating Systems: Internals and Design Principles, Prentice Hall 2004 ISBN 0131278371

O' Gorman, J. Operating Systems with Linux, Palgrave Macmillan 2001 ISBN 0333947452