Module Descriptors
DATA RECOVERY, TRACING AND EVIDENCE GATHERING IN COMPUTER SYSTEMS
COCS50264
Key Facts
Faculty of Computing, Engineering and Sciences
Level 5
15 credits
Contact
Leader: Rob Shaw
Email: R.Shaw@staffs.ac.uk
Hours of Study
Scheduled Learning and Teaching Activities: 36
Independent Study Hours: 114
Total Learning Hours: 150
Assessment
- EXAMINATION - UNSEEN IN EXAMINATION CONDITIONS weighted at 50%
- ASSIGNMENT weighted at 50%
Module Details
Module Special Admissions Requirements
Prior study of Level 1 CE00300-1, Hardware and Software Systems and Networks or equivalent.
Module Resources
G8_proposed_principles-for_forensic_evidence.html [available online] http://www.ioce.org/ [accessed 2004]
Forensic tool sets e.g. DriveSpy, NetAnalysis
Sanitized cases accumulated by the Faculty
Forensic tool sets e.g. DriveSpy, NetAnalysis
Sanitized cases accumulated by the Faculty
Module Texts
Nelson B, A. Phillips, et. al, Guide to Computer Forensics and Investigations, 2004, Thompson, ISBN: 0619131209
Sammes T, B. Jenkinson, Forensic Computing: A Practitioners Guide, 2000, Springer-Verlag, ISBN: 1852332999
Dick, D, PC Support Handbook, 2003, Dumbreck, ISBN: 095417111X
Good Practice Guide for Computer Based Evidence, Version 2. Association of Chief Police Officers of England, Wales and Northern Ireland. (ACOP Crime Committee, 23rd June 1999).
Sammes T, B. Jenkinson, Forensic Computing: A Practitioners Guide, 2000, Springer-Verlag, ISBN: 1852332999
Dick, D, PC Support Handbook, 2003, Dumbreck, ISBN: 095417111X
Good Practice Guide for Computer Based Evidence, Version 2. Association of Chief Police Officers of England, Wales and Northern Ireland. (ACOP Crime Committee, 23rd June 1999).
Module Learning Strategies
Practical tasks and tutorials will be used to re-enforce and apply theory to encourage an analytical and problem based approach to forensic investigation. 1 lecture and 2 practicals per week.
(1:n)1 (1:20)2
(1:n)1 (1:20)2
Module Indicative Content
PC and network fundamentals and component handling for data recovery and evidence gathering:
Conducting a formal search.
Analysis of digital media, tools and techniques used by forensic agencies.
Introduction to standards of evidence handling e.g. ISO 17799
Responsibilities and duties of care of the investigator.
Operating systems, log and configuration files, data redundancy and protection.
Digital media and data storage, structures, risks and recovery strategy.
Access controls and encryption.
Recovery of data that has been obscured.
Presentation of evidence.
Network activity monitoring and tracing.
Conducting a formal search.
Analysis of digital media, tools and techniques used by forensic agencies.
Introduction to standards of evidence handling e.g. ISO 17799
Responsibilities and duties of care of the investigator.
Operating systems, log and configuration files, data redundancy and protection.
Digital media and data storage, structures, risks and recovery strategy.
Access controls and encryption.
Recovery of data that has been obscured.
Presentation of evidence.
Network activity monitoring and tracing.
Module Additional Assessment Details
Exam 50% - length 2 hours - Learning outcomes 1, 2 and 3.
Task based assignment 50% - Learning outcome 4.
Task based assignment 50% - Learning outcome 4.