Prior study of CE00300-1 Hardware and Software Systems and Networks

Microsoft operating systems, file system options, file recovery and archives, histories, registry and user accounts.
Linux, I-node, command line, use as an examination tool for Microsoft products.
Security features such as I/O masks & sandboxes.
Analyzing a variety of file systemss such as FAT & NTFS file systems, data recovery methods and Chaining.
Bit locking, encryption and tamper resistant storage.
Removable media.
File formats, headers, checksums, HTML & e-mail files.

A selection of the weekly practical exercises to be put together into a portfolio. These exercise will involve the students in using forensic investigation software to examine file systems and other aspects of operating system behaviour and performance within a forensic context. 70% (learning outcomes 1-3)

A poster (academic style) produced by a small group of students, detailing the results of an investigation into e.g. comparative file handling in Windows and Linux and the implications this has for forensic investigation. 30% (learning outcome 1 & 4)

The focus will be problem led learning using practical tasks and case study scenarios supported by theoretical underpinning delivered in a lecture.
Students will build a portfolio of evidence that they have analyzed a variety of operating systems and accomplished a range of data recovery tasks.
(1:n)2 (1:20)

Carrier, B., File System Forensic Analysis. Addison-Wesley, 2005, ISBN: 0-321-26817-2

Nelson, Philips, Enfinger & Stuart (2006) Computer Forensics and investigations 2nd Ed. Thompson ISBN 0619217065

Jones, Bejtilich & Rose (2006) Real Digital Forcensics. Addison - Wesley ISBN 0321240693

Stallings, W. Operating Systems: Internals and Design Principles, Prentice Hall 2004 ISBN 0131278371

O' Gorman, J. Operating Systems with Linux, Palgrave Macmillan 2001 ISBN 0333947452

Administrative access to operating system, access to recovery software and forensic tools and on-line library.