Module Descriptors
FORENSIC DATA RECOVERY
COCS50561
Key Facts
Digital, Technology, Innovation and Business
Level 5
15 credits
Contact
Leader: Tomasz Bosakowski
Email: T.Bosakowski@staffs.ac.uk
Hours of Study
Scheduled Learning and Teaching Activities: 36
Independent Study Hours: 114
Total Learning Hours: 150
Assessment
- COURSEWORK weighted at 100%
Module Details
Module Resources
G8_proposed_principles_for_forensic_evidence.html (available online) http://www.ioce.org/ (accessed 2007)
Forensic tool sets e.g DriveSpy, NetAnalysis, FTK, EnCase
Sanitized cases accumulated by the Faculty
Forensic tool sets e.g DriveSpy, NetAnalysis, FTK, EnCase
Sanitized cases accumulated by the Faculty
Module Learning Strategies
Practical task and tutorials will be used to re-enforce and apply theory to encourage an analytical and problem based approach to forensic investigation.
1 lecture and 2 practicals per week.
Students will build a portfolio of evidence that they have analysed a variety of operating systems and accomplished a range of data recovery tasks.
(1:n)1 (1:20)2
1 lecture and 2 practicals per week.
Students will build a portfolio of evidence that they have analysed a variety of operating systems and accomplished a range of data recovery tasks.
(1:n)1 (1:20)2
Module Indicative Content
PC and Network fundamentals and component handling for data recovery and evidence gathering:
Knowledge and understanding of the use of forensic computing tools
Analysis of digital media, tools and techniques used by forensic agencies
Responsibilities and duties of care of the investigator
Operating systems, log and configuration files, data redundancy and protection
Digital media and data storage, structures, risks and recovery strategy.
Access controls and encryption
Recovery of data that has been obscured (Steganography and Data Hiding)
Knowledge and understanding of the use of forensic computing tools
Analysis of digital media, tools and techniques used by forensic agencies
Responsibilities and duties of care of the investigator
Operating systems, log and configuration files, data redundancy and protection
Digital media and data storage, structures, risks and recovery strategy.
Access controls and encryption
Recovery of data that has been obscured (Steganography and Data Hiding)
Module Additional Assessment Details
Task based assignment (3000 words) 100%
Assessing Learning Outcomes 1-4
Assessing Learning Outcomes 1-4
Module Special Admissions Requirements
Prior study of Level 1 CE00868-1, Introduction to Forensic Tools and Techniques or equivalent
Module Texts
Nelson B, A. Phillips, et. al, Guide to Computer Forensics and Investigations, 2004, Thompson, ISBN:619131209
Sammes T, B. Jenkinson, Forensic Computing: A Practitioners Guide, 2000, Springer-Verlag, ISBN: 1852332999
Dick, D PC Support Handbook, 2003, Dumbreck, ISBN: 095417111X
Good Practice Guide for Computer Based Evidence, Version . Association of Chief Police Officers (ACPO) of England, Wales and Northern Ireland
Sammes T, B. Jenkinson, Forensic Computing: A Practitioners Guide, 2000, Springer-Verlag, ISBN: 1852332999
Dick, D PC Support Handbook, 2003, Dumbreck, ISBN: 095417111X
Good Practice Guide for Computer Based Evidence, Version . Association of Chief Police Officers (ACPO) of England, Wales and Northern Ireland