Practical tasks and tutorials will be used to reinforce and apply theory to encourage an analytical and problem based approach to forensic investigation. 2 lectures and 1 practical per week.
(1:n)2 (1:20)1

Component handling for data discovery.
Operatng system functionality and its impact upon evidence gathering
Digital media and data storage
Access controls and encryption
Analysis of digital media
Tools for investigation and data recovery
Recovery of digital evidence
Standards for evidence handling e.g. ISO 17799
Network activity monitoring and tracing
Risk analysis
Evaluation and reporting of evidence

Exam 50% - length 2 hours assessing Learning Outcomes 1 and 2
Task Based Assignment 50% assessing Learning Outcomes 2, 3 and 4

CE00884-2 Data Recovery, Tracing and Evidence in Computer Systems or equivalent

G8_proposed_principles-for_forensic_evidence.html (available on-line) http://www.ioce.org/[accessed 2004]
Forensic tool sets e.g. ProDiscover, DriveSpy, NetAnalysis, Encase
Sanitized cases accumulated by the Faculty

Nelson B, A. Phillips, et.al. Guide to Computer Forensics and Investigations, 2004, Thompson, ISBN: 0619131209
Sammes T, B. Jenkinson, Forensic Computing: A Practitioners Guide, 2000, Springer-Verlag, ISBN: 1852332999
Dick, D, PC Support Handbook, 2003, Dumbreck, ISBN: 095417111X
Good Practice Guide for Computer Based Evidence, Version 2. Association of Chief Police Officers of England, Wales and Northern Ireland. (ACOP Crime Committee, 23rd June 1999).