- PC and network fundamentals and component handling for data recovery and evidence gathering:
- Operating Systems, File Handling Systems, File attributes and their forensic significance
- Data hiding ¿ Steganography, Free Space, Slack Space
- Legal and ethical implications of data recovery
- Responsibilities and duties of care of the investigator, Stages of an e-Investigation,
- Conducting a formal search.
- Knowledge and understanding of the use of forensic computing tools
- Use of Windows based investigation tools
- Use of Unix/Linux based investigation tools
- Identification of likely areas for evidence recovery
- Introduction to standards of evidence handling.
- Presentation of evidence, Evidence reporting

Isolated Forensic Analysis Lab

Forensic tool sets e.g. EnCase, FTK, XRY

Sanitized cases accumulated by the Faculty

Must be enrolled on the BSc (Hons) Intelligence and Security (top-up)

Computer Forensics: Jump Start, Solomon M.G., Barrett, D., Broom, N. Sybex 2005. ISBN 0-7821-4375-X

Good Practice Guide for Computer Based Evidence. Association of Chief Police Officers (ACPO) of England, Wales and Northern Ireland.
http://www.7safe.com/electronic_evidence/ACPO_guidelines_computer_evidence.pdf

Task based assignment 100% - Learning outcomes 1, 2, 3 & 4.

The production of a portfolio of work produced showing the use and application of a digital investigation tool, coupled with a 2000 word report reviewing and critiquing a minimum of three separate forensic tools.

Practical tasks and tutorials will be used to re-enforce and apply theory to encourage an analytical and problem based approach to forensic investigation. 36 hours of intensive class contact over the period of a week

Embedded within the module will be the training to enable the student to take the EnCase certification