Module Descriptors
DIGITAL FORENSICS: SYSTEMS
COMP50005
Key Facts
Digital, Technology, Innovation and Business
Level 5
30 credits
Contact
Leader: Pantaleon Lutta Odongo
Email: pantaleon.lutta@staffs.ac.uk
Hours of Study
Scheduled Learning and Teaching Activities: 78
Independent Study Hours: 222
Total Learning Hours: 300
Assessment
- Coursework - an individual report (2000 words) weighted at 50%
- Coursework - a group report (1000 words) weighted at 50%
Module Details
Module Learning Outcomes
1. DEMONSTRATE CRITICAL UNDERSTANDING OF METHODS AND PROCEDURES USED WITHIN FORENSIC COMPUTING.
Learning, Application
2. EXPLAIN AND CRITICALLY EXAMINE OPERATING SYSTEMS INCLUDING WINDOWS, LINUX AND IOS. Knowledge and Understanding, Analysis,
3. CRITICALLY EXAMINE AND ANALYSE A RANGE OF FILE HANDLING SYSTEMS.
Knowledge and Understanding, Enquiry
4. ANALYSE THE PROBLEMS ASSOCIATED WITH ENCRYPTION AND BIT LOCKING.
Enquiry, Analysis, Problem Solving, Application
5. EVALUATE THE INTERACTIONS OF SYSTEM SOFTWARE AND HARDWARE (STAND-ALONE AND NETWORKED).
Analysis, Application, Reflection
Learning, Application
2. EXPLAIN AND CRITICALLY EXAMINE OPERATING SYSTEMS INCLUDING WINDOWS, LINUX AND IOS. Knowledge and Understanding, Analysis,
3. CRITICALLY EXAMINE AND ANALYSE A RANGE OF FILE HANDLING SYSTEMS.
Knowledge and Understanding, Enquiry
4. ANALYSE THE PROBLEMS ASSOCIATED WITH ENCRYPTION AND BIT LOCKING.
Enquiry, Analysis, Problem Solving, Application
5. EVALUATE THE INTERACTIONS OF SYSTEM SOFTWARE AND HARDWARE (STAND-ALONE AND NETWORKED).
Analysis, Application, Reflection
Module Additional Assessment Details
Assignment 1 covers Learning Outcomes 2, 3 and 4.
An individual report. This will be a report based upon a review of encryption techniques and their effect on operating systems and file handling/analysis.
Assignment 2 covers Learning Outcomes 1 and 5.
A group report that will be based around a contrived scenario for an investigation, using an image provided for the assignment.
An individual report. This will be a report based upon a review of encryption techniques and their effect on operating systems and file handling/analysis.
Assignment 2 covers Learning Outcomes 1 and 5.
A group report that will be based around a contrived scenario for an investigation, using an image provided for the assignment.
Module Indicative Content
This module has been designed to give an insight into the issues affecting a digital investigation relating to file handling and operating system functionalities’
Main topic areas covered:
The investigation and analyses of various operating systems such Linux, iOS and Windows.
Analysing a variety of file handling systems such as FAT & NTFS file systems, data recovery methods and Chaining.
Bit locking, encryption and tamper resistant storage.
File formats, headers, checksums, HTML & e-mail files.
Operating system functionality and its impact upon evidence gathering
Access controls and encryption
Recovery of digital evidence: Methods and Procedures
Standards for evidence handling e.g. ISO 17799
Network activity monitoring and tracing
Risk analysis
Evaluation and reporting of evidence
Main topic areas covered:
The investigation and analyses of various operating systems such Linux, iOS and Windows.
Analysing a variety of file handling systems such as FAT & NTFS file systems, data recovery methods and Chaining.
Bit locking, encryption and tamper resistant storage.
File formats, headers, checksums, HTML & e-mail files.
Operating system functionality and its impact upon evidence gathering
Access controls and encryption
Recovery of digital evidence: Methods and Procedures
Standards for evidence handling e.g. ISO 17799
Network activity monitoring and tracing
Risk analysis
Evaluation and reporting of evidence
Module Learning Strategies
52 hours of lectures and 26 hours of practical/tutorial sessions
The focus will be problem led learning using practical tasks and case study scenarios supported by theoretical underpinning delivered in lectures. You will also be required to undertake background / directed reading to support the material delivered during lectures and to support / enhance the work undertaken during the practical sessions.
The focus will be problem led learning using practical tasks and case study scenarios supported by theoretical underpinning delivered in lectures. You will also be required to undertake background / directed reading to support the material delivered during lectures and to support / enhance the work undertaken during the practical sessions.
Module Texts
Carrier, B. (2011). File system forensic analysis. Upper Saddle River, NJ: Addison-Wesley. ISBN 0-321-26817-2
Data Protection Act 2018 and GDPR 2018 ISO/IEC/IEEE 29148:2011
Holt, A. and Huang, C. (2018). Embedded operating systems: A practical approach. Springer. ISBN 978-3-319-72977-0
ISO 8000-8:2015 Data quality -- Part 8: Information and data quality: Concepts and measuring
O'Gordon, J. (2001). Operating systems with Linux. Basingstoke: Palgrave. ISBN 0333947452
Silberschatz, A., Gagne, G. and Galvin, P. (2014). Operating system concepts. Hoboken, NJ: Wiley. ISBN: 978-1-1180-9375-7
Stallings, W. (2005). Operating systems: Internals and Design Principles. Upper Saddle River: Pearson Education International. ISBN 0-131-27837-1
Data Protection Act 2018 and GDPR 2018 ISO/IEC/IEEE 29148:2011
Holt, A. and Huang, C. (2018). Embedded operating systems: A practical approach. Springer. ISBN 978-3-319-72977-0
ISO 8000-8:2015 Data quality -- Part 8: Information and data quality: Concepts and measuring
O'Gordon, J. (2001). Operating systems with Linux. Basingstoke: Palgrave. ISBN 0333947452
Silberschatz, A., Gagne, G. and Galvin, P. (2014). Operating system concepts. Hoboken, NJ: Wiley. ISBN: 978-1-1180-9375-7
Stallings, W. (2005). Operating systems: Internals and Design Principles. Upper Saddle River: Pearson Education International. ISBN 0-131-27837-1
Module Resources
Access to an isolated Forensics / Security Lab
Access to VM running on Lab PC’s
Access to VM running on Lab PC’s
Module Special Admissions Requirements
None