1. DEMONSTRATE CRITICAL UNDERSTANDING OF METHODS AND PROCEDURES USED WITHIN DIGITAL FORENSIC EXAMINATION
Knowledge and Understanding, Learning

2. EXPLAIN AND EVALUATE THE OPERATION OF FORENSIC TOOLS AND THE INTERPRETATION OF RESIDENT DATA. Analysis, Communication, Reflection

3. IDENTIFY AND RECOVER OBFUSCATED DATA USING FORENSICALLY SOUND TECHNIQUES.
Problem Solving, Application

4. ANALYSE A TRAIL OF DIGITAL EVIDENCE TO IDENTIFY A HISTORY OF EVENTS LEADING TO THE INTERPRETATION OF EVIDENCE LOCATIONS AND TAXONOMY.
Knowledge and Understanding, Enquiry, Application

5. DEMONSTRATE THE REQUIRED SKILLS IN CREATING CONTEMPORANEOUS NOTES DURING A DIGITAL INVESTIGATION TO PRODUCE LEGAL STANDARD REPORTS.
Communication, Reflection

Assignment 1 covers Learning Outcomes 1,3 and 4.
A Portfolio of work based upon individual analysis and reporting of images both created and provided during the module.

Assignment 2 covers Learning Outcomes 1, 2 and 5.
Group assignment that consists of the production of an evidence handling policy that enables each student to examine and evaluate the forensic methodologies used to acquire and authenticate the forensically sound image. You will be presented with a Casebook at the start of the module and will be required to maintain a log of activities, procedure notes and other relevant notes.

This module has been designed to develop and enhance the skillset required for a digital investigator. Full training in MicroSystemation’s XRY (mobile logical extractions) is given and certification in XRY is offered. Full training in Guidance Software’s EnCase is provided, as is the opportunity to take EnCase certification. These skills will also be helpful when applying for placements.

Main topic areas covered are:

Mobile device training and certification - XRY
Planning, preparation, case and crime scene management
Digital evidence acquisition, collection and handling.
Understanding the relevance of digital forensic data
Encase concepts, use and reporting
Guidelines, Legislation and Standards
Live Digital Forensics
Computer Hardware Components
File Systems and their Concepts
File Signature Analysis and Hash Analysis
Windows OS Artefacts

26 hours of lectures and 52 hours of practical/tutorials.

You will be required to complete background reading prior to each lecture / tutorial. The background reading will help underpin the practical demonstrations.

A large proportion of the tutorial sessions will be problem based. Students will be given case studies and carefully prepared computer images to simulate various crimes to examine. Once the examination is completed the students are expected to report upon their findings using appropriate court approved forensic reporting.

Where appropriate you will be given formative assessment to complete and evaluate with peers.

Carvey, H., (2009). Windows Forensic Analysis DVD Toolkit. Elsevier Science. ISBN: 9781597494229
Data Protection Act 2018 and GDPR 2018 ISO/IEC/IEEE 29148:2011
Good Practice Guide for Computer based evidence, version 7, Association of Chief Police Officers (ACPO) of England, Wales and Northern Ireland
ISO 8000-8:2015 Data quality -- Part 8: Information and data quality: Concepts and measuring
Johansen, G. (2017). Digital Forensics and Incident Response. Packt Publishing. ISBN13: 978-1787288683
Ligh, M. (2014). The art of memory forensics. Indianapolis, Ind.: Wiley.
Nelson, B., Phillips, A. and Steuart, C. (2013). Guide to computer forensics and investigations. Boston: Course Technology. , ISBN: 1435498836
Nikkel, B., (2016). Practical Forensic Imaging: Securing Digital Evidence with Linux Tools. No Starch Press, ISBN-13:
978-1-59327-793-2
Sammes, A. and Jenkinson, B. (2010). Forensic computing: A Practitioners Guide. 2nd edn. London: Springer. ISBN: 184996596

Access to a forensics / security Lab.
Access to VM machines on lab PC’s
Forensic Analysis software such as EnCase, FTK.
Access to digital forensic hardware (Fastblock writeblocking kits).
Access to exhibits (hard drives and images prepared by tutor

None