Module Descriptors
DIGITAL FORENSICS
COMP50038
Key Facts
Digital, Technology, Innovation and Business
Level 5
20 credits
Contact
Leader: Janet Francis
Email: J.Francis@staffs.ac.uk
Hours of Study
Scheduled Learning and Teaching Activities: 65
Independent Study Hours: 135
Total Learning Hours: 200
Pattern of Delivery
- Occurrence A, Burton and South Derbyshire College, UG Semester 1
Sites
- Burton and South Derbyshire College
Assessment
- A written report reflecting on a digital investigation tool - 1,500 Words weighted at 50%
- A demonstration of the effectiveness of the chosen digital investigation tool - 10 Minutes weighted at 50%
Module Details
LEARNING OUTCOMES
1. DEMONSTRATE CRITICAL UNDERSTANDING OF METHODS AND PROCEDURES USED WITHIN A DIGITAL FORENSIC EXAMINATION
Knowledge & Understanding
Learning
2. EXPLAIN AND CRITICALLY EXAMINE OPERATING SYSTEMS INCLUDING WINDOWS, AND LINUX.
Analysis
Problem solving
3. CRITICALLY EXAMINE AND ANALYSE A RANGE OF FILE SYSTEMS.
Problem Solving
Knowledge & understanding
4. IDENTIFY AND PRESENT THE LOCATIONS OF FORENSICALLY SIGNIFICANT DATA AND THE MEANS TO RECOVER IT USING A VARIETY OF FORENSICALLY SOUND TOOLS.
Reflection, Communication
Knowledge & Understanding
Learning
2. EXPLAIN AND CRITICALLY EXAMINE OPERATING SYSTEMS INCLUDING WINDOWS, AND LINUX.
Analysis
Problem solving
3. CRITICALLY EXAMINE AND ANALYSE A RANGE OF FILE SYSTEMS.
Problem Solving
Knowledge & understanding
4. IDENTIFY AND PRESENT THE LOCATIONS OF FORENSICALLY SIGNIFICANT DATA AND THE MEANS TO RECOVER IT USING A VARIETY OF FORENSICALLY SOUND TOOLS.
Reflection, Communication
ADDITIONAL ASSESSMENT DETAILS
WRITTEN: A portfolio of work produced reporting the use of a digital investigation tool, that also reviews and critiques a minimum of two separate forensic tools.
INDICATIVE CONTENT
- PC and network fundamentals and component handling for data recovery and evidence gathering:
- Operating Systems, File Systems, File attributes and their forensic significance
- Data hiding, Steganography, Free Space, Slack Space
- Legal and ethical implications of data recovery
- Responsibilities and duties of care of the investigator, Stages of an e-Investigation,
- Conducting a formal search.
- Knowledge and understanding of the use of forensic computing tools
- Use of Windows based investigation tools
- Use of Unix/Linux based investigation tools
- Identification of likely areas for evidence recovery
- Introduction to standards of evidence handling
- Presentation of evidence, Evidence reporting
- Computer Hardware Components
- Windows OS & Linux Artefacts
- Operating Systems, File Systems, File attributes and their forensic significance
- Data hiding, Steganography, Free Space, Slack Space
- Legal and ethical implications of data recovery
- Responsibilities and duties of care of the investigator, Stages of an e-Investigation,
- Conducting a formal search.
- Knowledge and understanding of the use of forensic computing tools
- Use of Windows based investigation tools
- Use of Unix/Linux based investigation tools
- Identification of likely areas for evidence recovery
- Introduction to standards of evidence handling
- Presentation of evidence, Evidence reporting
- Computer Hardware Components
- Windows OS & Linux Artefacts
WEB DESCRIPTOR
A digital forensic investigation is a special case of a forensic investigation where the procedures and techniques are used to make the use of target digital artefacts while allowing the findings to be presented in a Court of Law. The analysis of digital evidence is a very structured and formal process. The module will allow students to develop knowledge and understanding of digital forensics, focusing on different platforms (including computers, mobile phones, and smartphones/tablets).
LEARNING STRATEGIES
Lectures will introduce key topics and concepts with tutor-assisted practical sessions. In the practical sessions you will get hands-on experience of the principles and under-pinning knowledge taught in the lectures. Formative, self-directed exercises to support transfer of knowledge and understanding will be undertaken weekly. Self-directed learning using on-line material will also be used to help develop your research and analytical skills. There will be a weekly one-hour lecture to supplement on-line material.
REFERENCE TEXTS
Anson, A (2020) Applied Incident Response, Wiley, ISBN-13 : 978-1119560265
Oettinger, W (2020) Learn Computer Forensics: A beginner's guide to searching, analyzing, and securing digital evidence, Packt Publishing, ISBN-13 : 978-1838648176
Widup, S (2014) Computer Forensics and Digital Investigation with EnCase Forensic v7, McGraw-Hill Education, 2ISBN-13 : 978-0071807913
Phillips, A (2015), Guide to Computer Forensics and Investigations, Course Technology (5th edition), ISBN 9781285060033
An annually updated keylinks online resource bank will be made available
Oettinger, W (2020) Learn Computer Forensics: A beginner's guide to searching, analyzing, and securing digital evidence, Packt Publishing, ISBN-13 : 978-1838648176
Widup, S (2014) Computer Forensics and Digital Investigation with EnCase Forensic v7, McGraw-Hill Education, 2ISBN-13 : 978-0071807913
Phillips, A (2015), Guide to Computer Forensics and Investigations, Course Technology (5th edition), ISBN 9781285060033
An annually updated keylinks online resource bank will be made available
RESOURCES
Specialist Cyber Security and Digital Forensic laboratory
Module Resources Isolated Forensic Analysis Lab
Forensic tool sets e.g. EnCase, FTK, XRY, Autopsy and many other open-source tools
Module Resources Isolated Forensic Analysis Lab
Forensic tool sets e.g. EnCase, FTK, XRY, Autopsy and many other open-source tools