Indicative Content
This module will cover the following topics:
Introduction to Digital Forensics/The Scope of Computer Forensics
Windows Operating and File Systems
Incidence response
Acquiring Evidence in a Computer Forensics Lab
Online Investigations
Documenting an Investigation
Admissibility of Digital Evidence
Network Forensics
Mobile Forensics
Photograph Forensics
Video Forensics
Vehicle Forensics
Mac Forensics
Use of EnCase, FTK Imager, Autopsy, XRY, Wireshark, as well as standard literary requirements
Forensic equipment such as write-blockers and imaging capability
IR strategy
Additional Assessment Details
Design Document – A practical assessment to gauge your understanding of the science of the digital forensics, methodologies, tools, techniques, and standards used in forensic investigations. As a new forensic investigator, you will need to set up a forensic lab to carry out digital forensic investigations. You need to draw a business plan by referring to recent cybercrimes you have seen on the press or published articles and technical reports. Alternatively, you can set up a forensics lab within an organisation or within law enforcement. You need to identify the requirements, attributes, tools, licenses, personnel, and other requirements with clear indication of processes, procedures, and guidelines. Furthermore, you need to develop a Standard Operational Procedure (SOP) identifying tasks and activities based on a well-established framework for a forensic investigation (Learning Outcomes 1, 2 and 4).
Written Report – This will assess your understanding of a digital forensic investigation and implementation of techniques used to identify, analyse, and present digital evidence using forensic tools. This consists of a typical forensics investigation report to be presented in court or within an internal investigation. In conjunction with the first assignment, you will need to explain how you will carry out your investigations (based on your SoP). The investigation should produce a report using a forensic tool and include some analysis, recommendations and presentation of digital evidence seized by an investigator (Learning Outcomes 1 to 4).
Learning Strategies
All teaching sessions will blend theory and practical learning. Students will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples within the same sessions. In addition, students will be provided with a range of resources for independent study such as case studies, academic papers and industry stories. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help students build knowledge and confidence in preparation for summative (formal) assessment.
Learning Outcomes
1. Discuss critically fundamental forensic computing concepts and components in relation to a typical computer system.
Analysis,
Application,
Knowledge & Understanding
2. Document the locations of forensically significant data and the means to recover this information using a variety of advanced industrial standard techniques.
Analysis,
Application,
Problem Solving
3. Evaluate the implementation of digital forensic guidelines to collect and present digital evidence.
Knowledge & Understanding,
Learning,
Reflection,
Application
4. Present through self-evaluation and interpretation the location of digital evidence within a digital device and the steps of evidence preservation using advanced professional practice through practical investigation and artefact development.
Application,
Knowledge & Understanding,
Reflection,
Learning
Resources
Wireshark
FTK Imager
EnCase
Autopsy
XRY
Machines and Devices for seizing and imaging
Texts
All texts and electronic resources will be updated and refreshed on an annual basis and available for students via the online Study Links resource platform. All reference materials will be collated and curated and aligned to Equality, Diversity & Inclusion indicators.
Kävrestad, J. (2020) Fundamentals of Digital Forensics. Springer International Publishing
Le-Khac, N. A., & Choo, K. K. R. (2020) Cyber and Digital Forensic Investigations. Springer International Publishing
Casey, E. (2019) Handbook of digital forensics and investigation. Academic Press
Sheward, M., 2018. Hands-on incident response and digital forensics. BCS Publishing
Hayes, D. R. (2020) A Practical Guide to Computer Forensics Investigations. Pearson Education
Holt, T, J et. al. (2022), Cybercrime and Digital Forensics: An Introduction, Routledge; 3rd edition
Johansen, G, (2022), Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response, 3rd Edition, Packt Publishing; 3rd edition
Mullins, M. (2022), Cyber Security Awareness: Employee Handbook, Kindle Edition
Anderson, R. (2021), Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, Wiley, 3rd Edition
IEEE Transactions on Information Forensics and Security
IEEE Security & Privacy
ScienceDirect - Forensic Science International: Digital Investigation
Web Descriptor
A digital forensic investigation is a special case of forensic investigation where the procedures and techniques allows findings to be presented in a Court of Law. The analysis of digital evidence is a very structured and formal process. This course will allow learners to develop knowledge and understanding of digital forensics, focusing on different platforms (computers, mobile phones, smartphones, and vehicles). The objectives of this course are to introduce the principles of digital forensic investigation both theoretically and practically to students.