This module will cover the following topics:

Introduction to Digital Forensics/The Scope of Computer Forensics

Windows Operating and File Systems

Incidence response

Acquiring Evidence in a Computer Forensics Lab

Online Investigations

Documenting an Investigation

Admissibility of Digital Evidence

Network Forensics

Mobile Forensics

Photograph Forensics

Video Forensics

Vehicle Forensics

Mac Forensics

Use of EnCase, FTK Imager, Autopsy, XRY, Wireshark, as well as standard literary requirements

Forensic equipment such as write-blockers and imaging capability

IR strategy

Design Document – A practical assessment to gauge your understanding of the science of the digital forensics, methodologies, tools, techniques, and standards used in forensic investigations. As a new forensic investigator, you will need to set up a forensic lab to carry out digital forensic investigations. You need to draw a business plan by referring to recent cybercrimes you have seen on the press or published articles and technical reports. Alternatively, you can set up a forensics lab within an organisation or within law enforcement. You need to identify the requirements, attributes, tools, licenses, personnel, and other requirements with clear indication of processes, procedures, and guidelines. Furthermore, you need to develop a Standard Operational Procedure (SOP) identifying tasks and activities based on a well-established framework for a forensic investigation (Learning Outcomes 1, 2 and 4).

Written Report – This will assess your understanding of a digital forensic investigation and implementation of techniques used to identify, analyse, and present digital evidence using forensic tools. This consists of a typical forensics investigation report to be presented in court or within an internal investigation. In conjunction with the first assignment, you will need to explain how you will carry out your investigations (based on your SoP). The investigation should produce a report using a forensic tool and include some analysis, recommendations and presentation of digital evidence seized by an investigator (Learning Outcomes 1 to 4).

All teaching sessions will blend theory and practical learning. Students will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples within the same sessions. In addition, students will be provided with a range of resources for independent study such as case studies, academic papers and industry stories. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help students build knowledge and confidence in preparation for summative (formal) assessment.

1. Discuss critically fundamental forensic computing concepts and components in relation to a typical computer system.

Analysis,

Application,

Knowledge & Understanding

2. Document the locations of forensically significant data and the means to recover this information using a variety of advanced industrial standard techniques.

Analysis,

Application,

Problem Solving

3. Evaluate the implementation of digital forensic guidelines to collect and present digital evidence.

Knowledge & Understanding,

Learning,

Reflection,

Application

4. Present through self-evaluation and interpretation the location of digital evidence within a digital device and the steps of evidence preservation using advanced professional practice through practical investigation and artefact development.

Application,

Knowledge & Understanding,

Reflection,

Learning

Wireshark

FTK Imager

EnCase

Autopsy

XRY

Machines and Devices for seizing and imaging

All texts and electronic resources will be updated and refreshed on an annual basis and available for students via the online Study Links resource platform. All reference materials will be collated and curated and aligned to Equality, Diversity & Inclusion indicators.


Kävrestad, J. (2020) Fundamentals of Digital Forensics. Springer International Publishing

Le-Khac, N. A., & Choo, K. K. R. (2020) Cyber and Digital Forensic Investigations. Springer International Publishing

Casey, E. (2019) Handbook of digital forensics and investigation. Academic Press

Sheward, M., 2018. Hands-on incident response and digital forensics. BCS Publishing

Hayes, D. R. (2020) A Practical Guide to Computer Forensics Investigations. Pearson Education

Holt, T, J et. al. (2022), Cybercrime and Digital Forensics: An Introduction, Routledge; 3rd edition

Johansen, G, (2022), Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response, 3rd Edition, Packt Publishing; 3rd edition

Mullins, M. (2022), Cyber Security Awareness: Employee Handbook, Kindle Edition

Anderson, R. (2021), Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, Wiley, 3rd Edition

IEEE Transactions on Information Forensics and Security

IEEE Security & Privacy

ScienceDirect - Forensic Science International: Digital Investigation

A digital forensic investigation is a special case of forensic investigation where the procedures and techniques allows findings to be presented in a Court of Law. The analysis of digital evidence is a very structured and formal process. This course will allow learners to develop knowledge and understanding of digital forensics, focusing on different platforms (computers, mobile phones, smartphones, and vehicles). The objectives of this course are to introduce the principles of digital forensic investigation both theoretically and practically to students.