Module Descriptors
COMPUTER AND NETWORK FORENSICS
COMP60020
Key Facts
School of Digital, Technologies and Arts
Level 6
30 credits
Hours of Study
Scheduled Learning and Teaching Activities: 53
Independent Study Hours: 247
Total Learning Hours: 300
Assessment
- Coursework - 3000 words weighted at 40%
- Group assignment - (policy 1500 words, Seizure 1500 words, Presentation 10 minutes) weighted at 50%
- Casebook weighted at 10%
Module Details
Module Learning Outcomes
1. Demonstrate critical understanding of methods and procedures used within digital forensic examination.
Communication
Knowledge & understanding
Learning
2. Explain and evaluate the operation of forensic tools and the interpretation of resident data.
Analysis
Communication
Knowledge & understanding
3. Identify and recover obfuscated data using forensically sound techniques.
Analysis
Learning
Problem solving
4. Analyse a trail of digital evidence to identify a history of events leading to the interpretation of evidence locations and taxonomy.
Analysis
Knowledge & understanding
Reflection
5. Evaluate the interaction of file system components, the resident data and the interpretation of the digital examination tools.
Application
Reflection
Communication
Knowledge & understanding
Learning
2. Explain and evaluate the operation of forensic tools and the interpretation of resident data.
Analysis
Communication
Knowledge & understanding
3. Identify and recover obfuscated data using forensically sound techniques.
Analysis
Learning
Problem solving
4. Analyse a trail of digital evidence to identify a history of events leading to the interpretation of evidence locations and taxonomy.
Analysis
Knowledge & understanding
Reflection
5. Evaluate the interaction of file system components, the resident data and the interpretation of the digital examination tools.
Application
Reflection
Module Additional Assessment Details
The analysis of a supplied image(s) and reporting based on evidence / data found
Assignment covers Learning Outcomes 1, 3 and 4.
Weighting: 40% 3000 words
Group assignment that consists of the production of an evidence handling policy and the use of that policy in evidence seizure. There will be a presentation of the policy and seizure documentation.
Assignment covers Learning Outcomes 1 and 2.
Weighting:50%
Policy 1500 words
Seizure 1500 words
Presentation 10 mins
You will be presented with a Casebook at the start of the module and will be required to maintain a log of activities, procedure notes and other relevant notes.
Assignment covers Learning Outcome 5.
Weighting: 10%
There is an individual assignment which covers tools and methods. A more detailed analysis is carried out as a group and includes provision and presentation of evidence. A casebook is kept as an aide memoire
Assignment covers Learning Outcomes 1, 3 and 4.
Weighting: 40% 3000 words
Group assignment that consists of the production of an evidence handling policy and the use of that policy in evidence seizure. There will be a presentation of the policy and seizure documentation.
Assignment covers Learning Outcomes 1 and 2.
Weighting:50%
Policy 1500 words
Seizure 1500 words
Presentation 10 mins
You will be presented with a Casebook at the start of the module and will be required to maintain a log of activities, procedure notes and other relevant notes.
Assignment covers Learning Outcome 5.
Weighting: 10%
There is an individual assignment which covers tools and methods. A more detailed analysis is carried out as a group and includes provision and presentation of evidence. A casebook is kept as an aide memoire
Module Indicative Content
This module has been designed to develop and enhance the skillset required for a digital investigator. Full training in MicroSystemation’s XRY (mobile logical extractions) is given and certification in XRY is offered. Full training in Guidance Software’s EnCase is provided, as is the opportunity to take EnCase certification. These skills will also be helpful when applying for placements.
Main topic areas covered:
Mobile device training and certification - XRY
Planning, preparation and case and crime scene management
Digital evidence acquisition, collection and handling.
Understanding the relevance of digital forensic data
Encase concepts, use and reporting
Guidelines, Legislation and Standards
Live Digital Forensics
Computer Hardware Components
File Systems and their Concepts
File Signature Analysis and Hash Analysis
Windows OS Artefacts
The capture and examination of network traffic.
Main topic areas covered:
Mobile device training and certification - XRY
Planning, preparation and case and crime scene management
Digital evidence acquisition, collection and handling.
Understanding the relevance of digital forensic data
Encase concepts, use and reporting
Guidelines, Legislation and Standards
Live Digital Forensics
Computer Hardware Components
File Systems and their Concepts
File Signature Analysis and Hash Analysis
Windows OS Artefacts
The capture and examination of network traffic.
Module Learning Strategies
Module Launch (30 hours)
There will be a module launch during which around 20 hours of face to face contact will be devoted to undertaking tasks which are designed to provide useful insights into the module content and purpose. The remaining time will be spent on guided learning activities.
Additional Guided Learning (22 hours)
A module tutor who is part of the teaching team of the module will be allocated to you and you will meet them during the launch. Following the launch, there will be some materials on the VLE which are designed to guide your learning. Additionally, there will be at least two hour long sessions per week of contact time for the eleven weeks following the launch. This will be used for learning guided led by your module tutor. It will be a face to face presentation if you are on day release. For online learners it will be flipped classroom approach with group (up to 20) seminars.
Reviews:
(1 hour per student)
Independent learning (247 hours)
The module leader will provide resources through the virtual learning environment which will include videos and presentations as well as links to useful websites. Other academic learning will be achieved through reading around the subject area. Module tutors will suggest useful texts, though many others will be suitable and can be found in our e-library. If you require help understanding any of the concepts, you may contact your module tutor for assistance.
Part of your independent learning will take place in your workplace under the guidance of your mentor. You will complete a work-based learning agreement to ensure that arrangements are in place at your workplace to facilitate this work-based learning. You are encouraged to endeavour to apply your growing academic knowledge to improve your work practice and to reflect on your work-based experiences to improve your learning.
You will be required to complete assignment work during independent learning time. Assignment work for a 30 credit module at level 6 should take around 140 hours to complete
Additional help with learning
You will have access to the departmental librarian. As a student, you are more than welcome to visit the university at any time and to use the resources. During time at the university, you may arrange to meet your module tutor or academic coach for additional help
There will be a module launch during which around 20 hours of face to face contact will be devoted to undertaking tasks which are designed to provide useful insights into the module content and purpose. The remaining time will be spent on guided learning activities.
Additional Guided Learning (22 hours)
A module tutor who is part of the teaching team of the module will be allocated to you and you will meet them during the launch. Following the launch, there will be some materials on the VLE which are designed to guide your learning. Additionally, there will be at least two hour long sessions per week of contact time for the eleven weeks following the launch. This will be used for learning guided led by your module tutor. It will be a face to face presentation if you are on day release. For online learners it will be flipped classroom approach with group (up to 20) seminars.
Reviews:
(1 hour per student)
Independent learning (247 hours)
The module leader will provide resources through the virtual learning environment which will include videos and presentations as well as links to useful websites. Other academic learning will be achieved through reading around the subject area. Module tutors will suggest useful texts, though many others will be suitable and can be found in our e-library. If you require help understanding any of the concepts, you may contact your module tutor for assistance.
Part of your independent learning will take place in your workplace under the guidance of your mentor. You will complete a work-based learning agreement to ensure that arrangements are in place at your workplace to facilitate this work-based learning. You are encouraged to endeavour to apply your growing academic knowledge to improve your work practice and to reflect on your work-based experiences to improve your learning.
You will be required to complete assignment work during independent learning time. Assignment work for a 30 credit module at level 6 should take around 140 hours to complete
Additional help with learning
You will have access to the departmental librarian. As a student, you are more than welcome to visit the university at any time and to use the resources. During time at the university, you may arrange to meet your module tutor or academic coach for additional help
Module Texts
Carvey, H., 2009. Windows Forensic Analysis DVD Toolkit. Elsevier Science. ISBN: 9781597494229
Data Protection Act 2018 and GDPR 2018 ISO/IEC/IEEE 29148:2011
Good Practice Guide for Computer based evidence, version 7, Association of Chief Police Officers (ACPO) of England, Wales and Northern Ireland
ISO 8000-8:2015 Data quality -- Part 8: Information and data quality: Concepts and measuring
Johansen, G. (2017). Digital Forensics and Incident Response. Packt Publishing. ISBN13: 978-1787288683
Ligh, M. (2014). The art of memory forensics. Indianapolis, Ind.: Wiley.
Nelson, B., Phillips, A. and Steuart, C. (2013). Guide to computer forensics and investigations. Boston: Course Technology. , ISBN: 1435498836
Nikkel, B., 2016. Practical Forensic Imaging: Securing Digital Evidence with Linux Tools. No Starch Press, ISBN-13:
978-1-59327-793-2
Sammes, A. and Jenkinson, B. (2010). Forensic computing: A Practitioners Guide. 2nd edn. London: Springer. ISBN: 184996596
Data Protection Act 2018 and GDPR 2018 ISO/IEC/IEEE 29148:2011
Good Practice Guide for Computer based evidence, version 7, Association of Chief Police Officers (ACPO) of England, Wales and Northern Ireland
ISO 8000-8:2015 Data quality -- Part 8: Information and data quality: Concepts and measuring
Johansen, G. (2017). Digital Forensics and Incident Response. Packt Publishing. ISBN13: 978-1787288683
Ligh, M. (2014). The art of memory forensics. Indianapolis, Ind.: Wiley.
Nelson, B., Phillips, A. and Steuart, C. (2013). Guide to computer forensics and investigations. Boston: Course Technology. , ISBN: 1435498836
Nikkel, B., 2016. Practical Forensic Imaging: Securing Digital Evidence with Linux Tools. No Starch Press, ISBN-13:
978-1-59327-793-2
Sammes, A. and Jenkinson, B. (2010). Forensic computing: A Practitioners Guide. 2nd edn. London: Springer. ISBN: 184996596
Module Resources
Access to the forensic/security Lab and/or suitable workplace environment.
Access to VM machines
Forensic Analysis software such as EnCase, FTK.
Access to digital forensic hardware (Writeblocking kits).
Access to exhibits (Mobile devices, hard drives and images prepared by tutor).
Access to VM machines
Forensic Analysis software such as EnCase, FTK.
Access to digital forensic hardware (Writeblocking kits).
Access to exhibits (Mobile devices, hard drives and images prepared by tutor).