module specification

This module seeks to provide students with a theoretical and practical systematic understanding of the cyber forensic practice covering a wide range of scenarios. Students will be provided with the knowledge to identify, extract, document, interpret and preserve IT assets as digital evidence, as well as analyse the root cause of security breaches. The module covers issues such as Cybercrime activities and their prosecution, Cyber evidence handling, forensic processes, and tools. In addition, this module covers legal and regulatory issues and aims to achieve the following learning aims: 

1. To provide students with a comprehensive understanding of the domain of cyber forensics. 

2. To instruct students in the tools and techniques that will allow them to identify and extract evidence from IT devices and cloud storage. 

3. To equip students with an in-depth knowledge of the processes whereby material extracted from IT devices, can be assessed and judged for evidentiary purposes. 

4. To provide students with a complete understanding of the process of documenting cyber forensic investigation findings.

Week 1: Digital Evidence, Computer Crime, Technology, and Law Acquisition, authentication and analysis of digital evidence. Comparison of the technology and legal framework for different countries. 

Week 2: The Investigative Process, Reconstruction, and Modus Operandi The digital evidence investigative process; investigative reconstruction; and "modus operandi", motive, and technology. 

Week 3: Applying Forensic Science to Computers The role of digital evidence in court trials and the application of forensic science to computers. 

Week 4: Investigating Windows Computers and Network Forensics Forensic investigation technologies for computers running the Microsoft Windows™ Operating Systems.

Week 5: Windows Registry Forensics and Windows Timeline Analysis  

Week 6: Investigation Unix Systems, Macintosh Systems, and Handheld Devices Forensic investigation technologies for UNIX systems, Macintosh systems, and handheld devices. 

Week 7: Mobile Forensics I Android investigations and forensic techniques. 

Week 8: Mobile Forensics II iOS investigations and forensic techniques. 

Week 9: Drones, IoT and Cloud Forensics Analysis 

Week 11: Remote Cyber Forensics 

Week 12: Email Forensics.

Students will develop theoretical understanding and practically investigative skills based on weekly lectures, tutorials and supervised workshops.  The workshops, in particular, are provided to support students in gaining practical experience in digital forensic investigations.

Appropriate blended learning approaches and technologies, such as, the University’s VLE and industry-strength digital forensic tools, will be used to facilitate and support student learning, in particular, to:

• deliver content;

• encourage active learning;

• provide formative and summative assessments and prompt feedback; 

• enhance student engagement and learning experience.

Students will be expected and encouraged to produce reflective commentaries on the learning activities and tasks that they carry out to complete their work.

By the end of this module students should be able to achieve:

LO1. Deep and critical understanding of the theory and practice of computer, mobile, IoT and Cloud forensics.

LO2. Comprehensive understanding of the cyber forensics processes including digital evidence acquisition, validation, analysis, and reporting. 

LO3. Critical understanding of the digital evidence obtained handling encompassing forensics investigations, findings reporting and interpretations in a tribunal/court.

LO4. Awareness of the technical requirements and professional environment of the cyber forensics practice as well as challenges facing practitioners.

LO5. An awareness of future trends in cyber forensics and ethical, legal and professional issues in the context of cybercrime investigation.

https://rl.talis.com/3/londonmet/lists/5AB70D80-AD28-20A5-419E-C45E5BAB0AB5.html?lang=en&login=1