module specification

CC7179 - Digital Forensics (2017/18)

Module specification Module approved to run in 2017/18
Module title Digital Forensics
Module level Masters (07)
Credit rating for module 20
School School of Computing and Digital Media
Total study hours 200
 
152 hours Guided independent study
48 hours Scheduled learning & teaching activities
Assessment components
Type Weighting Qualifying mark Description
Coursework 50%   An investigative case study and a technical report (2500 words) - online submission
Unseen Examination 50%   Two-hour unseen written exam
Running in 2017/18
Period Campus Day Time Module Leader
Autumn semester North Tuesday Afternoon

Module summary

This module addresses the growing demand from police forces, security agencies and commercial organisations for skilled professionals in this developing area. It covers such topics: digital crime activities and their prosecution, digital forensic & digital evidence, digital forensic process tools, and the legal and regulatory issues.

Module aims

The aim of this module is to provide students with the knowledge of preservation and extraction of relevant digital evidence from main stream digital equipment, including computers, computer networks (including the cyber space/Internet), and other digital devices in appropriate procedures, tools and techniques. The students will be able to expand their knowledge of how computers operate and communicate as well as issues related to networking and web technologies in order to develop the skills required to be able to use computers as a crime investigative tool.

Syllabus

• Digital forensics, digital evidence, forensic analysis and interpretation of digital evidence
• Legal issues, and scientific technologies in forensic investigations
• Current digital forensic investigation tools and evaluation of their strengths and weaknesses, and the investigator's office/laboratory
• Nature of a typical digital forensic case, control of a crime scene, and protection and verification of authenticity of digital evidence
• Investigative plans and forensic workstations set up for specific investigations, and outlines of process of retrieving potential digital evidence
• Dealing with the deleted and slack spaces to find the evidence from a suspect's drive and the relevant specialist tools available
• Image files on an evidence disk, use of image recovery tools, data compression, restoring graphics, and steganography
• Tools and methods involved in network-centred forensic investigations, and an overview of using network logs to collect evidence of a network intrusion incident or a crime
• E-mail crimes and violations and their forensics investigations, plus popular e-mail forensic tools.
• Modern digital devices and their forensics investigations

Learning and teaching

Students will develop theoretical understanding and practically investigative skills based on weekly lectures, tutorials and supervised workshops.  The workshops, in particular, are provided to support students in gaining practical experience in digital forensic investigations.

Appropriate blended learning approaches and technologies, such as, the University’s VLE and industry-strength digital forensic tools, will be used to facilitate and support student learning, in particular, to:

  • deliver content;
  • encourage active learning;
  • provide formative and summative assessments, and prompt feedback;
  • enhance student engagement and learning experience.

Students will be expected and encouraged to produce reflective commentaries on the learning activities and tasks that they carry out to complete their work.

Learning outcomes

By the end of this module students should be able to:
LO1. Appreciate the principles of digital forensic process and appreciate where and how these principles should be applied;
LO2. Critically understand and discuss the digital evidence obtained from forensics investigations and their interpretations in a tribunal/court procedure;
LO3. Appreciate the legal and procedural issues and be aware of the documentary and evidentiary standards expected in presenting investigative findings in a court of law.
LO4. Produce systems designs for computer systems to aid in criminal investigations.
LO5. Analyse and evaluate the professional requirements of a digital forensics practitioner, and to critically discuss the challenges facing the digital forensic practitioners.

Assessment strategy

Coursework (2500 words) - online submission, which is designed to enhance learning by offering a case study in digital forensic investigation and the opportunities to carry out research into current issues and technologies with digital forensics [LO2 and 4].

The workshop materials, activities and informal feedback opportunities in the class and workshops will be used to support student learning and provide the impetus for tackling the coursework. Formative assessment and feedback opportunities will be provided to develop student understanding of the subject.

The formative final exam will be used to assess students’ deeper understanding of the theory and concepts [LO1, 3, 5].

Bibliography

Essential Reading
1. Bill Nelson, Amelia Philips, Frank Enfinger, and Christopher Steuart (2016),  Guide to Computer Forensics and Investigations, Publisher: Cengage Learning, ISBN-13: 9781285060033/ISBN-10: 1285060032
2. Linda Volonino, Reynaldo Anzaldua, and Jana Godwin (2006), Computer Forensics: Principles and Practices, Publisher: Pearson Prentice Hall, ISBN: 9780131547278

Recommended Reading
1. Dan Farmer and WietseVenema (2005)  Forensic Discovery, Publisher: Addison-Wesley,  ISBN 0-201-63497-X
2. Jones K. J. &Bejtlich R. & Rose C. W., 2006, Real Digital Forensics Computer Security and Incident Response, Addison-Wesley
3. Carrier B., 2005, File Systems Forensic Analysis, Addison-Wesley
4. AccessData Ltd. (2014), FTK User Manual, version 5, included in the FTK software installation
5. Guidance Software (2010), EnCase User Manual, included in Course Technology text book, “Guide to Computer Forensics and Investigations” (2nd Edition).