CC7179 - Digital Forensics (2017/18)
|Module specification||Module approved to run in 2017/18|
|Module title||Digital Forensics|
|Module level||Masters (07)|
|Credit rating for module||20|
|School||School of Computing and Digital Media|
|Total study hours||200|
|Running in 2017/18||
This module addresses the growing demand from police forces, security agencies and commercial organisations for skilled professionals in this developing area. It covers such topics: digital crime activities and their prosecution, digital forensic & digital evidence, digital forensic process tools, and the legal and regulatory issues.
The aim of this module is to provide students with the knowledge of preservation and extraction of relevant digital evidence from main stream digital equipment, including computers, computer networks (including the cyber space/Internet), and other digital devices in appropriate procedures, tools and techniques. The students will be able to expand their knowledge of how computers operate and communicate as well as issues related to networking and web technologies in order to develop the skills required to be able to use computers as a crime investigative tool.
• Digital forensics, digital evidence, forensic analysis and interpretation of digital evidence
• Legal issues, and scientific technologies in forensic investigations
• Current digital forensic investigation tools and evaluation of their strengths and weaknesses, and the investigator's office/laboratory
• Nature of a typical digital forensic case, control of a crime scene, and protection and verification of authenticity of digital evidence
• Investigative plans and forensic workstations set up for specific investigations, and outlines of process of retrieving potential digital evidence
• Dealing with the deleted and slack spaces to find the evidence from a suspect's drive and the relevant specialist tools available
• Image files on an evidence disk, use of image recovery tools, data compression, restoring graphics, and steganography
• Tools and methods involved in network-centred forensic investigations, and an overview of using network logs to collect evidence of a network intrusion incident or a crime
• E-mail crimes and violations and their forensics investigations, plus popular e-mail forensic tools.
• Modern digital devices and their forensics investigations
Learning and teaching
Students will develop theoretical understanding and practically investigative skills based on weekly lectures, tutorials and supervised workshops. The workshops, in particular, are provided to support students in gaining practical experience in digital forensic investigations.
Appropriate blended learning approaches and technologies, such as, the University’s VLE and industry-strength digital forensic tools, will be used to facilitate and support student learning, in particular, to:
- deliver content;
- encourage active learning;
- provide formative and summative assessments, and prompt feedback;
- enhance student engagement and learning experience.
Students will be expected and encouraged to produce reflective commentaries on the learning activities and tasks that they carry out to complete their work.
By the end of this module students should be able to:
LO1. Appreciate the principles of digital forensic process and appreciate where and how these principles should be applied;
LO2. Critically understand and discuss the digital evidence obtained from forensics investigations and their interpretations in a tribunal/court procedure;
LO3. Appreciate the legal and procedural issues and be aware of the documentary and evidentiary standards expected in presenting investigative findings in a court of law.
LO4. Produce systems designs for computer systems to aid in criminal investigations.
LO5. Analyse and evaluate the professional requirements of a digital forensics practitioner, and to critically discuss the challenges facing the digital forensic practitioners.
Coursework (2500 words) - online submission, which is designed to enhance learning by offering a case study in digital forensic investigation and the opportunities to carry out research into current issues and technologies with digital forensics [LO2 and 4].
The workshop materials, activities and informal feedback opportunities in the class and workshops will be used to support student learning and provide the impetus for tackling the coursework. Formative assessment and feedback opportunities will be provided to develop student understanding of the subject.
The formative final exam will be used to assess students’ deeper understanding of the theory and concepts [LO1, 3, 5].
1. Bill Nelson, Amelia Philips, Frank Enfinger, and Christopher Steuart (2016), Guide to Computer Forensics and Investigations, Publisher: Cengage Learning, ISBN-13: 9781285060033/ISBN-10: 1285060032
2. Linda Volonino, Reynaldo Anzaldua, and Jana Godwin (2006), Computer Forensics: Principles and Practices, Publisher: Pearson Prentice Hall, ISBN: 9780131547278
1. Dan Farmer and WietseVenema (2005) Forensic Discovery, Publisher: Addison-Wesley, ISBN 0-201-63497-X
2. Jones K. J. &Bejtlich R. & Rose C. W., 2006, Real Digital Forensics Computer Security and Incident Response, Addison-Wesley
3. Carrier B., 2005, File Systems Forensic Analysis, Addison-Wesley
4. AccessData Ltd. (2014), FTK User Manual, version 5, included in the FTK software installation
5. Guidance Software (2010), EnCase User Manual, included in Course Technology text book, “Guide to Computer Forensics and Investigations” (2nd Edition).