CC5005 - Computer Forensics (2017/18)
|Module specification||Module approved to run in 2017/18|
|Module title||Computer Forensics|
|Module level||Intermediate (05)|
|Credit rating for module||30|
|School||School of Computing and Digital Media|
|Total study hours||300|
|Running in 2017/18||
This module addresses the growing demand from law enforcement departments, security agencies and commercial organisations for skilled practitioners in Computer forensics. Computer forensic investigation requires an understanding of computer-related crimes, an appreciation of relevant laws, a high level of technical expertise, a methodical approach to investigation, and the ability to explain complex technical ideas simply. This module introduces the principles of computer forensics, develops the digital forensic analysis knowledge and skills required by the discipline, and prepares students for the career as a computer forensic investigator.
Prior learning requirements
Successful completion of level 4 or equivalent
The aim of this module is to provide students with
• principles of computer forensic investigation in this discipline
• new developments in digital crimes based on the latest Internet technology, such as Internet chat room, etc
• the knowledge of ethics and ethical responsibilities of studying computer forensics and personal and professional integrity
• approaches to preservation and extraction of relevant digital evidence from computers, using appropriate tools and techniques.
In order to develop the skills of using computer as a crime investigative tool, students will be able to further develop their investigative skills built upon those modules previously taken. This module is also practical in nature and will provide students with the opportunity to evaluate case studies using computer forensics tools and techniques.
• History of computer forensics, the use of electronic evidence, and scientific techniques in computer forensic investigations;
• Computer law, ethics, and ethical responsibilities of studying computer forensics;
• New developments in digital crimes based on the latest Internet technology, including the Internet chat room, etc.;
• Professional guidelines and policies in the discipline of computer forensics, such as those defined by the Association of Chief Police Officers (ACPO);
• Principles of computer forensic investigation,control of a crime scene, and securement and verification of authenticity of evidence;
• Computer forensic tools and applications, the functionality of a range of computer forensic tools, benefits and short comes/limitations of various computer forensics tools, e.g. EnCase, FTK, WinHex, etc.;
• Investigative plans and forensic workstations set up for specific investigations, and outlines of step-by-step processes for retrieving potential evidence;
• Image files on an evidence disk, examinations and recovery of image files, data compression, steganography, and copyright issues;
• Dealing with deleted files and slack space, and acquisition of data from a suspect's drive with special tools;
• E-mail crimes and violations, email forensic investigations, and popular e-mail forensic tools;
• Network-centred forensic investigations, tools, methods, and using network logs to collect evidence of a network intrusion incident or a crime;
• Communicating and presenting investigative findings in such ways that they meet the standards expected in a court of law
• Expert witness and reporting results of investigations in a court of law
• General introduction to forensic examinations on mobile devices
Learning and teaching
Students will develop theoretical understanding and practically investigative skills based on weekly lectures, tutorials and supervised workshops. The workshops, in particular, are provided to support students in gaining practical experience in computer forensic investigations.
Appropriate blended learning approaches and technologies, such as, the University’s VLE and computer forensic tools, will be used to facilitate and support student learning, in particular, to:
• deliver content;
• encourage active learning;
• provide formative and summative assessments, and prompt feedback;
• enhance student engagement and learning experience.
Students will be expected and encouraged to produce reflective commentaries on the learning activities and tasks that they carry out to complete their work.
By the end of this module, students should be able to:
LO1. develop a broader understanding of the relevant computer crime, law and computer forensics literature and explain the particular legal, ethical and professional challenges facing the computer forensics practitioners;
LO2. discuss the basic principles of computer forensics and describe the role computer forensics plays in deterring and detecting computer crime;
LO3. appreciate and explain the basic tools including the hardware and software, required in the investigations;
LO4. understand the nature of computer forensic investigation, control of a crime scene, and securement and verification of authenticity of evidence;
LO5. undertake computer forensic analysis by applying appropriate principles of computer forensics whilst preserving evidential integrity throughout the analysis;
LO6. analyse and evaluate digital evidence (and the interpretations of that evidence) obtained from computer forensics investigations and apply appropriate legal and procedural principles to that evidence;
LO7. communicate and present investigative findings in such ways that they meet the standards expected in a court of law.
Coursework 1 is a technical report (1200 words) - online submission,which is the culmination of good literature review work carried out through using a wide mix of sources: lecture slides, textbooks, industrial standards and guidelines, research papers, and web resources. It’s aimed at developing students’ knowledge, confidence and problem solving strategies [LO1-4].
Coursework 2 is a case study (1200 words) - online submission, which is designed to enhance learning by offering a case study in computer forensic investigation and the opportunities to carry out research into current issues and technologies with computer forensics [LO5-7].
The workshop materials, activities and informal feedback opportunities in the class and workshops will be used to support student learning and provide the impetus for tackling coursework 1 and 2. Formative assessment and feedback opportunities will be provided to develop student understanding of the subject.
The formative exam will be used to assess students’ deeper understanding of the concepts [LO1-7].
The main learning resource is the complex of lecture notes, tutorial questions, workshop tasks, supporting software packages, and other teaching materials available as a Web site accessed through university’s Web site.
The key texts:
• Solomon Michael G. & Barrett D. & Broom N., 2005, Computer Forensics Jump Start, SYBEX
• Bryant R. & etc. 2008, Investigating Digital Crime, Wiley
• Volonino L. & Anzaldua R. & Godwin J., 2007, Computer Forensics: Principles and Practices, Pearson Prentice Hall
• Nelson B. & Philips A. & Enfinger F. & Steuart C., 2008, Guide to Computer Forensics and Inverstigations,Cengage Learning Course Technology
• Kruse II W. G. & Heiser J. G., 2002, Computer Forensics: incident response essentials, Addison Wesley
• Jones K. J. & Bejtlich R. & Rose C. W., 2006, Real Digital Forensics Computer Security and Incident Response, Addison-Wesley
• Carrier B., 2005, File Systems Forensic Analysis, Addison-Wesley
• Farmer D. & Venema W., 2005, Forensic Discovery, Addison-Wesley
• Britz M. T., 2004, Computer Forensics and Cyber Crime, Pearson Pretice Hall