DIGITAL FORENSIC INVESTIGATION

SHE Level 3
SCQF Credit Points 20.00
ECTS Credit Points 10.00
Module Code M3I124457
Module Leader Riccardo Lazzarini
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • A (September start)

Pre-Requisite Knowledge

Cyber Security Operations or equivalent

Summary of Content

With today's ever-changing technologies and environments, it is inevitable that security professionals will deal with some form of cybercrime. This module focuses on the essentials that a forensic investigator must know to investigate core digital crime incidents successfully. The module extends knowledge beyond conventional static computer forensics analysis by applying the methodology to develop the principles surrounding preliminary case considerations and the collection of evidence left behind by malicious activity. The module is practical in nature. Utilising case studies and scenarios, students will be guided through the process of conducting a digital forensic investigation. This course will enable the student to be able to undertake a forensic investigation using current forensic tools. The ethical and professional issues/requirements of the Digital Forensics practitioner are incorporated throughout the syllabus. Students are guided through real-world scenarios featuring structured inquiry based learning.

Syllabus

Legal & Ethical Principles with Computer Crime Legal and ethical expectations in the gathering, analysing, preservation and presentation of digital evidence. Types of computer crime investigated. Forensic and Investigative Essentials Digital forensics for incident responders. Incident response and forensics. Application of Forensic Principles The principles of forensic science for determining significance of evidence, reconstructing fragments of data and drawing conclusions based on evidence found through hypothesis generation and confirmation. Forensic Examination of Digital Systems Forensic techniques in the examination of operating systems. Advanced file analysis approaches, network forensics, data hiding and hostile code, encryption and forensics, investigation of fraud, data recovery. Future directions in the field. File System Forensic Analysis File system fundamentals. Timeline analysis. File system and data layer examination. Metadata layer examination. File name layer examination. File sorting and hash comparisons. Forensic Artefact Analysis Analysis concepts. Event log analysis. Web browser forensics. Methodology to analyze and solve challenging cases.

Learning Outcomes

On successful completion of this module a student should be able to:Explain the methodologies, principles and guidelines associated with digital forensic investigations, including the methods for identifying, preserving and recovering digital evidence.Evaluate and select appropriate tools and techniques for the detection and prevention of digital crime.Undertake digital forensic analysis by applying appropriate computer and network forensics tools and the basic principles of digital forensics.Describe how to approach forensic investigations from static, mounted, live and network perspectives.Discuss the issues surrounding the collection of volatile data and explain how to identify computer forensic artefacts.

Teaching / Learning Strategy

The university 'Strategy for Learning' documentation has informed the learning and teaching strategy for this module. The module's material will be introduced through lectures, while practical laboratory exercises, based on lecture material, will be given to students whereby the will experiment with, tools and techniques to identifying, preserving and recovering digital evidence. Tutorials will be used to help explain and elaborate on both the lecture material and the laboratory exercises. All lectur- e, tutorial and laboratory material will be available on GCU Learn and links will be provided to appropriate external material such as podcasts, videos and literature. GCU Learn will also be used to provide the students with module specific forums and wiki's to stimulate student and lecturer interaction out-with the normal lecture, laboratory and tutorial session. In addition, students will be encouraged to access NETLAB, an innovative hands-on online lab learning environment providing access to live systems and network devices. During all laboratory and tutorial sessions students will receive formative feedback on their performance in undertaking the laboratory and tutorial exercises. Summative feedback can be obtained for the coursework and final written exam undertaken as part of the module .

Indicative Reading

Carrier, B.(2005), File system Forensic Analysis, Addison Wesley. Carvey, H. (2009) Windows Forensic Analysis, Syngress Casey, E. (2009), Handbook of Digital Forensics and Investigation, Academic Press Casey (2011) Digital Evidence and Computer Crime Forensic Science, Computers, and the Internet, 3rd Edition. Elsevier.

Transferrable Skills

C1 - Logical thinking and problem solving. C2 - Critical analysis. D1 - Communication skills (electronic, written, oral and listening) necessary to make effective presentation of a technical nature (information, ideas, problems and their solutions) to a range of audiences. E2 - Creativity, innovation and independent thinking. E4 - Reliability, integrity, honesty and ethical awareness. E6 - Ability to prioritise tasks and time management (organising and planning work) E7 - Interpersonal skills, the ability to work as a member of a team (work with and relate effectively to others) recognising the different roles within a team and different ways of organising teams (leadership).

Module Structure

Activity Total Hours
Tutorials (FT) 12.00
Lectures (FT) 24.00
Independent Learning (FT) 120.00
Practicals (FT) 24.00
Assessment (FT) 20.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (Exams Office) 2.00 50.00 35% Unseen written exam
Coursework 1 n/a 50.00 35% Practical based assignment