This module covers the principles, techniques, theory and applications central to computer forensics, The module focuses on computer file system fundamentals, detection, acquisition, analysis and report writing as well as coverage of legal and professional issues all of which focus on the practice of obtaining ‘legally safe’ evidence of criminal activity. Through a “hands-on” approach to learning forensic computing techniques using open-source and commercial forensic tools.

1. Evaluate the principles of computer forensic analysis and appreciate where and how these principles should be applied.
2. Critically discuss the nature of digital evidence and the interpretations of that evidence obtained from computer forensics investigations.
3. Evaluate the legal and procedural issues and be aware of the documentary and evidentiary standards expected in presenting investigative findings in a court of law.
4. Analyse and evaluate the professional requirements of a computer forensics practitioner, and to critically discuss the challenges facing the computer forensics practitioner.
5. Demonstrate knowledge and understanding of file structures both in a Linux environment and Windows, disk structures and use of a range of forensic tools and techniques.
6. Understand the methods of data extraction from mobile phones.
7. Understand methods of security logging and pattern matching for detection.
8. Explain the link between technology and business processes in the context of gathering evidence.
9. Describe the investigator’s duty to the courts and explain the rules of evidence.

The module will be delivered by a combination of:

20 Lectures over 11 weeks

2 hours of labs each week

• Describe the systems under investigation; obtain a forensic image, of pertinent data and volatile data.

• Skill in the use of diverse forensic tools and analytical techniques.

  Discipline Specific (including practical) Skills:

• An understanding of the forensic methodology, tools and techniques to successfully solve a forensic incident.

• Fundamental technical understanding of storage media.

• Evidence extraction from Mobile Phones

• Current issues in computer forensics.

Transferable Skills:

• Scientific analysis and experimental design

• Data recovery.

• Oral and written reporting.

• Sources of information to support continuous personal development and knowledge acquisition.

• Work effectively as part of a group.

Exam: A written exam (2 h) will test the student's knowledge and understanding as elaborated under the learning outcomes.

Coursework: The coursework will allow the student to demonstrate their knowledge and practical skills and to apply the principles taught in lectures.

Introduction to the fundamental principles of Computer Forensics

This topic will discuss in detail and critically evaluate the principles of Computer Forensics and apply these in order to introduce students to the fundamental and defining principles of computer forensics.

The introduction to computer forensics will include the philosophy of digital evidence and how the principles can be applied to computer crime.

Students will be introduced to the range of techniques for gathering, preserving and presenting digital evidence.

Students will be introduced to the evolving terminology of computer crime and computer crime investigation through a critical examination of the evolution of investigative tools, the language of computer crime investigation and the role of computers in computer crime, including hacking, cracking, phishing, virus generation, computer misuse and mobile phone forensics.

The fundamentals of digital evidence, the challenges facing a digital investigator will be critically discussed.

Forensic Investigative Processes

A discussion on the principles of the investigative process in computer forensics, including; preservation of computer based evidence, evidential continuity, equipment identification and seizure, data collection, data analysis and presentation of findings in format admissible to court of law. Students are also taught the principles of mobile phone forensics and how it compares to normal computer forensics.

Legal Principles

An overview of the legal aspects and legislation that can be applied to computer forensics evidence. This will include consideration of the development of cases and arguments for the defence as well as for the prosecution. This subject will also include the legal expectations in the gathering, preservation and presentation of digital evidence so that it will be admissible in a court of law.

Particular Issues with Computer Crime

The topics in this area will introduce students to the type of computer crime that they are likely to be investigating in computer forensics;

including the examination of computer intrusions (hacks, cracks, viruses, worms, Trojans etc), computer and digital fraud and theft, online sexual offenders, cyberstalking and computer misuse.

Application of Forensic Science Principles to Computer Systems

Kruse, W.G. and Heiser, J. G. (2002) Computer Forensics: Incident Response Essentials, Addison Wesley

File System Forensic Analysis by Brian Carrier Addison Wesley ISBM 0-321-26817-2

Forensic Computing – A Practioner’s Guide Tony Sammes and Brian Jenkinson Springer ISBN 1-84628-397-3