Computer Forensics

Overview

Computers have now long been established as tools for everyday life, evolving in their capabilities and services they offer. Coupling this with readily available high-speed internet connections, acquisition and dissemination of data has exploded with obvious implications for IT-related investigations. Computer forensic investigations play a key role in cases ranging from corporate intellectual property theft, employee computer misuse to criminal cases of indecent images, theft and fraud.
Topics covered in this module include:

• Search and Seizure/Acquisition
• Volatile/non-volatile memory
• File systems (FAT, NTFS, HFS, XFS)
• File Structures (Metadata)
• Computer forensic tools (software and hardware)
• File Hashing
• Methodology and good practise

Learning Objectives

On completion of this module, a student will have achieved the following learning outcomes, commensurate with module classification:

• Undertake forensic analysis of computers and digital media
• Professional understanding of how to work in a forensically-sound manner
• Systematic understanding of how to isolate and acquire and extract data from digital media
• Critical awareness of why and how to preserve original digital information

Skills

Successful participation in this module will enable students to develop skills in the following areas:

• Good cyber security practice in the specification, design, implementation, evaluation and maintenance of security solutions.
• Retrieve information independently, from a variety of sources and by a variety of techniques.
• Manage one’s own learning and development including time management and organisational skills.
• Ability to critically evaluate a given system design, and identify significant vulnerabilities, risks, and points at which specific cyber security methods and technologies should be employed.
• Effectively use of tools for development and testing of cyber secure systems.
• Articulate and effectively communicate the design and technological rationale for a given cyber security component or design through appropriate technical reports and presentations.

Assessment

None