The purpose of this module is provide learners with the essential skills for carrying out a Computer and Network Forensics Investigation. The steps include identifying, acquiring, examining, analysing and the presentation of digital evidence stored in computers, external hard drives, memory sticks and network storage devices. This evidence can be in the form of documents, images, emails, user profiles and log files. The module covers the need of law enforcement agencies, insurance companies, compliance officials, information security departments, lawyers, solicitors, auditors, courts, tribunals and private investigators to search for digital evidence hidden in various data storage devices. Discovery/ disclosure of data by securing and searching all data sources with the intent of using them as evidence in civil, corporate or criminal legal cases. Other aims of the module is to review software systems that are used to operate digital devices, including operating systems, file management systems and applications. To cover best practice in the forensics techniques of data identification and extraction using commercial and open-source forensics tool kits. To cover best practice in network traffic monitoring and network log analysis and reporting.
Overview
Introduction to digital forensics analysis, data storage procedures, data logging, different types of digital devices for storage, imaging techniques, data identification and removal techniques, investigative steps and techniques, ethics and legalities.
Hardware Systems
Hardware considerations; computer architecture, physics of different storage technologies, magnetic and solid-state storage media, partitioning and formatting, buffering, caching, data in ROM and RAM storage, alternative storage devices like photocopiers, sensors, video images, cameras, smart phones and devices.
Software Systems
Operating Systems and their tools; file systems and management, systems logs; Windows Vulnerabilities; Patching, service packs, UNIX Vulnerabilities; MAC Vulnerabilities; Spyware, Malware, buffer overflows, software vulnerabilities, SQL attacks, web browsers, interfaces and biometrics.
Forensics Methodology - Analysis
Analysis of different types of information that is stored, understanding formats for stored data, use of specialist tools, use of tools like FTK, EnCASE and Sleuth kit, manual review of media, windows registry, cracking passwords, keyword searches, email and image analysis, reporting – written/oral.
Network Forensics
Investigate the differences in forensics procedures for networking through the monitoring of network traffics, logging of incidents, analysis and reporting procedures. Networking covers both applications on the network as well as devices.
Investigative Procedures, Ethics and Law
How to gather data as a trail of evidence for legal prosecution, chain of custody, basic steps of Preparation (of the investigator), Collection (the data), Examination, Analysis and Reporting. Ethics in Digital Forensics Investigations. Legislation, Computer Crime and Data Protection Laws. Due process of the Law, Reporting Procedures and Forensics Expert Witness and Trial Process
Emerging New Technologies
Quantity of data for analysis, data mining techniques, diversity of devices like mobile phones, emerging smart devices and Cloud Computing.
Continuous Assessment
Practical work will involve using forensic software tools to analyse computer systems and digital devices to trace activity of hackers and malicious acts within the system. Students will work on case study material using directed and exploratory assignments with available toolkits like FTK, The Sleuth Kit, network miner, security onion and wireshark. Other open source toolkits will also be used to compare findings.
| Module Content & Assessment | |
|---|---|
| Assessment Breakdown | % |
| Other Assessment(s) | 100 |