IY2U508 - Forensic Digital Evidence 01 Sep 2024 - 31 Aug 2029 | Version 1

Associated Module Information

Module Code: IY2U508
Module Title: Forensic Digital Evidence
Faculty: Faculty of Computing, Engineering and Science
Faculty Group: Computing and Mathematics
Faculty Sub Group: Cyber Security
Module Leader: Peter Eden
Module Team: Beth Jenkins, Rachael Medhurst, Emma Derbi, Andrew Bellamy, Madhu Khurana, Richard Ward, Arun Kumar, Joshua Richards, Nisha Rawindaran, Amar Seeam, Sharan Johnstone
First Intended Intake: SEP 2024 Final Year of Intake: 2028
Date Closed:
Credit Value: 30 Credit Level: 5
Language: English
Percentage of Module Taught in Welsh: 0
Equivalent Module:
HECOS codes: 100385 - computer forensics
HECOS Code Weighting: 100

Document Version Information

Version 1
Valid From 01 Sep 2024
Valid To 31 Aug 2029

Module Aims

To provide knowledge of the tools and techniques associated with computer forensics

To develop the students ability to apply computer forensics principles to a range of problems

Content Summary

Digital forensics analysis tools
Forensic case creation and evidence validation Application Forensics:
Web browsers

URL history form data temporary files downloaded files cookies

Windows registry

Operating System Analysis: Storage Forensics
Data abstraction layers physical media
block device file system
application artifacts

Data Acquisition

logical data acquisition block-level acquisition cryptographic hashes

encryption concerns

technical challenges
Encrypted file analysis techniques

Filesystem Analysis (Windows/Linux/MAC)

Blocks Files Filesystems
File metadata analysis

Block device analysis

Partitions Logical Volumes

Data recovery & File content Carving

carving techniques fragmentation slack space

Artifact Analysis

cryptographic hashing block-level analysis
Evidence identification and analysis

Learning and Teaching Methods

Activity Type Hours
Lecture 24
Tutorial 48
Independent Study 118
Directed Study 110
Total Hours Selected 300

Learning Outcomes

# Learning Outcome
LO1 To demonstrate the correct usage and the features of a standard forensic analysis tool.
LO2 To identify, analyse and extract a wide range of computer forensic artefacts found in Windows, MAC and Linux operating systems and file systems.

Module Requisites

N/A

Assessment Criteria

Assessment Category Assessment Type Description Duration Word Count Weight (%) Best of? Pass Mark
Synchronous Onsite Practical Assessment Practical Test 2 A practical test, carried out in the laboratory regarding the forensic analysis of a Windows system 90 2000 60 No 40
Synchronous Onsite Practical Assessment Practical Test 1 A practical test, carried out in the laboratory regarding the forensic analysis of a Macintosh system 60 2000 40 No 40

Assessment Matrix

Assessment Type Learning Outcomes
LO1 LO2
Practical Test 2
Practical Test 1

Reading List

https://rl.talis.com/3/southwales/lists/0E56B762-582B-1BFD-AEE7-F452290796D7.html?lang=en