IY2U508 - Forensic Digital Evidence 01 Sep 2024 - 31 Aug 2029 | Version 1
Associated Module Information
| Module Code: | IY2U508 | ||
|---|---|---|---|
| Module Title: | Forensic Digital Evidence | ||
| Faculty: | Faculty of Computing, Engineering and Science | ||
| Faculty Group: | Computing and Mathematics | ||
| Faculty Sub Group: | Cyber Security | ||
| Module Leader: | Peter Eden | ||
| Module Team: | Beth Jenkins, Rachael Medhurst, Emma Derbi, Andrew Bellamy, Madhu Khurana, Richard Ward, Arun Kumar, Joshua Richards, Nisha Rawindaran, Amar Seeam, Sharan Johnstone | ||
| First Intended Intake: | SEP 2024 | Final Year of Intake: | 2028 |
| Date Closed: | |||
| Credit Value: | 30 | Credit Level: | 5 |
| Language: | English | ||
| Percentage of Module Taught in Welsh: | 0 | ||
| Equivalent Module: | |||
| HECOS codes: | 100385 - computer forensics | ||
| HECOS Code Weighting: | 100 | ||
Document Version Information
| Version | 1 |
|---|---|
| Valid From | 01 Sep 2024 |
| Valid To | 31 Aug 2029 |
Module Aims
To provide knowledge of the tools and techniques associated with computer forensics
To develop the students ability to apply computer forensics principles to a range of problems
Content Summary
Digital forensics analysis tools
Forensic case creation and evidence validation Application Forensics:
Web browsers
URL history form data temporary files downloaded files cookies
Windows registry
Operating System Analysis: Storage Forensics
Data abstraction layers physical media
block device file system
application artifacts
Data Acquisition
logical data acquisition block-level acquisition cryptographic hashes
encryption concerns
technical challenges
Encrypted file analysis techniques
Filesystem Analysis (Windows/Linux/MAC)
Blocks Files Filesystems
File metadata analysis
Block device analysis
Partitions Logical Volumes
Data recovery & File content Carving
carving techniques fragmentation slack space
Artifact Analysis
cryptographic hashing block-level analysis
Evidence identification and analysis
Learning and Teaching Methods
| Activity Type | Hours |
|---|---|
| Lecture | 24 |
| Tutorial | 48 |
| Independent Study | 118 |
| Directed Study | 110 |
| Total Hours Selected | 300 |
Learning Outcomes
| # | Learning Outcome |
|---|---|
| LO1 | To demonstrate the correct usage and the features of a standard forensic analysis tool. |
| LO2 | To identify, analyse and extract a wide range of computer forensic artefacts found in Windows, MAC and Linux operating systems and file systems. |
Module Requisites
N/A
Assessment Criteria
| Assessment Category | Assessment Type | Description | Duration | Word Count | Weight (%) | Best of? | Pass Mark |
|---|---|---|---|---|---|---|---|
| Synchronous Onsite Practical Assessment | Practical Test 2 | A practical test, carried out in the laboratory regarding the forensic analysis of a Windows system | 90 | 2000 | 60 | No | 40 |
| Synchronous Onsite Practical Assessment | Practical Test 1 | A practical test, carried out in the laboratory regarding the forensic analysis of a Macintosh system | 60 | 2000 | 40 | No | 40 |
Assessment Matrix
| Assessment Type | Learning Outcomes | ||
|---|---|---|---|
| LO1 | LO2 | ||
| Practical Test 2 | ✔ | ✔ | |
| Practical Test 1 | ✔ | ✔ | |