Module Details
Module Code: |
DIGT |
Module Title:
|
Digital Forensics
|
Title:
|
Digital Forensics
|
Module Level:: |
8 |
Module Coordinator: |
Nigel Whyte
|
Module Author:: |
James Egan
|
Module Description: |
To provide learners with a high level of expertise in the forensic analysis of digital systems and acquisition of data as part of a forensic investigation.
|
Learning Outcomes |
On successful completion of this module the learner will be able to: |
# |
Learning Outcome Description |
LO1 |
Summarise the steps involved in a digital forensic examination. |
LO2 |
Skilfully demonstrate forensic analysis of digital systems and data storage devices. |
LO3 |
Securely acquire data and preserve the integrity of data from a range of sources. |
LO4 |
Analyse and present findings from an electronic discovery process. |
Dependencies |
Module Recommendations
This is prior learning (or a practical skill) that is recommended before enrolment in this module.
|
No recommendations listed |
Co-requisite Modules
|
No Co-requisite modules listed |
Additional Requisite Information
|
No Co Requisites listed
|
Indicative Content |
Forensic Science
Areas and domains of forensic science. The role of computer forensics and incident response process. The principles of computer based electronic evidence, control of a crime scene.
|
Ethics
Ethical responsibilities of studying computer forensics, data and computer law. New developments in digital crimes based on the latest technology. Professional guidelines, best practice and policies.
|
File Systems
Detailed analysis of common file systems including FAT family, NTFS, exFAT, ext2, ext3, ext4 and HFS (Mac). Disk structures (traditional and SSD), inodes, metadata and analysis of Windows Registry.
|
Acquiring Forensic Evidence
Investigative plans and forensic workstations set up for investigation. Quality assured processes for retrieving potential evidence. Electronic discovery process and IT forensic support.
|
Data Acquisition
Tools and techniques available to acquire data on computer systems. Full volume images, partial volume images and image capture tools. Recovering deleted data, erased data and volatile data.
|
Network and Internet Forensics
Using network logs to collect evidence of a network intrusion incident or a crime. Internet browser forensics and email forensic investigations, popular internet/email forensic tools.
|
Mobile and Other Device Forensics
Extraction and analysis of static data from smartphones, tablets, USB sticks and dynamic/volatile dada from other sensor/node devices. Analysis of data using hash tools.
|
Forensic Analysis
Analysing captured data using tools. Timelines using log2timeline, hash analysis using md5deep, volatile data using Volatility, network data using Wireshark, file carving using Scalpel.
|
Counter Forensics
Detection of tampered, altered, destroyed and/or deleted files and logs. Trace evidence, disk level analysis and manipulation tools such as timestomp.
|
Types of Evidence
Chain of custody, evidence identification, evidence preservation, evidence analysis, evidence communication and presentation.
|
Software and Tools
Analysis of computer forensic tools and applications, not exclusive to the following list, Encase, SANS Investigative Forensic Toolkit (SIFT), TSK and Autopsy and Oxygen Forensics Suite.
|
Module Content & Assessment
|
Assessment Breakdown | % |
Continuous Assessment | 20.00% |
Practical | 40.00% |
End of Module Formal Examination | 40.00% |
AssessmentsFull Time
End of Module Formal Examination |
|
Reassessment Requirement |
Repeat examination
Reassessment of this module will consist of a repeat examination. It is possible that there will also be a requirement to be reassessed in a coursework element.
|
SETU Carlow Campus reserves the right to alter the nature and timings of assessment
Module Workload
Workload: Full Time |
Workload Type |
Workload Category |
Contact Type |
Workload Description |
Frequency |
Average Weekly Learner Workload |
Hours |
Laboratory |
|
Contact |
No Description |
12 Weeks per Stage |
4.00 |
48 |
Lecture |
|
Contact |
No Description |
12 Weeks per Stage |
2.00 |
24 |
Independent Learning |
|
Non Contact |
No Description |
15 Weeks per Stage |
11.87 |
178 |
Total Weekly Contact Hours |
6.00 |
Module Resources
|
Recommended Book Resources |
---|
-
Bill Nelson,Amelia Phillips,Christopher Steuart. (2019), Guide to Computer Forensics and Investigations, 6th. Cengage, [ISBN: 1-337-56894-5].
| Supplementary Article/Paper Resources |
---|
-
SANS. SANS Forensics Whitepapers,
| Other Resources |
---|
-
SIFT Workstation,
-
TSK and Autopsy,
|
|