COMP40800 Computer Forensics Foundations

Academic Year 2019/2020

This module introduces fundamental principles and techniques of computer forensics. Starting from an overview of logical reasoning and interpretation of evidence, the course discusses the role of digital investigator and teaches fundamental skills of the profession. The course participants will learn ways of writing forensic reports, techniques for performing basic Internet investigations and basic forensic analysis (including the use of write blocking, disk imaging, evidence searching, applying hash libraries of known good & known bad files, file carving, systematic exploration of the file system & Windows registry, exploration of internet usage history and some other well known forensic artefacts in Windows operating systems, etc). The ideas and techniques of this module are illustrated using simulated evidential data. The course culminates in the inidividual investigation project, where the students are required to perform a complete digital forensic examination of a simulated crime case.

Given the prevalence of Microsoft Windows in corporate environment, Windows forensics is used as a vehicle for introducing the discipline of digital forensics. Where necessary, elements of Android forensics are also discussed.

The module primarily relies on open source forensic tools. Autopsy forensic brower serves as the primary forensic IDE with other tools (FTK Imager, FTK Registry editor, Paladin, .XRY, Santoku Linux, Paladin Forensics Suite, EnCase 7, Internet Evidence Finder, among others) introduced as necessary. Digital Forensic Prolog (http://dfire.ucd.ie/?p=1478) and Python are introduced as scripting languages for forensics.

Optional reading:

1. Eoghan Casey, Digital Evidence and Computer Crime, 3rd Edition.
2. Anderson, Schum & Twinnig, Analysis of Evidence.
3. Harlan Carvey, Windows Forensic Analysis Toolkit, latest edition.
4. Brian Carrier, File System Forensic Analysis.
5. Bruice Nikkel, Practical Forensic Imaging: Securing Digital Evidence with Linux Tools.
6. Robert Jones, Internet Forensics.
7. Samuel Guttenplan, The Languages of Logic.
8. Darrel P. Rowbottom. Probability.
9. Learn Prolog Now! (http://www.learnprolognow.org/lpnpage.php?pageid=online)

Show/hide contentOpenClose All

Curricular information is subject to change

Learning Outcomes:

By the end of this module students should be able to perform basic tasks of computer forensic analysis and write forensic reports. More specifically, the students will be able to:

* Analyse logical inferences performed using basic infrernce rules of sentential logic (Modus Ponens, Modus Tollens)
* Perform investigations utilising open source information from the Intenet.
* Write forensic reports.
* Manually interpret hexadecimal data dumps according to specified data format.
* Manually interpret forensic artifacts (including hexadecimal data dumps) from Microsoft FAT file system metadata.
* Interpret common forensic artifacts from Microsoft Windows registy and file system (W7-W10)
* Use Autopsy forensic browser and related tools to perform forensic examination of a Windows PC
* Automate forensic processing using scripting.

Student Effort Hours: 
Student Effort Type Hours
Lectures

24
Practical

24
Autonomous Student Learning

202
Total

250
Approaches to Teaching and Learning:
Not yet recorded 
Requirements, Exclusions and Recommendations

Not applicable to this module.


Module Requisites and Incompatibles
Not applicable to this module.
 
Assessment Strategy  
Description Timing Open Book Exam Component Scale Must Pass Component % of Final Grade
Assignment: End of the week short assignments. Throughout the Trimester n/a Graded No

12
Project: Investigation project (submitter in Semester 2) Unspecified n/a Graded No

28
Examination: Ent of term written examination 2 hour End of Trimester Exam Not specified Graded No

60

Carry forward of passed components
Not yet recorded
 

Not yet recorded
Please see Student Jargon Buster for more information about remediation types and timing. 
Not yet recorded
Name Role
Mr Andy Harbison Lecturer / Co-Lecturer
Ms Margery Hilko Tutor