Module overview
We will study the tools and techniques used in digital forensics and its relevance to incident responses and criminal investigations. This will include: Network Traffic, Disk and Memory Forensics, Hardware Architectures, Forensics frameworks, Attributions.
Linked modules
prerequisites: COMP2216 or COMP6224
Aims and Objectives
Learning Outcomes
Subject Specific Intellectual and Research Skills
Having successfully completed this module you will be able to:
- Develop new tools for Digital Forensics
- Analyse the internals of attacks and malware
Knowledge and Understanding
Having successfully completed this module, you will be able to demonstrate knowledge and understanding of:
- Hardware and OS Internals
- Digital Forensics methods and tools
Subject Specific Practical Skills
Having successfully completed this module you will be able to:
- Formulate a response to attack incidents
- Perform behavioural analysis on malware
Syllabus
- Introduction to Digital Forensics
- The investigation process
- Legal aspects in forensics
- Data and evidence collection
- Creating and analysing disk images
- Memory forensics
- Windows OS forensics
- Linux OS forensics
- Network forensics
- Digital investigation process models (general steps)
- Digital investigation process models (Examples of Models)
- Attacks’ Modus Operandi and Motivations (with a case study)
- Attribution of Attacks (with two case studies)
Learning and Teaching
Teaching and learning methods
Lectures and lab-based tutorials
| Type | Hours |
|---|---|
| Lecture | 24 |
| Revision | 10 |
| Practical | 12 |
| Preparation for scheduled sessions | 10 |
| Follow-up work | 10 |
| Wider reading or practice | 24 |
| Completion of assessment task | 60 |
| Total study time | 150 |
Resources & Reading list
Journal Articles
Emmanuel S. Pilli, R. C. Joshi, Rajdeep Niyogi (2010). Network forensic frameworks: Survey and research challenges. Digital Investigation, 7(1-2), pp. 14-27.
Erisa Karafili, Linna Wang, Emil C. Lupu (2020). An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks. Forensic Science International: Digital Investigation, 32(Supplement), pp. 300925.
Nicole Beebe (2009). Digital Forensic Research: The Good, the Bad and the Unaddressed. IFIP International Conference on Digital Forensics, 306, pp. 17-36.
Textbooks
Eoghan Casey (2011). Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. Academic Press.
Sherri Davidoff and Jonathan Ham (2012). Network Forensics: Tracking Hackers through Cyberspace. Pearson.
Assessment
Summative
This is how we’ll formally assess what you have learned in this module.
| Method | Percentage contribution |
|---|---|
| Examination | 60% |
| Coursework | 40% |
Referral
This is how we’ll assess you if you don’t meet the criteria to pass this module.
| Method | Percentage contribution |
|---|---|
| Examination | 100% |
Repeat
An internal repeat is where you take all of your modules again, including any you passed. An external repeat is where you only re-take the modules you failed.
| Method | Percentage contribution |
|---|---|
| Examination | 100% |
Repeat Information
Repeat type: Internal & External