Digital Forensics

Module overview

We will study the tools and techniques used in digital forensics and its relevance to incident responses and criminal investigations. This will include: Network Traffic, Disk and Memory Forensics, Hardware Architectures, Forensics frameworks, Attributions.

Linked modules

prerequisites: COMP2216 or COMP6224

Aims and Objectives

Learning Outcomes

Knowledge and Understanding

Having successfully completed this module, you will be able to demonstrate knowledge and understanding of:

Digital Forensics methods and tools
Hardware and OS Internals

Subject Specific Practical Skills

Having successfully completed this module you will be able to:

Perform behavioural analysis on malware
Formulate a response to attack incidents

Subject Specific Intellectual and Research Skills

Having successfully completed this module you will be able to:

Develop new tools for Digital Forensics
Analyse the internals of attacks and malware

Learning and Teaching

Teaching and learning methods

Lectures and lab-based tutorials

Study time
Type	Hours
Practical	12
Lecture	24
Wider reading or practice	24
Follow-up work	10
Preparation for scheduled sessions	10
Revision	10
Completion of assessment task	60
Total study time	150

Resources & Reading list

Journal Articles

Emmanuel S. Pilli, R. C. Joshi, Rajdeep Niyogi (2010). Network forensic frameworks: Survey and research challenges. Digital Investigation, 7(1-2), pp. 14-27.

Erisa Karafili, Linna Wang, Emil C. Lupu (2020). An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks. Forensic Science International: Digital Investigation, 32(Supplement), pp. 300925.

Nicole Beebe (2009). Digital Forensic Research: The Good, the Bad and the Unaddressed. IFIP International Conference on Digital Forensics, 306, pp. 17-36.

Textbooks

Sherri Davidoff and Jonathan Ham (2012). Network Forensics: Tracking Hackers through Cyberspace. Pearson.

Eoghan Casey (2011). Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet. Academic Press.

Assessment

Summative

This is how we’ll formally assess what you have learned in this module.

Breakdown
Method	Percentage contribution
Examination	60%
Coursework	40%

Referral

This is how we’ll assess you if you don’t meet the criteria to pass this module.

Breakdown
Method	Percentage contribution
Examination	100%

Repeat

An internal repeat is where you take all of your modules again, including any you passed. An external repeat is where you only re-take the modules you failed.

Breakdown
Method	Percentage contribution
Examination	100%

Repeat Information

Repeat type: Internal & External