Module title: O S Forensics

SCQF level: 09:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: CSN09111
Module leader: Robert Ludwiniak
School School of Computing
Subject area group: Computer Systems
Prerequisites

Module CSN08111- Digital forensics

2018/9, Trimester 1, Face-to-Face, Edinburgh Napier University
Occurrence: 001
Primary mode of delivery: Face-to-Face
Location of delivery: MERCHISTON
Partner: Edinburgh Napier University
Member of staff responsible for delivering module: Robert Ludwiniak
Module Organiser:


Learning, Teaching and Assessment (LTA) Approach:
Learning and Teaching Methods Including Their Alignment to LOs
The general approach in this module is to make use of lectures to cover theoretical and practical forensic issues related to operating systems, and use practical sessions to analyse and evaluate computer forensic scenarios using tools and current industry practice. These practical lab-based sessions will concentrate on the use of computer forensics tools in the analysis of case studies [LO3 and 4], allowing students to gain an understanding of forensic investigation techniques [LO2]. Where appropriate, expert guest lectures and topical current real-world examples will be used. The theoretical material in lectures will be applied by students within the practical sessions, and reinforced through analysis and discussions activities [LO1, 2, 4].
Assessment (formative or summative)
Short answer class test [40%]: Class test relates to the fundamental material covered by the core academic material [LO1, LO2], as well as an understanding of current forensic literature [LO4].
Report [60%]: Coursework relates to the forensic investigation of a given scenario. Students will be required to perform a forensic investigation and analyse their findings [LO2. LO3, LO4].



Formative Assessment:
The University is currently undertaking work to improve the quality of information provided on methods of assessment and feedback. Please refer to the section on Learning and Teaching Approaches above for further information about this module’s learning, teaching and assessment practices, including formative and summative approaches.

Summative Assessment:
The University is currently undertaking work to improve the quality of information provided on methods of assessment and feedback. Please refer to the section on Learning and Teaching Approaches above for further information about this module’s learning, teaching and assessment practices, including formative and summative approaches.

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Practical classes and workshops 24
Independent Learning Guided independent study 152
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Practical Skills Assessment 40 1,2,4 10 HOURS= 40, WORDS= 0
Report 60 2,3,4 13 HOURS= 0, WORDS= 4000
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Description of module content:

The aim of the module is to investigate the principles of operating systems and how they hinder or support forensic investigation. The module includes significant practical sessions in applying computer forensics in realistic real-world scenarios, allowing students to analyse and evaluate digital evidence through the use of forensic tools and techniques. The tools examined will include both public domain tools as well as commercial offerings. The practicals will be complemented with considerable theoretical knowledge of operating system information as digital evidence, and the basic techniques associated with gathering, preserving and presenting digital evidence. Outlines of the main areas include:

? Introduction to desktop operating systems such as Windows, Mac, Linux
? Introduction to mobile phone evolution, the growth of Smartphone and tablet platforms and operating systems
? User data area, directories and files
? Forensic artefacts specific to the operating system and their role as digital evidence
? Web browser information and password recovery
? Introduction to anti-forensic methods and tools.

Learning Outcomes for module:

On completion of this module you will be able to:

LO1: Critically analyse and evaluate operating system artefacts as digital evidence in forensic investigation

LO2: Critically reflect techniques and tools used in computer forensic investigation

LO3: Conduct a computer forensic investigation in an ethical and professional manner

LO4: Critically reflect on relevant computer forensic literature and quality information sources.

Indicative References and Reading List - URL:

Core - HARLAN CARVEY (2012) WINDOWS FORENSIC ANALYSIS TOOLKIT: SYNGRESS, 3rd ed.
Core - RYAN KUBASIAK (2008) MAC OS X, IPOD, AND IPHONE FORENSIC ANALYSIS DVD TOOLKIT: SYNGRESS ; ELSEVIER SCIENCE, 1st ed. - ISBN: 9781597492973
Core - ANDREW HOOG (2011) ANDROID FORENSICS: INVESTIGATION, ANALYSIS AND MOBILE SECURITY FOR GOOGLE ANDROID: ELSEVIER, 1st ed.
Core - STEVE BANTING (2012) ENCASE COMPUTER FORENSICS -- THE OFFICIAL ENCE: ENCASE CERTIFIED EXAMINER STUDY GUIDE: GUIDANCE SOFTWARE, 3rd ed.
Click here to view the LibrarySearch.