Requisites: Pre-requisite: [Module CSN08111] Digital Forensics

The aim of the module is to investigate the principles of operating systems and how they hinder or support forensic investigation. The module includes significant practical sessions in applying computer forensics in realistic real-world scenarios, allowing students to analyse and evaluate digital evidence through the use of forensic tools and techniques. The practicals will be complemented with considerable theoretical knowledge of operating system information as digital evidence, and the basic techniques associated with gathering, preserving and presenting digital evidence. Outlines of the main areas include:? Introduction to common operating systems such as Windows, Linux, Android? Forensic artefacts specific to the operating system and their role as digital evidence (for example, the Windows registry).? Exploration of user data areas, directories and files.

Upon completion of this module you will be able to

LO1: Critically evaluate operating system artefacts relating to user behaviour as digital evidence in forensic investigation.

LO2: Critically reflect on the tools and techniques used in digital forensic investigations.

LO3: Conduct a digital forensics investigation and critically evaluate and reflect on digital evidence gathered for the investigation in an ethical and professional manner.