There are no pre-requisites for this module to be added

This module will cover elements of operating system disk-level architectures, such as Windows and Linux. This will allow students to study how operating systems store system and user data, and thus students will gain an understanding as to what information could technically be held on such systems. This data could include user files, as well as user activities such as login session data, browsing histories, operating system manipulation, and general user interactions with a variety of operating system tools. This understanding will be expanded through theoretical knowledge and practical exercises in extracting information from systems, using a variety of open source and commercial forensic analysis tools, and documenting the results of such a process using consistent and thorough evidential procedures. This includes the production of event timelines, as well as the analysis of system logs, operating system state, file systems, and application data. The module will also consider the ethical and professional issues related to digital forensics.

Upon completion of this module you will be able to

LO1: Develop the analytical and practical skills needed to access, process, and manipulate disk-based user and operating system data using standard operating system commands.

LO2: Identify and evaluate the key transient and persistent information which may be held in operating system disk images.

LO3: Develop analytical skills related to the academic principles and practical skills required to analyse a range of end host devices using current forensic tools and techniques.

LO4: Research, design, implement, evaluate and critically analyse end host devices as part of a complex forensic investigation.