Core Module Information
Module title: Host-Based Forensics

SCQF level: 11:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: CSN11125
Module leader: Robert Ludwiniak
School School of Computing, Engineering and the Built Environment
Subject area group: Cyber Security and Systems Engineering
Prerequisites

N/A

Description of module content:

This module will cover elements of operating system disk-level architectures, such as Windows and Linux. This will allow students to study how operating systems store system and user data, and thus students will gain an understanding as to what information could technically be held on such systems. This data could include user files, as well as user activities such as login session data, browsing histories, operating system manipulation, and general user interactions with a variety of operating system tools. This understanding will be expanded through theoretical knowledge and practical exercises in extracting information from systems, using a variety of open source and commercial forensic analysis tools, and documenting the results of such a process using consistent and thorough evidential procedures. This includes the production of event timelines, as well as the analysis of system logs, operating system state, file systems, and application data. The module will also consider the ethical and professional issues related to digital forensics.

Learning Outcomes for module:

On completion of this module, students will be able to:

LO1: Develop the analytical and practical skills needed to access, process, and manipulate disk-based user and operating system data using standard operating system commands.

LO2: Identify and evaluate the key transient and persistent information which may be held in operating system disk images.

LO3: Develop analytical skills related to the academic principles and practical skills required to analyse a range of end host devices using current forensic tools and techniques.

LO4: Research, design, implement, evaluate and critically analyse end host devices as part of a complex forensic investigation.

Full Details of Teaching and Assessment
2023/4, Trimester 1, FACE-TO-FACE, Edinburgh Napier University
VIEW FULL DETAILS
Occurrence: 001
Primary mode of delivery: FACE-TO-FACE
Location of delivery: MERCHISTON
Partner: Edinburgh Napier University
Member of staff responsible for delivering module: Jill Leggatt
Module Organiser:


Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Practical classes and workshops 24
Independent Learning Guided independent study 152
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Class Test 30 1,2 7 HOURS= 01.50, WORDS= 0
Practical Skills Assessment 40 3,4 13 HOURS= 2, WORDS= 0
Report 30 3,4 15 HOURS= 0, WORDS= 2000
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Indicative References and Reading List - URL:
Contact your module leader