Core Module Information
Module title: Host-Based Forensics

SCQF level: 11:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: CSN11625
Module leader: Nick Pitropakis
School School of Computing, Engineering and the Built Environment
Subject area group: Cyber Security and Systems Engineering
Prerequisites

N/A

Description of module content:

This module will cover elements of operating system disk-level architectures, such as Windows and Linux. This will allow students to study how operating systems store system and user data, and thus students will gain an understanding as to what information could technically be held on such systems. This data could include user files, as well as user activities such as login session data, browsing histories, operating system manipulation, and general user interactions with a variety of operating system tools. This understanding will be expanded through theoretical knowledge and practical exercises in extracting information from systems, using a variety of open source and commercial forensic analysis tools, and documenting the results of such a process using consistent and thorough evidential procedures. This includes the production of event timelines, as well as the analysis of system logs, operating system state, file systems, and application data. The module will also consider the ethical and professional issues related to digital forensics.

Learning Outcomes for module:

On completion of this module, students will be able to:

LO1: Develop the analytical and practical skills needed to access, process, and manipulate disk-based user and operating system data using standard operating system commands.

LO2: Identify and evaluate the key transient and persistent information which may be held in operating system disk images.

LO3: Develop techniques related to the academic principles, ethics, sound forensic methods, and practical skills required to analyse a range of end host devices using current forensic tools and techniques.

LO4: Research, evaluate and critically analyse end host devices as part of a complex forensic investigation.

Full Details of Teaching and Assessment

Indicative References and Reading List - URL:
Contact your module leader