Module: CYS4001-20 Digital Forensics

Level: 4

Credit Value: 20

Module Tutor: John Curry

Module Tutor Contact Details: j.curry@bathspa.ac.uk

1. Brief description and aims of module:

Digital forensics concerns techniques for recovering and analysing material found on computing devices. Often leveraged to investigate instances of cyber crime but also network intrusion and other forms of legal dispute, the field has in recent years gained significant relevance for both the private and public sector. Having a good understanding of the methods, objectives and limitations of digital forensics is essential for cyber security practitioners. As well as helping to identify malicious activity, forensic work supports fortification of business IT policies, and with it, mitigation of future cyber attacks.

This module covers the fundamentals of digital forensics, beginning with what it is and what it’s used for. We go on to examine a number of investigative tools and key techniques for collecting and analysing data from digital devices, as well as the human intuition that must be employed to identify evidence and draw conclusions from it. During this, you may be surprised by the type of scope of information that may be retrieved about a user’s specific activity, and more generally, their digital footprint. The module is structured to engage the five stages of digital forensics - identification, preservation, collection, analysis and reporting. These steps are engaged as necessary with reference to the laws and regulations that govern the field.

2. Outline syllabus:

The origins of digital forensics

The utility of digital forensics and role of investigators

The digital forensics process: identification, preservation, collection, analysis and reporting

Key tools for digital forensics (open source and commercial)

Evidence handling

Laws, regulation and rules of evidence

3. Teaching and learning activities:

Teaching and learning activities

Class Hours

Lectures and seminars discuss key concepts in digital forensics, supported by relevant case study materials. Workshops introduce key tools for digital forensics and examine their application in varying investigative scenarios.

Independent Learning

You are expected to conduct readings and digital forensics tasks set by tutors outside of class hours. As digital forensics is a scientific process, albeit one that is backed up by human intuition, it is important to engage set exercises to become familiar with methods of ensuring integrity of evidence.

Assessment Item 1:

• Assessment Type: CW

• Description: Digital Forensics Set Exercises

• % Weighting: 40%

Assessment Item 2:

• Assessment Type: CW

• Description: Forensic Investigation (2400 words)

• % Weighting: 60%