You will cover the ways in which data is generated, stored, and transmitted in a number of settings including desktop and mobile environments as well as networks. Preserving the integrity of such evidence also in the presence of malware or explicit counter-forensic mechanisms as well as means for discovering the presence of such mechanisms is also covered explicitly.
Topics covered
- Introduction
- Storage forensics
- Host forensics
- Selected aspects of network forensics
- Malware forensics
- Mobile device forensics
- Steganography (not examinable)
- Forensic analysis of embedded device
Learning outcomes
If you complete the module successfully, you should be able to:
- have an understanding of audit and indirect dynamic activity records retained by operating systems, particularly in file systems.
- understand selected network protocols, collection and derivation of evidence allowing reconstruction of activities.
- be able to identify and apply sound forensic practices.
- be able to identify and counter obfuscation and counter-forensic techniques.
- have in-depth insight on retention characteristics of storage systems for desktop, mobile, and non-standard computing systems.
Assessment
This module is assessed by a two-hour unseen written examination.
Essential reading
- C. Altheide, H. Carvey: Digital Forensics with Open Source Tools, Syngress (2011)
- E. Casey: Digital Evidence and Computer Crime, 3rd ed. Academic Press (2011)