Return to homepage Skip to navigation Skip to site search Skip to main content Skip to footer

Module Catalogue

SCQF Level: 08  

Module Code: CMP209

Credit Value: 20  

Year: 2017/8

Term: Term 2

School: School of Arts, Media and Games

Description

This module examines the basic technology and techniques used to investigate cybercrime. A systematic approach to planning and implementing a comprehensive computer forensic investigation is introduced with a particular focus on evidence collection and the reconstruction of events therefrom.

Aims

The aim of this Module is to provide the student with the ability to carry out computer forensic investigations and appraise forensic software with a view to develop appropriate investigation strategies in the light of emerging digital technologies.

Learning Outcomes

By the end of this module the student should be able to:

1.  Understand the principles of computer forensic investigation with regard to the legal definitions of computer misuse.

2.  Devise an appropriate professional level plan for a forensic investigation and carry out this plan within a context of a specific scenario.

3.  Analyse and evaluate the results of a computer forensic investigation.

4.  

5.  

6.  

Indicative Content

1 Computer Crime

Types of computer crime; legislation concerning computer crime.

2 Use of Linux as an investigative environment

Familiarisation with the command-line interface

3 File Systems as a source of forensic evidence

Structure of NTFS, FAT, FAT32, and Linux file systems.

4 Data Acquisition

Procedures for acquiring disk images; collection of evidence from crime scenes, integrity of evidence, write blockers

5 Computer Forensics Tools

Command line tools; Linux tools; Windows tools.

6 Computer Forensic Analysis

Digital forensic toolkits; data hiding techniques; anti-forensics

7 Internet History and Email

Identifying email and browser-derived evidence; examining email headers; using specialist email forensic tools; examining browser histories and cookies.

8 Working with MS-Windows Systems

File system; investigation of the Registry; recovering deleted files; working with forensic boot disks.

9 Computer Forensics Analysis

Methodologies for forensic analysis of systems and the assessment of results. Memory forensics

10 Reporting Results of Investigations

Importance of reports; time-lines; designing the layout of a report.

Statement on Teaching, Learning and Assessment

The module is delivered as a series of lectures covering the topics associated with computer forensic investigations. The practical activities provide experience in the use of forensic software and finding evidence about user activity on MS Windows based PCs. Lectures occupy 12 of 24 hours class contact. The remainder, 50%, is lab or tutorial work of an experimental or investigative nature. Class contact time comprises lectures, tutorials/seminars and supervised laboratory work, amounting to 16% of the module time. The remainder, 84%, is independent study or assessment. A purpose-built and regularly-updated module website is used to provide links to lecture notes, laboratory tasks, assessment briefs, operational matters, and external information. Student project or lab work and student-suggested links are incorporated as and when appropriate.

Teaching and Learning Work Loads

Total 200
Lecture 12
Tutorial/Seminar 0
Supervised Practical Activity 39
Unsupervised Practical Activity 0
Assessment 60
Independent 89

Back


Guidance notes:

Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.

Disclaimer: We make every effort to ensure that the information on our website is accurate but it is possible that some changes may occur prior to the academic year of entry. The modules listed in this catalogue are offered subject to availability during academic year 2017/18 , and may be subject to change for future years.

Top