Description
This module will look at the forensic investigation of computer (e.g. TCP/IP) and the challenges facing analysts when investigating mobile devices and network traffic. Starting with an understanding of the underlying communications technologies, the module will develop a comprehensive, systematic approach to the discovery and examination of evidence from both end-user devices (e.g. phones, tablets etc.) and the networking infrastructure itself.
Aims
The aim of this module is to provide the student with an understanding of the sources of evidence associated with the use of mobile phone and network technologies. It will focus on how to recover, analyse and present that evidence in a forensically sound manner.
Learning Outcomes
By the end of this module the student should be able to:
1. Critically appraise a computer forensic investigation involving evidence from mobile and network sources with respect to the legal definitions of computer misuse.
2. Devise an appropriate professional level plan for such a network forensic investigation and carry out this plan within a context of a specific scenario using appropriate digital forensic tools.
3. Critically analyse and evaluate the results of a mobile and network based digital forensic investigation.
4. Critically analyse the challenges faced by investigators with respect to forensic investigations involving mobile devices.
Indicative Content
1 Mobile Phone technologies and networks
How do mobile/wireless networks work? What are the implications for their forensic investigation?
2 Principles and limitations of mobile operation
GSM based networks, GPRS, 3rd/4th generation, UMTS networks, Data carrying capabilities and user access methods.
3 Forensic analysis of end-user devices
The theory of acquisition of evidence from end-user devices (e.g. phones, tablets, etc.) Phone, SIM and memory data, use of tools to extract data, SMS
4 Cellsite Analysis
Data stored within the network. Mobile trail. Location-aware devices and tracking data.
5 Mobile Phone Data mining
Ideas of gaining behaviour patterns for stored data. Data mining techniques.
7 Network integrity
Evaluate the effects of viruses and internal and external attacks on the network. Develop strategies to prevent and detect these.
8 Live incident response
Gathering and analysing volatile and non-volatile data from a system in real-time - e.g. network connections, open ports, routing tables, users, processes, services, open files
9 Intrusion detection systems
Benefits and limitations. False positives. Critical analysis of data. Tuning
10 Server side forensics
Evaluate techniques for analysing and filtering logs and data from firewalls, DNS, web caches, email.
10 Server side forensics
Evaluate techniques for analysing and filtering logs and data from firewalls, DNS, web caches, email.
10 Server side forensics
Evaluate techniques for analysing and filtering logs and data from firewalls, DNS, web caches, email.
Teaching and Learning Work Loads
Teaching and Learning Method | Hours |
Lecture | 12 |
Tutorial/Seminar | 0 |
Practical Activity | 48 |
Assessment | 60 |
Independent | 80 |
Total | 200 |
Guidance notes
SCQF Level - The Scottish Credit and Qualifications Framework provides an indication of the complexity of award qualifications and associated learning and operates on an ascending numeric scale from Levels 1-12 with SCQF Level 10 equating to a Scottish undergraduate Honours degree.
Credit Value – The total value of SCQF credits for the module. 20 credits are the equivalent of 10 ECTS credits. A full-time student should normally register for 60 SCQF credits per semester.
Disclaimer
We make every effort to ensure that the information on our website is accurate but it is possible that some changes may occur prior to the academic year of entry. The modules listed in this catalogue are offered subject to availability during academic year 2021/22 , and may be subject to change for future years.