This course addresses the collection and analysis of the digital footprint left by humans and computers in a way that is reproducible by third-parties and suitable for presentation to a non-specialist audience. Topics include the rules of evidence, preservation of data, file system forensics, network forensics, live forensics, anti-forensics as well as forensics for non-standard devices such as mobile/smart phones, cloud computing and vehicular systems. Practical work will include labs where evidence is collected using tools and presented as well as the use, development and enhancement of these tools.
Students who pass this course should be able to:
- Use tools to carry out the steps involved in forensic science from collecting data to preserving evidence within the context of a framework for digital forensic evidence collection and processing, and present this information to a non-specialist audience.
- Understand the technical details of filesystems and networks and apply this understanding to the construction and evaluation of new forensics tool functionality.
- Critically evaluate evidence obtained using digital forensics methods based upon knowledge of evidential requirements as well as technical knowledge of operating systems, networks and non-standard devices such as mobile/smart phones, cloud computing and vehicular systems.
- Assignment
- Labs
- Lab 01: Creating a Forensic Image
- Lab 02: Live Acquisition
- Lab 03: Live Forensics
- Lab 04: Registry Forensics
- Lab 05: File System
- Lab 06: Keyword Search & Analysis
- Lab 07: Data Carving
- Lab 08: Metadata and Link File Analysis
- Lab 09: Recycle Bin Forensics
- Lab 10: Steganography and Alternate Data Streams
- Lab 11: Picture File Analysis
- Lab 12: Email Analysis
- Lab 14: Timeline Analysis
- Lab 15: IoT Forensics
- Lab 16: Mobile Forensic Analysis
- Lab 17: Log Capturing and Interpretation
- Lab 18: Page File Analysis
- Lab 19: Password Cracking
- Lab 20: File Hashing and Hash Analysis
- Lab 21: Chain of Custody