COMPUTER FORENSICS FUNDAMENTALS
This module gives you an introduction to some of the general concepts of computer forensics, as well as helping you to develop the skills that will be needed on other modules. You will cover in detail the layout of volumes on storage devices, and file systems within volumes, with particular emphasis on the FAT file system. You will learn to look at raw devices using low-level tools like hex editors, and consider how security considerations should affect software design and implementation.
COMPUTER SYSTEM TOOLS
This module commences by giving you a hands-on introduction to the UNIX operating system. You will look at a range of tools that might be used by a forensic examiner: this will include high-level tools like EnCase, FTK and Autopsy, although your main focus will be on low-level tools such as dd and the Sleuthkit tools, as these help to develop your understanding of what (and how) the higher level tools are actually doing. You will also learn to use basic system tools such as grep. In addition you will learn a scripting language so that you can develop your own forensic tools.
EVIDENCE AND PROCEDURE
You will examine the legal obligations of computer forensics, gaining an understanding of the relevant statutes and industry guidelines, and of proving the authenticity of evidence via a chain of custody from collecting evidence through to presenting findings in a professional manner. The module also aims to provide you with a broad understanding of the professional factors that influence the work of professional practitioners, particularly in the context of the ´Expert Witness´.
The module will cover the basics of how networks work, what the specific threats to networks are, and how they might be ameliorated.
POSTGRADUATE PROJECT MODULE
This module is the culmination of the course. It is an opportunity for you to put into practise many of the skills learned elsewhere on the course. It is a major piece of work on a topic chosen by you (normally, this topic will be chosen as part of the Research Methods module). You will undertake this work individually, and will be assigned a project supervisor to assist with and guide the development of the project.
This module is shared with other MSc courses run by the Department. Its main focus is on introducing you to research, and developing the skills you need to read and evaluate original research literature. This in turn leads into the Project, and a major outcome of the module should be a Project Proposal. In addition, the module addresses certain aspects of Personal Development Planning (PDP).
DIGITAL FORENSICS PATHWAY:
DATA RECOVERY AND ANALYSIS
You will cover many of the most important concepts of digital forensics through this module, including various methods of data recovery (noting those that meet ACPO guidelines for evidence preservation). Analysis of the data will include finding and recovering deleted files, searching slack space on storage devices, examining log and registry entries, and constructing timelines of activity.
ADVANCED COMPUTER FORENSICS
This module continues the examination of essential digital forensics concepts. The topics you will cover include network forensics, live systems, mobile phones and other devices. A further aim of the module is to introduce you to developing areas of computer forensics, and provide you with the skills to investigate new areas of computer forensics, such as covert analysis and intruder artefacts.
CYBER SECURITY PATHWAY:
You will examine the issues involved with business continuity and disaster recovery planning, and environmental security.
THREATS AND COUNTERMEASURES
This module will look at system architectures and how systems can be defended; it will include consideration of the threat to security posed by legitimate users of the system and behavioural issues.