University of Malta
 

Study-Unit Description
UOM Main Page
 
 
 
Apply - Admissions 2016
Newspoint
Campus Map button
Facebook
Twitter


CODE CIS3089

 
TITLE Digital Forensics

 
LEVEL 03 - Years 2, 3, 4 in Modular Undergraduate Course

 
ECTS CREDITS 6

 
DEPARTMENT Computer Information Systems

 
DESCRIPTION Digital forensics is the science of identifying evidence from digital sources and which provides the forensic experts with robust tools and techniques to solve complicated digital-related crimes (Carrier, B, 2002).

The study-unit content includes:
- Covering of basic principles and characteristics of Digital Forensic investigations;
- Coverage of uses of Digital Forensics in different areas (e.g. criminal, and civil);
- Expected level of scientific method required in an investigation;
- Revise key technical areas (e.g. file systems, persistent devices, transient storage, emails, web-site);
- Evidence collection methods (e.g. cloning, hashing, revive a device, file curving);
- Setting up labs and configuring tools for an investigation;
- "Antiforensics" - (e.g. hiding data, password extraction, data destruction);
- Reporting requirements and structure.

Also throughout the study-unit common technologies (e.g. operating systems, logs, DBMS) are studied in terms of data collection and what type of investigations are run.

Furthermore a number of tools are becoming available for an investigator to run routine and exploratory analysis of an incident.

Study-unit Aims:

The basic aims of this study-unit is to explain to candidates the importance and requirements of digital data preservation and presentation during an investigation of unlawful or unacceptable events. A consequent aim is to make the candidate aware that his presentation of results are at the requested level of validity and with controlled contamination.

To supplement the basic aim of the study-unit one needs to present both solid principles but also indicate tools, practices, and case studies that are typical in the Digital Forensics industry.

Learning Outcomes:

1. Knowledge & Understanding:

By the end of the study-unit the student will be able to:
- Understand an investigation requirements (in terms of scope, timing and resources required);
- Formulate a plan for digital evidence acquisition, consolidation and authentication;
- Analyse and interpret the data collected;
- Present data and results to team (e.g. internal) and external users (e.g. law courts).

2. Skills:

By the end of the study-unit the student will be able to know a number of techniques for data collection during evidence gathering. These include:
- Discover data of interest (e.g. ad hoc, systematic);
- Attempt recovery of deleted, disordered (i.e. find the true sequence of events), encrypted, backed up and damaged data;
- Undertake "live" extraction of data;
- Detecting events which are out of normality.
- Use digital forensics software tools, for example:
    - ftk;
    - enCase.

Main Text/s and any supplementary readings:

- B. Nelson, A. Phillips, and C. Steuart, Guide to Computer Forensics and Investigations, 4th ed. Boston, USA: Cengage Technology, 2010.
- E. Casey, Digital evidence and computer crime: forensic science, computers, and the Internet: Academic Press, 2011.
- D. L. Watson, A. Jones, Digital Forensics Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements, Syngress, 2013.
- Digital Investigation: The International Journal of Digital Forensics & Incident Response.
(http://www.elsevier.com/wps/find/journaldescription.cws_home/702130/description#description)
- Application program's manuals and user guides as per necessity and usage.

 
STUDY-UNIT TYPE Lecture, Independent Study & Practicum

 
METHOD OF ASSESSMENT
Assessment Component/s Resit Availability Weighting
Artefact Yes 20%
Examination (3 Hours) Yes 80%

 
LECTURER/S Clyde Meli
Joseph Vella

 
The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints.
Units not attracting a sufficient number of registrations may be withdrawn without notice.
It should be noted that all the information in the study-unit description above applies to the academic year 2017/8, if study-unit is available during this academic year, and may be subject to change in subsequent years.
Calendar
Notices
Study-unit Registration Forms 2017/8

Register

For Undergraduate (Day) and Postgraduate students.

 

Faculty of ICT Timetables

Timetables

ICT Timetables are available from Here.

Health and Safety Regulations for Laboratories Form

The Faculty of ICT Health and Safety Regulations for Laboratories form can be found here

 HealthAndSafety

13th Edition of EY’s Annual Attractiveness Event

 Logo

 

 

The 13th Edition of EY’s Annual Attractiveness event will be held on 25th October 2017 at the InterContinental Hotel,

St. Julians. It is titled "Thinking without the box: disruption, technology and FDI".

 

The  students' invitation and more information can be found here

The conference programme can be found here

 

 
 

Log In back to UoM Homepage