| CODE | CIS3089 | |||||||||
| TITLE | Digital Forensics | |||||||||
| UM LEVEL | 03 - Years 2, 3, 4 in Modular Undergraduate Course | |||||||||
| MQF LEVEL | 6 | |||||||||
| ECTS CREDITS | 6 | |||||||||
| DEPARTMENT | Computer Information Systems | |||||||||
| DESCRIPTION | Digital forensics is the science of identifying evidence from digital sources and which provides the forensic experts with robust tools and techniques to solve complicated digital-related crimes (Carrier, B, 2002). The study-unit content includes: - Covering of basic principles and characteristics of Digital Forensic investigations; - Coverage of uses of Digital Forensics in different areas (e.g. criminal, and civil); - Expected level of scientific method required in an investigation; - Revise key technical areas (e.g. file systems, persistent devices, transient storage, emails, web-site); - Evidence collection methods (e.g. cloning, hashing, revive a device, file curving); - Setting up labs and configuring tools for an investigation; - "Antiforensics" - (e.g. hiding data, password extraction, data destruction); - Reporting requirements and structure. Also throughout the study-unit common technologies (e.g. operating systems, logs, DBMS) are studied in terms of data collection and what type of investigations are run. Furthermore a number of tools are becoming available for an investigator to run routine and exploratory analysis of an incident. Study-unit Aims: The basic aims of this study-unit is to explain to candidates the importance and requirements of digital data preservation and presentation during an investigation of unlawful or unacceptable events. A consequent aim is to make the candidate aware that his presentation of results are at the requested level of validity and with controlled contamination. To supplement the basic aim of the study-unit one needs to present both solid principles but also indicate tools, practices, and case studies that are typical in the Digital Forensics industry. Learning Outcomes: 1. Knowledge & Understanding: By the end of the study-unit the student will be able to: - Understand an investigation requirements (in terms of scope, timing and resources required); - Formulate a plan for digital evidence acquisition, consolidation and authentication; - Analyse and interpret the data collected; - Present data and results to team (e.g. internal) and external users (e.g. law courts). 2. Skills: By the end of the study-unit the student will be able to know a number of techniques for data collection during evidence gathering. These include: - Discover data of interest (e.g. ad hoc, systematic); - Attempt recovery of deleted, disordered (i.e. find the true sequence of events), encrypted, backed up and damaged data; - Undertake "live" extraction of data; - Detecting events which are out of normality. - Use digital forensics software tools, for example: - ftk; - enCase. Main Text/s and any supplementary readings: - B. Nelson, A. Phillips, and C. Steuart, Guide to Computer Forensics and Investigations, 4th ed. Boston, USA: Cengage Technology, 2010. - E. Casey, Digital evidence and computer crime: forensic science, computers, and the Internet: Academic Press, 2011. - D. L. Watson, A. Jones, Digital Forensics Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements, Syngress, 2013. - Digital Investigation: The International Journal of Digital Forensics & Incident Response. (http://www.elsevier.com/wps/find/journaldescription.cws_home/702130/description#description) - Application program's manuals and user guides as per necessity and usage. |
|||||||||
| STUDY-UNIT TYPE | Lecture, Independent Study & Practicum | |||||||||
| METHOD OF ASSESSMENT |
|
|||||||||
| LECTURER/S | Clyde Meli Joseph Vella |
|||||||||
|
The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints. Units not attracting a sufficient number of registrations may be withdrawn without notice. It should be noted that all the information in the description above applies to study-units available during the academic year 2023/4. It may be subject to change in subsequent years. |
||||||||||