Course Brief
Crime involving computing technology is increasing, with the hackers using ever more sophisticated techniques to attack organisations and individuals alike. A computer may hold information that generated during the commission of a crime which must be retrieved in order to follow a prosecution. This new discipline is based on forensic science and computer security technologies, and involves the application of scientific methods for the collection, analysis, interpretation, and presentation of potential evidence. In order to be able to operate as a computer security practitioner, students must be able to conduct a forensic analysis of data for regulatory, internal compliance and legal purposes. This course will equip potential practitioners with the necessary awareness of real-world expertise and competence in the use of technologies used by police and industry for forensic investigations.
- Understand the need for and the role of the forensic investigator in various situations
- Use and appraise a software forensic tool eg Autopsy.
- Use, adapt and appraise diagnostic and investigative techniques to identify and retrieve data from various types of computer media and electronic devices.
Computer systems organisation and ways in which various electronic devices can be involved in a crime;
Operating systems technology – organisation and architecture; NTFS, DOS, OSX
Understanding disk architecture, disk-based Investigations and Procedures;
Physical and logical storage methods for different types of electronic devices;
Incident Response and approaches to conducting an investigation;
Information Hiding Techniques: using Steganography;
The importance of deleted files and the artefacts left by the Windows OS