Module Details |
The information contained in this module specification was correct at the time of publication but may be subject to change, either during the session because of unforeseen circumstances, or following review of the module at the end of the session. Queries about the module should be directed to the member of staff with responsibility for the module. |
Title | Cyber Forensics | ||
Code | CSCK512 | ||
Coordinator |
Prof FP Coenen Computer Science Coenen@liverpool.ac.uk |
||
Year | CATS Level | Semester | CATS Value |
Session 2020-21 | Level 7 FHEQ | Whole Session | 15 |
Aims |
|
1. To provide students with a comprehensive understanding of the domain of computer forensics. 2. To instruct students in the tools and techniques that will allow them to identify and extract evidence from computer media. 3. To equip students with an in depth knowledge of the processes whereby material extracted from computer media can be assessed and judged for evidentiary purposes. 4. To provide students with a complete understanding of the process of documenting computer forensic evidence. |
Learning Outcomes |
|
(M1) A deep and critical understanding of the theory and practice of computer forensics. |
|
(M2) A complete understanding of the processes for digital evidence acquisition, authentication, analysis, and auditing. |
|
(M3) An understanding of the use of computer forensic tools to carry out digital forensic investigation. |
|
(M4) Be able to conduct digital forensic investigations with respect to a variety of computer platforms. |
|
(M5) An understanding of the legal framework within which the discipline of computer forensics operates (with respect to a number of different countries). |
|
(M6) In the context of computer forensics, be able to differentiate between ethical issues, legal issues, and criminal motives. |
|
(M7) An awareness of future trends in computer forensics. |
|
(S1) Communication skills in electronic as well as written form. |
|
(S2) Self-direction and originality in tackling and solving problems. |
|
(S3) Experience of working in development teams and the leadership of such teams. |
|
(S4) Group working, respecting others, co-operating, negotiating, awareness of interdependence with others. |
Syllabus |
|
Week 1: Digital Evidence, Computer Crime, Technology, and Law Week 2: The Investigative Process, Reconstruction, and Modus Operandi Week 3: Applying Forensic Science to Computers Week 4: Investigating Windows Computers and Network Forensics Week 5: Investigation Unix Systems, Macintosh Systems, and Handheld Devices Week 6: Network Forensics I Week 7: Network Forensics II Week 8: Computer Crime Investigation and Career Development |
Teaching and Learning Strategies |
|
The mode of delivery is by online learning, facilitated by a Virtual Learning Environment (VLE). This mode of study enables students to pursue modules via home study while continuing in employment. Module delivery involves the establishment of a virtual classroom in which a relatively small group of students (usually 10-25) work under the direction of a faculty member. Module delivery proceeds via a series of eight one-week online sessions, each of which comprises an online lecture, supported by other eLearning activities, posted electronically to a public folder in the virtual classroom. The eLearning activities will include lecture casts, live seminar sessions, self-assessment activities, reading materials and other multimedia resources. Communication within the virtual classroom is asynchronous, preserving the requirement that students are able to pursue the module in their own time, within the weekly time-frame of each online session. An important element of the module provision is active learning through collaborative, cohort-based, learning using discussion fora where the students engage in assessed discussions facilitated by the faculty member responsible for the module. This in turn encourages both confidence and global citizenship (given the international nature of the online student body). |
Teaching Schedule |
Lectures | Seminars | Tutorials | Lab Practicals | Fieldwork Placement | Other | TOTAL | |
Study Hours |
24 |
40 |
64 | ||||
Timetable (if known) | |||||||
Private Study | 86 | ||||||
TOTAL HOURS | 150 |
Assessment |
||||||
EXAM | Duration | Timing (Semester) |
% of final mark |
Resit/resubmission opportunity |
Penalty for late submission |
Notes |
CONTINUOUS | Duration | Timing (Semester) |
% of final mark |
Resit/resubmission opportunity |
Penalty for late submission |
Notes |
Group Project: Video presentation (10 minutes) and forensic report concerning a practical computer forensics exercise. | 12 hours | 30 | ||||
Discussion Question 1: Participate actively in an online discussion concerning the background to cyber forensics, the legal framework and future trends. | 1000-1500 words | 20 | ||||
Essay: Individual essay on the process of digital evidence acquisition, and the process of conducting forensic investigation given a particular scenario. | 2000-2500 words | 30 | ||||
Discussion Question 2: Participate actively in an online discussion on the conduct of digital forensic investigations with respect to different computer platforms. | 1000-1500 words | 20 |
Recommended Texts |
|
Reading lists are managed at readinglists.liverpool.ac.uk. Click here to access the reading lists for this module. |