Registry

Module Specifications

Current Academic Year 2012 - 2013
Please note that this information is subject to change.

Module Title Forensic Computing
Module Code CA643
School School of Computing
Online Module Resources

Module Co-ordinatorSemester 1: Charles Daly
Semester 2: Charles Daly
Autumn: Charles Daly
Module TeacherCharles Daly
NFQ level 8 Credit Rating 7.5
Pre-requisite None
Co-requisite None
Compatibles None
Incompatibles None
Description
This module aims to give the student a firm understanding the processing digital evidence and of how to locate, analyse and present the results of digital media used as evidence.

Learning Outcomes
1. Examine a hard disk image without modifying its contents.
2. Locate and analyse various Windows artefacts which exist on a typical Windows computer.
3. Recover files that have been deleted from the file system but have not yet been overwritten.
4. Generate and analyse timelines built from MACtimes and windows artefacts.
5. Capture and analyse RAM images
6. Locate and analyse metadata from typical applications, e.g. MS Word documents, jpeg images.
7. Analyse unstructured data using automated and visualisation techniques.



Workload Full-time hours per semester
Type Hours Description
Lecture36Three one hour lectures per week
Laboratory24Weekly two hour lab session
Independent learning27No Description
On-line learning50Most of the material is available online.
Assignment50Weekly reports on lab work
Total Workload: 187

All module information is indicative and subject to change. For further information,students are advised to refer to the University's Marks and Standards and Programme Specific Regulations at: http://www.dcu.ie/registry/examinations/index.shtml

Indicative Content and Learning Activities
Indicative Syllabus.
Overview of the Digital Forensics Process.Handling digital evidence.Windows artefacts, e.g. image thumbnails, recent documents, registry, system restore points, finding and interpreting artefacts.Application artefacts, metadata, web browsing history, email.Generating and analysing timelines.File Systems, FAT, NTFS. Recovering deleted data.Memory capture and analysis.Unstructured data analysisTools for forensic analysis..

Assessment Breakdown
Continuous Assessment50% Examination Weight50%
Course Work Breakdown
TypeDescription% of totalAssessment Date
Report (s) (written / oral)Lab: Examine Hard Disk9%Week 2
Report (s) (written / oral)Lab: Artefacts8%Week 3
Report (s) (written / oral)Lab: Timelines8%Week 4
Report (s) (written / oral)Lab: Analysing RAM images8%Week 5
Report (s) (written / oral)Lab: Metadata Analysis8%Week 6
Report (s) (written / oral)Lab: Visuaisation Techniques9%Week 7
Reassessment Requirement
Resit arrangements are explained by the following categories;
1 = A resit is available for all components of the module
2 = No resit is available for 100% continuous assessment module
3 = No resit is available for the continuous assessment component
This module is category 1
Indicative Reading List
  • Warren G. Kruse II, Jay G. Heiser: 0, Essential: Computer Forensics: Incident Response Essentials., Addison Wesley,
Other Resources
None
Array
Programme or List of Programmes
BSSAStudy Abroad (DCU Business School)
BSSAOStudy Abroad (DCU Business School)
CAPDPhD
CAPMMSc
CAPTPhD-track
DMEVM.Eng. in Digital Media Engineering
ECSAStudy Abroad (Engineering & Computing)
ECSAOStudy Abroad (Engineering & Computing)
EEPDPhD
EEPMMEng
EEPTPhD-track
GCSFGrad Cert in Security & Forensics
GDSFGraduate Diploma in Security & Forensics
HMSAStudy Abroad (Humanities & Soc Science)
HMSAOStudy Abroad (Humanities & Soc Science)
MCMM.Sc. in Computing
MEPDPhD
MEPMMEng
MEPTPhD-track
MSSFMSc in Security & Forensic Computing
SHSAStudy Abroad (Science & Health)
SHSAOStudy Abroad (Science & Health)
Timetable this semester: Timetable for CA643
Date of Last Revision28-JUL-08
Archives:
DCU
Address
The Helix
3U
NDP
Government
EU
Disclaimer | Privacy