Forensic Investigation

You are viewing an older version of this academic item. To access a different version, adjust the year in the field above. For handbooks published prior to 2023, click the "Previous Handbooks" button at the bottom of the page.

Abstract

In this subject students will acquire an understanding of the principles of forensic investigation and the complexities involved in conducting forensic investigations in a contemporary context. Students will develop a deeper understanding of the methods for acquiring digital evidence from more contemporary, non-traditional, digital systems (such as social media sites, virtualised systems and multimedia platforms) using practical examples, case studies and activities. Students will also learn principles of investigating malware and ransomware attacks and how to resolve potential investigatory difficulties in these contexts.

Syllabus

Computer forensicsFile System Forensic Analysis Part 1 - Volumes and FATFile System Forensic Analysis Part 2 - NTFSFile Carving.Acquiring digital evidenceLog file analysisMobile device forensics (Android/GPS/SIM Cards)Malware analysisRansomware analysisImage forgerySteganography & Steganalysis

Learning outcomes

Upon successful completion of this subject, students should:

be able to explain the role and importance of digital forensics;

be able to articulate the role of the computer forensics investigator in different contexts;

to be able to assemble and secure evidence from a range of sources and locations in a forensically-sound manner;

be able to investigate malware and ransomware attacks;

be able to solve potential difficulties in investigating non-traditional systems; and

be able to evaluate differences in the forensic process depending on context.

Assumed knowledge

It is assumed that students will have completed ITI581 Cyber Security Fundamentals or equivalent

Enrolment restrictions

Only available to students enrolled in IT Masters courses.