• Undergraduate study:
• Courses
• Order a prospectus
• How to apply
• Information for applicants
• Why choose Kingston University
• Disability and mental health support
• Accommodation
• Undergraduate fees
• Fees, funding and payments
• Access, participation and inclusion

• Undergraduate study:
• Courses
• Order a prospectus
• How to apply
• Information for applicants
• Why choose Kingston University
• Disability and mental health support
• Accommodation
• Undergraduate fees
• Fees, funding and payments
• Access, participation and inclusion

Cyber Crime and Digital Forensics

• Module code: CI4315
• Year: 2018/9
• Level: 4
• Credits: 30
• Pre-requisites: None
• Co-requisites: None

Summary

The Cyber Crime and Digital Forensics module will introduce you to the principles and practices of cyber forensics, providing a contextual setting for further modules. In particular, the module has a theoretical perspective (introducing core security concepts and principles, and covering legal, professional and ethical issues, the nature of digital crime and the role of the forensic investigator) as well as a practical technical perspective (gathering, reserving and presenting digital evidence using forensic toolkits).

Aims

• To provide students with an understanding of the fundamental principles and techniques employed in security.
• To introduce and explain to students the principles of digital forensics, including the role of the forensics investigator, crime scene protocol and approaches to acquiring and preserving digital evidence
• To allow students to analyse the relevant legal, ethical, and professional issues pertinent to digital forensics.
• To enable students to evaluate the usage of forensic tools and techniques for creating digital forensic reports.

Learning outcomes

On successful completion of the module, students will be able to:

• Discuss the basic methodology in computer security and interpret relating security concepts and terminology.
• Recognise the nature and characteristics of cyber crime.
• Illustrate the legal, ethical and professional role of the digital forensics examiner in investigating cyber crime.
• Demonstrate and articulate the use of digital forensics tools and techniques.
• Select suitable forensic tools and techniques in order to capture, analyse and preserve forensic evidence in a given scenario.

Curriculum content

• Fundamental security terminology
  • CIA triad
  • Assets, threats, vulnerabilities, attacks, risks and controls
  • Basic security methodology
• Legal principles
  • The British justice system
  • Criminal courts
  • Expert evidence
  • Appropriate laws
  • Admissible evidence
• Digital forensics
  • The nature of digital crime (eg. fraud, data protection, identity theft)
  • Definitions, sources of digital evidence, overview of acquisition, preservation, analysis and presentation
  • The sub-disciplines (eg. computer forensics, mobile, GPS)
• Crime scene investigation
  • First responder
  • Forensic methodologies for collecting and preserving digital evidence
  • Volatile vs. persistent data
  • Documenting the scene, note taking and report writing
  • Role of the digital forensics examiner, certification, ethics, professional bodies
• Forensics tools
  • Overview and classes of digital forensics tools
  • Creation of a trusted set of tools for the collection of data
  • Formats (raw, proprietary, advanced forensic format) 
  • Tools (console, Linux boot cd, ProDiscover Basic, Access Data FTK imager)
• Windows file systems
  • Boot sequence, disk partition, master boot record, FAT and NTFS file structures
  • Computer time artefacts (MAC times) 
  • Registry analysis
• Anti-forensic techniques
  • Hidden disk partitions, cryptographic techniques (bit-shifting, steganography, encryption), passwords
• Data recovery
  • Hidden partitions, deleted files, hidden files 
  • Graphic files, encrypted files, link files 
  • Carving, thumbnails, passwords
• Validation
  • Hash values
  • Tools (hexadecimal editors, ProDiscover Basic, Access Data FTK imager)
• Application and file forensics
  • Internet history, web and browser caching
  • Email investigations
    • Servers, headers, tracing and logs
  • MS Office applications
  • File signatures, meta data
• Python and digital forensics
  • Introduction to Python
  • Basic python forensic scripts

Teaching and learning strategy

This module, being part of the innovative Cyber Security and Digital Forensics course, utilises a workshop-centered teaching and learning strategy, in which practical exercises and problem-centered technical challenges are supported by short participatory lectures and group discussions. Workshops are typically structured as a three-hour lab-based session, interspersed with 3 short (20 minute) participatory lecture sessions and are designed to encourage an open, collaborative and active student learning environment.

Content delivered in workshop sessions, are based on and reinforced by recommended reading, study guides and learning resources that are available on Canvas, which duly serves as a learning, sharing, feedback and communication hub for this module. Core teaching and learning strategies for this module are described as follows:

• Theoretical perspectives of this module (eg. core security concepts, legal, professional and ethical issues, the nature of digital crime and the role of the forensic investigator) are delivered via lectures and group discussions.
• Technical perspectives of this module (eg. gathering, preserving and presenting digital evidence, Forensic Tool Kit, Hash Functions, Python, etc.) are primarily delivered via practical lab and technical challenge activities.
• Active learning and skills retention for theoretical and digital forensics topics, are supported by formative self-study assessments, videos and interactive presentations that can be accessed on Canvas.

Breakdown of Teaching and Learning Hours

Assessment strategy

In order to help students on this module achieve their full potential, formative assessment opportunities will be provided as appropriate throughout the module. Examples of formative assessments include worked exercises which emulate aspects of the major assessment and lab work. Feedback on coursework represents an additional opportunity for formative learning and will be given in writing and/or verbally. Formative feedback will be will be provided in various forms such as during short (10 - 15 minutes) feedback sessions. The formative feedback is designed to inform student preparation for the summative assessment which may be within the same module or feed forward across the degree programme. The summative assessment is 80% coursework, which typically consists of forensic techniques coursework (eg. applied use of hash functions, hex editors, forensic tools etc.) and forensic case study coursework. Coursework will typically include demonstrable artefacts. The remaining 20% is allocated to an in-class test that takes place under examination conditions.

Mapping of Learning Outcomes to Assessment Strategy (Indicative)

Elements of Assessment

Achieving a pass

It IS NOT a requirement that any major element of assessment is passed separately in order to achieve an overall pass for the module.

Bibliography core texts

Holt, T et.al. (2017). "Cybercrime and Digital Forensics: An Introduction". Routledge.

Robinson, M.  (2015). "Hands-on Activities in Digital Forensics". CreateSpace Independent Publishing Platform

Bibliography recommended reading

Bainbridge, D (2007). "Introduction to Computer Law". Longman

Nelson, B et.al. (2007). "Guide to Computer Forensics and Investigations". Course Technology.

Volonino L et al.  (2006). "Computer Forensics Principles and Practices". Prentice Hall

Vacca, J.R (2005). "Computer Forensics: Computer Crime Scene Investigation".  Charles River Media.

Britz, M.J (2004). "Computer Forensics and Cyber Crime: An Introduction". Pearson Prentice Hall.

Casey, E (2004). "Digital Evidence and Computer Crime". Academic Press.