CYB812 – Digital Forensics: Principles and Practice

In this unit, students explore techniques and practices for gathering and analysing forensic evidence used to solve crimes involving computers and other digital devices. The unit covers techniques for digital forensic investigation, forensic tools and technologies investigated (operating systems, virtual machines, email, social media, mobile devices, cloud), and the process of collecting and presenting evidence to clients and courts. Skills in digital forensics will be integral for students who wish to work as forensic investigators and more broadly applicable to any cybersecurity professional who will respond to incidents, particularly if law enforcement may become involved.

Learning Outcomes:

• Critically reflect on the role and utility of digital forensics in cybersecurity operations
• Identify, describe, distinguish and critically analyse the phases of a digital forensics investigation
• Demonstrate how to prepare for, conduct, report and critique a digital forensics investigation
• Identify, describe, distinguish and critically analyse the rules, tools, methods and conduct of evidence search and acquisition
• Describe and demonstrate how forensic investigations are conducted on a diverse range of digital platforms including mobile devices, email, virtual machines, and networks
• Describe the role of digital forensic evidence in court including how digital evidence is prepared, presented, examined and weighted
• Describe and critically reflect on the role of ethics and codes of conduct in the conduct of digital forensics and expert testimony