Course co-ordinator(s): Dr Mike Just (Edinburgh), Dr Ryad Soobany (Dubai).
Aims:
• Provide the student with in-depth understanding of digital forensics concepts and methodologies
• Impart a deep understanding of common attack scenarios to students
• Improve students' analysis skills and allow them to identify incidents artefacts in a systematic way
• Give practical experience of finding clues and discovering attack scenarios in common operating systems and applications
Detailed Information
Course Description: Link to Official Course Descriptor.
Pre-requisites: none.
Location: Dubai.
Semester: 2.
Syllabus:
• Legal aspects: investigation limitations (territorial and jurisdictional)
• Search and seizure: consent, warrant, evidence seizure
• Analysis: things to consider, analysis Process, evidence guidelines, order of evidence importance
• Forensic toolkits: hardware features, software features, common software tools
• Windows OS artefacts: event log, registry, prefetch, volume shadow copies, shell bags, jumplists, boot,
services
• Linux OS artefacts: "etc" folder, logs, home folder, nautilus, accounts and login history, grub, services
• Malware persistence mechanisms: auto-startup, cron jobs
• Malware analysis
• Reverse Engineering
• Storage Media: types overview, file Systems overview
• Common applications' artefacts: web browsers, chat clients, servers (Apache, mysql), cross-platform applications
SCQF Level: 10.
Credits: 15.