Course co-ordinator(s): Dr Mike Just (Edinburgh), Dr Ryad Soobany (Dubai).
Aims:
• Provide the student with in-depth understanding of digital forensics concepts and methodologies
• Impart a deep understanding of common attack scenarios to students
• Improve students' analysis skills and allow them to identify incidents artefacts in a systematic way
• Give practical experience of finding clues and discovering attack scenarios in common operating systems and applications
Detailed Information
Course Description: Link to Official Course Descriptor.
Pre-requisites: none.
Location: Dubai.
Semester: 2.
Syllabus:
• Legal aspects: investigation limitations (territorial and jurisdictional)
• Search and seizure: consent, warrant, evidence seizure
• Analysis: things to consider, analysis Process, evidence guidelines, order of evidence importance
• Forensic toolkits: hardware features, software features, common software tools
• Windows OS artefacts: event log, registry, prefetch, volume shadow copies, shell bags, jumplists, boot,
services
• Linux OS artefacts: "etc" folder, logs, home folder, nautilus, accounts and login history, grub, services
• Malware persistence mechanisms: auto-startup, cron jobs
• Malware analysis
• Reverse Engineering
• Storage Media: types overview, file Systems overview
• Common applications' artefacts: web browsers, chat clients, servers (Apache, mysql), cross-platform applications
Learning Outcomes: Subject Mastery
At the end of this course, the students will be able to:
• Understand the technical and legal aspects of the digital forensics process
• Identify and explain the role of different types of digital artefacts
• Review the security of Windows and Linux systems
• Assess the security of an IT infrastructure
• Identify suspicious activities and combine them into attack scenarios
• Understand appropriateness and effectiveness of different techniques and research methodologies for digital forensics processes
Learning Outcomes: Personal Abilities
At the end of this course, the students will:
- Develop a set of ethical and legal best practices needed for a digital forensics career
- Be able to critically appraise the security of an IT infrastructure
- Practice in ways that demonstrate a clear awareness of own and others' roles and responsibilities
- Use a range of digital forensics software to support and enhance their analyses
- Make formal presentations about digital forensics topics to informed audiences
SCQF Level: 10.
Credits: 15.