NATIONAL UNIVERSITY OF SCIENCE AND TECHNOLOGY

FACULTY OF APPLIED SCIENCES

COMPUTER SCIENCE DEPARTMENT
Course Outline

Course Name: Digital Forensics Course Code: SCI 4201

Produced: 2021 Revised: 2023
Lecturer: Nyoni.P. Office: Contact: 0779457249
Venue: Online/ TBA

Weighting Full Course

Hours/Week

Pre-requisite Information Security and Auditing

Synopsis
Computer devices, Data collection, Evidence Collection, Extraction and preservation of evidence, Data Recovery, Evidence preservation,
verification & authentication, Data Discovery & Identification, Data Analysis, Computer Forensics Tools, Data Hiding Techniques, Computer
forensics and mobile forensics.

Description of the Course

This module provides students with the fundamentals of digital forensic science and the systematic process of acquiring digital evidence.
Students examine how information is stored and how it may be deliberately hidden or destroyed. Coverage includes: computer devices, data
collection, evidence collection, extraction and preservation of evidence, data recovery, evidence preservation, verification & authentication, data
discovery & identification, data analysis, computer forensics tools, data hiding techniques, computer forensics and mobile forensics.

Aim of the Course

The aim of the course is to introduce fundamental concepts and techniques regarding digital forensics.
OBJECTIVES

 Describe the fundamentals of digital forensics and incident response.

 Explain the investigative process including the legal issues of preparing for and performing digital forensic analysis based on the
investigator's position and duty.

 Demonstrate use of digital forensics tools.

 Differentiate between mobile and network forensics.

 Recognize the state of the practice and the gaps in technology, policy, and legal issues.

TEACHING AND LEARNING STRATEGIES

 Lecture method as a default delivery mechanism.

 Seminars will be used to extend the theoretical material problem solving exercises with students leading and making them truly
interactive session.
 Problem based learning which forces the students to gather, organise and evaluate information hence use it creatively in the formulation
of solutions to problems.
 Individual/group exercises and assignments.
 Individual or group presentations on researched material as will be assigned.
 Co-operative learning: Collaborative or peer learning.
 Supervised tests: Another form of assessment.
CONTENT TOPICS
TOPICS WEEK HOURS
 Define computer forensics
 Describe how to prepare for computer investigations and explain 1 4
Overview the difference between law enforcement agency and corporate
investigations
 Explain the importance of maintaining professional conduct

Investigative Process  Explain ways to determine the best acquisition method

 Describe contingency planning for data acquisitions 2 4
 Explain how to use acquisition tools
 Apply a systematic approach to an investigation
 Describe procedures for corporate high-tech investigations
 Describe how to conduct an investigation

Forensic Labs  Describe certification requirements for computer forensics labs

 List physical requirements for a computer forensics lab 3 4
 Explain the criteria for selecting a basic forensic workstation
Data Acquisition  List digital evidence storage formats
 Explain ways to determine the best acquisition method 4 4
 Describe contingency planning for data acquisitions

 Explain the rules for digital evidence

 Describe how to collect evidence at private-sector incident scenes 5 4
Processing Crime and
Incident Scenes  Explain guidelines for processing law enforcement crime scenes
 List the steps in preparing for an evidence search
 Describe how to secure a computer incident or crime scene
 Working with Windows and  Identify a number of different storage devices 6 4
DOS Systems  Explain the purpose and structure of file systems
 Describe Microsoft file structures
 Explain the structure of New Technology File System (NTFS)
disks

Computer Forensics Tools  Explain how to evaluate needs for computer forensics tools 7 4
 Describe available computer forensics software tools
 List some considerations for computer forensics hardware tools

Macintosh and Linux Boot  Explain Macintosh file structures and the boot process 8 4
Processes and File Systems  Explain UNIX and Linux disk structures and boot processes
 Describe other disk structures

Forensics Analysis and  Determine what data to analyse in a computer forensics 9 4

Validation investigation
 Explain tools used to validate data
 Explain common data-hiding techniques

 Taking resource constraints into account when developing a 10 4

network diagram
Mobile Forensics. Network  Determining the resource requirements plan for a project
Forensics & Live acquisitions  Leveling the use of resources within the required time frame of
the project
 Explain the basic concepts of mobile device forensics
 Describe procedures for acquiring data from cell phones and
mobile devices
 Email & Social Media  Explain the role of e-mail in investigations 11 4
Investigations  Describe client and server roles in e-mail
 Describe tasks in investigating e-mail crimes and
 violations
 Explain the use of e-mail server logs
Cloud Forensics  Describe the main concepts of cloud computing 12 4
 Summarize the legal challenges in conducting cloud forensics
 Give an overview of the technical challenges with cloud forensics
Report Writing  Explain the importance of reports 13 4
 Describe guidelines for writing reports
 Explain how to use forensics tools to generate reports
 `
Ethics  Explain how ethics and codes apply to expert witnesses 14 2
 Explain how other organizations’ codes of ethics apply to expert
testimony
 Describe ethical difficulties in expert testimony
 Explain the process of carving data manually
TOTAL 14 48

RECOMMENDED SOURCES

Nelson, B., Phillips, A. and Steuart, C., 2019. Guide to computer forensics and investigations. Cengage Learning.

Carrier, B., 2005. File system forensic analysis. Addison-Wesley Professional.

FORMS AND DATE OF ASSESSMENT

Activity Points Due date

Assignments1 30 TBA
Assignment 2 30 TBA
Test1 40 TBA
Final exam 100 TBA