Section: Home

Units

QUT Course Structure
Computer Forensics

Unit code: INN550
Contact hours: 3 per week
Credit points: 12
Information about fees and unit costs

This unit aims to give you instruction in the principles of Computer Forensics, and the principles that need to be observed by the computer forensic investigator in order to successfully identify, secure, analyse and present digital evidence. In this advanced level elective unit we focus on the principles which direct the collection, analysis and presentation of the electronic or digital evidence available to a forensic investigator, and the techniques that are used in order to ensure that those principles are met for evidentiary requirements.

Availability
Semester Available
2013 Semester 2 Yes

Sample subject outline - Semester 2 2013

Note: Subject outlines often change before the semester begins. Below is a sample outline.

Rationale

IT professionals, especially those with a responsibility for computer security, are more and more often required to be involved in the investigation of computer crime in criminal and civil matters and in incident response situations. In this advanced level elective unit we focus on the principles which direct the collection, analysis and presentation of the electronic or digital evidence available to a forensic investigator, and the techniques that are used in order to ensure that those principles are met for evidentiary requirements.
To undertake this unit you should have already achieved a sound foundation in computer systems, computer communications, and computer security thus enabling you to relate to the principles and practice of computer forensics, which builds on that foundation. This unit will enhance the skills of the IT security professional.

Aims

This unit aims to give you instruction in the principles of Computer Forensics, and the principles that need to be observed by the computer forensic investigator in order to successfully identify, secure, analyse and present digital evidence.

Objectives

On completion of this unit you should:

  1. have achieved an understanding of the nature of computer crime, digital evidence, computer forensics, network forensics and the role of the computer forensics expert in investigations and incident response (GC1);

  2. have achieved an understanding of the principles underlying the collection, preservation and analysis of digital evidence from computer systems and from network systems (GC1);

  3. be able to prepare reports and advice that are suitable for use by counsel in both civil and criminal matters (GC3);

  4. have an appreciation of the significant national and international legislation with implications for computer forensics which will enhance your awareness of the ethical and legislative context of IT (GC6);

  5. be able to work independently on technical problems (GC5).

Key: Graduate Capabilities
GC1 - Knowledge and Skills
GC2 - Critical and Creative Thinking
GC3 - Communication
CG4 - Lifelong Learning
GC5 - Independence and Collaboration
GC6 - Social and Ethical Responsibility
GC7 - Leadership and Change

Content

In this unit you will study the following topics:

  1. Computer crime and computer forensics - the nature of computer crime and digital evidence, establishing a case in computer forensics, computer forensic analysis, sources of digital evidence, retrieval and analysis of digital evidence, legal considerations, network forensics, incident response, intrusion forensics

  2. The computer forensics of stand alone systems - secure boot, write blockers and forensic platforms, disk and file imaging and analysis, file deletion, media sanitization, mobile telephones, PDAs, discovery of electronic evidence, emerging procedures and standards, seizure and analysis of electronic evidence, principles of evidence, forensic examination

  3. Forensic resources and tools - tools and procedures for Unix and Windows, forensic platforms, forensic toolsets

  4. Incident response and intrusion forensics - review of network management concepts, vulnerability analysis, monitoring of computer networks and systems, attack types, incident response procedures and incident investigation, network forensics, intrusion forensics, analysing computer intrusions, event and network log analysis, time lining, forensic accounting and fraud

Approaches to Teaching and Learning

The content of the unit is delivered through lectures, a laboratory program, and the QUT Blackboard site. Lectures cover theoretical aspects of the unit, and practical sessions provide an opportunity to work with computer forensic software tools and tool suites to enhance your understanding of the preservation and analysis of digital evidence. Tutorial staff will be available to provide assistance.
The unit emphasises a 'hands-on' approach to learning through the illustration of new concepts through worked examples and demonstrations. You are encouraged to work in small groups. Group work will foster your ability to perform as part of an investigative team. You are encouraged to discuss the difficulties you are having with assignments with your group partner or tutor.

Assessment

You will submit your assignments electronically through the Science and Enginnering Faculty's Online Assignment System (OAS) - details will be announced during the semester. You are expected to work on the assignments independently, but you can ask for assistance from the teaching staff.You can obtain feedback on your progress throughout the unit through the following mechanisms:

  • ask the teaching staff for advice and assistance during lectures and practical sessions

  • your assignments will be returned to you before the end of semester with comments on your progress

  • private consultation with teaching staff

    • Assessment name: Project (applied)
    Description: Forensic analysis of a computer hard drive and subsequent report preparation.
    Relates to objectives: 1, 2, 3
    Weight: 30%
    Internal or external: Both
    Group or individual: Individual
    Due date: Week 7

    Assessment name: Project (applied)
    Description: Forensic analysis of network packet capture and subsequent report preparation.
    Relates to objectives: 1, 2, 3
    Weight: 30%
    Internal or external: Both
    Group or individual: Individual
    Due date: Week 12

    Assessment name: Examination (Theory)
    Description: Final written exam
    Relates to objectives: 1 to 5
    Weight: 40%
    Internal or external: Internal
    Group or individual: Individual
    Due date: Exam period

    Academic Honesty

    QUT is committed to maintaining high academic standards to protect the value of its qualifications. To assist you in assuring the academic integrity of your assessment you are encouraged to make use of the support materials and services available to help you consider and check your assessment items. Important information about the university's approach to academic integrity of assessment is on your unit Blackboard site.

    A breach of academic integrity is regarded as Student Misconduct and can lead to the imposition of penalties.

    Resource materials

    No extraordinary charges or costs are associated with the requirements for this unit.

    Recommended Reading:
    Nelson, B., Phillips, A., Enfinger, F. and Steuart, C., Guide to Computer Forensics and Investigations 3rd Edition (ISBN 1-4180-6733-4) 2008, Thomson Course Technology

    Vacca, J.R., Computer Forensics Computer Crime Scene Investigation 2nd Edition, (ISBN 1-58450-389-0) 2005, Charles River Media Inc.

    Mohay, G., Anderson, A., Collie, B., de Vel, O., and McKemmish, R., Computer and Intrusion Forensics (ISBN 1-58053-369-8), 2003, Artech House, Inc.

    Further readings and references will be supplied on the BlackBoard site for this unit.

    top
    Risk assessment statement

    There are no unusual health or safety risks associated with this unit.

    Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of semester.

    Last modified: 23-May-2012