48436 Digital Forensics
Warning: The information on this page is indicative. The subject outline for a
particular session, location and mode of offering is the authoritative source
of all information about the subject for that offering. Required texts, recommended texts and references in particular are likely to change. Students will be provided with a subject outline once they enrol in the subject.
Subject handbook information prior to 2025 is available in the Archives.
Credit points: 6 cp
Subject level:
Undergraduate
Result type: Grade and marksRequisite(s): 48730 Cybersecurity
Anti-requisite(s): 32309 Digital Forensics
Recommended studies:
Confident with using Windows command line utilities such as netstat, nslookup, net and ipconfig. Also confident with Linux command line tools such as grep, ls, uname and ps.
Description
This is a practice-based subject, using material based on the textbook. Learning is laboratory-based. Students assess if a crime has been committed, acquire digital evidence, analyse the evidence and prepare forensic reports.
The emphasis is on digital forensics applications, in particular:
- forensic analysis of a digital storage device where evidence of visits to web sites is recovered to support or oppose a hypothesis before a criminal court
- eDiscovery (a form of discovery related to civil litigation) where students acquire evidence of contact with a third party using email or social media
- intrusion investigation into the nature and extent of an unauthorised network intrusion. Students look for evidence of malware being installed on the device that may use the network to exfiltrate data to an unauthorised person.
Subject learning objectives (SLOs)
Upon successful completion of this subject students should be able to:
| 1. | Evaluate theories of digital forensics. (D.1) |
|---|---|
| 2. | Understand the structure of forensic evidence. (D.1) |
| 3. | Implement forensically sound digital security practices in industry. (B.1, C.1) |
| 4. | Demonstrate competence in applying industry-standard forensic analysis techniques. (D.1) |
Course intended learning outcomes (CILOs)
This subject also contributes specifically to the development of the following Course Intended Learning Outcomes (CILOs):
- Socially Responsible: FEIT graduates identify, engage, interpret and analyse stakeholder needs and cultural perspectives, establish priorities and goals, and identify constraints, uncertainties and risks (social, ethical, cultural, legislative, environmental, economics etc.) to define the system requirements. (B.1)
- Design Oriented: FEIT graduates apply problem solving, design and decision-making methodologies to develop components, systems and processes to meet specified requirements. (C.1)
- Technically Proficient: FEIT graduates apply abstraction, mathematics and discipline fundamentals, software, tools and techniques to evaluate, implement and operate systems. (D.1)
Contribution to the development of graduate attributes
Engineers Australia Stage 1 Competencies
This subject contributes to the development of the following Engineers Australia Stage 1 Competencies:
- 1.3. In-depth understanding of specialist bodies of knowledge within the engineering discipline.
- 1.4. Discernment of knowledge development and research directions within the engineering discipline.
- 1.6. Understanding of the scope, principles, norms, accountabilities and bounds of sustainable engineering practice in the specific discipline.
- 2.1. Application of established engineering methods to complex engineering problem solving.
- 2.2. Fluent application of engineering techniques, tools and resources.
- 3.1. Ethical conduct and professional accountability.
Teaching and learning strategies
This subject is a hands-on, career-oriented solution that emphasizes practical experience. It is a blended curriculum with both research and in-class learning.
Students attend classes for 3 hours/week. The lecture material is available on-line. Students are required to study this material in their own time before the class. There will be a lecture and discussion of the topics in class. The remainder of the time in the class will be devoted to practical labs.
Content (topics)
This subject aims to develop an in-depth understanding of digital forensics principles as well as the tools and configurations available.
The following topics are covered:
- The Legal Process in forensic investigation. Digital Evidence. Australian Privacy Principles
- Duties of First Responders
- Data Acquisition from Hard Disks and Networks
- Disk file systems including FAT32 and NTFS
- Windows Registry analysis
- Linux Artifacts of forensic interest
- Metadata in Graphics, Documents and Camera images
The following tools are covered:
- Protocol sniffers/analyzers
- TCP/IP utilities
- Windows Internals utilities
- Hard Disk (HDD) utilities
- Web-based resources
The predominant lab types are procedural, skills integration challenges, troubleshooting, and model building.
Upon completion of the subject, students will be able to perform the following tasks:
- Describe the security threats facing modern network infrastructures
- Secure network device access
- Implement forensic analysis on network devices
- Implement forensic analysis on hard disk devices
- Administer effective security policies
- Collect forensics material for specialist analysis
Assessment
Assessment task 1: Quiz
| Objective(s): | This assessment task addresses the following subject learning objectives (SLOs): 1, 2 and 4 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): D.1 |
|---|---|
| Type: | Quiz/test |
| Groupwork: | Individual |
| Weight: | 10% |
Assessment task 2: Assignment
| Intent: | The assignment is designed for students to demonstrate their skill in researching digital forensic topics in a real world environment. Students will practice their skills in collecting evidence from a digital device for later analysis by a forensic specialist. |
|---|---|
| Objective(s): | This assessment task addresses the following subject learning objectives (SLOs): 1 and 2 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): D.1 |
| Type: | Project |
| Groupwork: | Group, group and individually assessed |
| Weight: | 30% |
Assessment task 3: Skills tests
| Intent: | Skills Based Assessments (SBAs) are designed for students to demonstrate their skill in locating forensic evidence on a digital device. |
|---|---|
| Objective(s): | This assessment task addresses the following subject learning objectives (SLOs): 2, 3 and 4 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): B.1, C.1 and D.1 |
| Type: | Demonstration |
| Groupwork: | Individual |
| Weight: | 40% |
Assessment task 4: Weekly skills test
| Intent: | For students to demonstrate mastery of weekly lab concepts. |
|---|---|
| Objective(s): | This assessment task addresses the following subject learning objectives (SLOs): 1, 3 and 4 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): B.1, C.1 and D.1 |
| Type: | Laboratory/practical |
| Groupwork: | Group, individually assessed |
| Weight: | 20% |
Minimum requirements
In order to pass the subject, a student must achieve an overall mark of 50% or more.
Required texts
Refer to Readings in UTS Canvas.
Recommended texts
Nelson, Phillips, Steuart, Guide to Computer Forensics and Investigations, Sixth Edition, Cengage Learning 2019,
ISBN:978-1-337-56894-4
References
Jones, Bejtlich and Rose, Real Digital Forensics, Addison-Wesley, 2009 (7th printing) , ISBN 0-321-24069-3
Carrier, Brian, File System Forensic Analysis, Addison-Wesley, 2007 (5th printing) , ISBN 0-321-26817-2
Casey, Eoghan, Digital Evidence and Computer Crime, Elsevier, Academic Press, Third Edition c 2011 ISBN-10: 0123742684
http://en.wikipedia.org/wiki/Network_forensics
Other resources
UTS Canvas material includes announcements, lecture slides and Laboratory information: https://canvas.uts.edu.au/