65327 Web Monitoring and Investigations
Warning: The information on this page is indicative. The subject outline for a
particular session, location and mode of offering is the authoritative source
of all information about the subject for that offering. Required texts, recommended texts and references in particular are likely to change. Students will be provided with a subject outline once they enrol in the subject.
Subject handbook information prior to 2025 is available in the Archives.
Credit points: 6 cp
Result type: Grade and marks
Requisite(s): 48436 Digital Forensics AND 65326 Digital and Cyber Crime
Description
This subject provides students an understanding of web investigation and surveillance which are required to deal with network-based cybercrime. On completion of this subject, students have developed an understanding of detecting various network-based crimes, and learned how to collect network-based evidence for prosecution/investigation and how to monitor the network for intelligence gathering (e.g., for illicit drug). Students are also introduced to new types of network crimes arisen due to the advancement of technology (such as cloud, IoT, social media, dark web) and ways to mitigate them using network forensic science. Students develop their practical digital investigation skills through the use of computer laboratory classes. This subject enhances the basic research skills of students by encouraging them to reviewing current trends in network forensic science.
Subject learning objectives (SLOs)
Upon successful completion of this subject students should be able to:
| 1. | Identify activities which constitute web investigation and surveillance, including intrusion detection, incidence response, and network forensic science |
|---|---|
| 2. | Identify and implement practical steps of web investigation and surveillance including network traffic analysis |
| 3. | Use network forensic science techniques to analyse traces collected from network and various host operating systems |
| 4. | Communicate complex findings from investigations and generate an expert witness report |
Course intended learning outcomes (CILOs)
This subject also contributes specifically to the development of following course intended learning outcomes:
- Demonstrate a command of forensic science practice, including the detection, collection, and analysis of traces in order to exploit and integrate the results of analyses into investigative, evaluative and intelligence frameworks. (1.1)
- Apply investigative, critical thinking and problem-solving skills to forensic science problems and design experimental methods to test hypotheses and critically analyse and interpret data. (2.1)
- Apply forensic science professional skills with a high degree of personal autonomy and reflection to demonstrate initiative and innovative thinking in solving complex forensic problems. (4.1)
- Demonstrate skills in communicating experimental conclusions, expert opinion, and the justification of professional decisions related to forensic science processes effectively to expert, scientific, and non-expert audiences. (5.1)
Contribution to the development of graduate attributes
This subject develops the following graduate attributes:
1.0 Disciplinary knowledge
Students will learn what activities constitute network-based crime, how to do web investigation and surveillance for mitigating such crime, some advanced form of network crime, and digital traces left during such crime. Students will be introduced to the fundamentals during the lectures, and will have an opportunity to apply to this during the computer lab classes.
Feedback on the students’ knowledge will be provided during the computer laboratory sessions and assessments. Students will be assessed on their discipline knowledge and their ability to apply it in assessment tasks 1 and 3.
2.0 Research, inquiry, and critical thinking
During the computer laboratory classes, students will need to develop their investigative and problem-solving skills in order to determine the best way to identify network-based crime by analyzing their traces, and how to mitigate such attacks using incidence response. Students will be provided verbal feedback during the computer lab classes. Furthermore, in the project, students will be asked to do research a real-world network forensic science case and inquiry into the case. Students will be assessed on this in assessment tasks 1, 2, and 3. Students will be provided both verbal and written feedback for the project.
4.0 Reflection, Innovation, and Creativity
Students will gain awareness and experience in digital investigation processes and techniques in the lectures and computer laboratory sessions. Students will have an opportunity to implement these skills in a project where they will be completing activities to study a research case. During these activities, students will receive informal verbal feedback from the instructor. Students will be assessed on these skills in assessment task 2.
5.0 Communication
The communication skills developed in this subject are essential for the student to be able to translate complex ideas to a lay audience. The ability to transform complex jargon and findings are necessary for a digital forensic scientist to possess. In the project and computer labs, students will be completing activities that will require them to report their findings in the form of an expert witness report. Students will receive feedback on their written communication skills through the weekly computer lab activities. Students will be assessed on this ability in assessment task 3.
Teaching and learning strategies
Students will attend a series of weekly lectures and computer laboratory classes in this subject.
Lectures
Lectures will be two hours per week. These classes will introduce students to the key theoretical concepts of the subject. Lectures will provide an opportunity for the students to question and clarify any of the subject material. It is expected that students read the lecture material before coming to class to allow for engaging classroom discussion. Students will discuss in small groups the case scenario presented. These activities give rise to opportunities for verbal affirmation and feedback from both peers and lecturer. All resources used in the lectures will be available through Canvas before the scheduled classes. Case studies and examples will be used in the lectures to help understand what constitutes web surveillance and investigation. The lectures are vital to supporting the students’ understanding for the computer laboratory classes. Students understanding of the lecture materials will be accessed in assessment tasks 1, 2, and 3.
Computer Labs
The computer labs will be two hours per week. Computer lab sessions provide students with the opportunity to apply the principles learned in lectures. Students will work individually and collaboratively in the computer lab, developing their skills in web investigation and surveillance processes. During the classes, students will receive feedback on their progress from the computer lab facilitator and from their completion of the computer lab activities. The practical skills developed in the computer labs will be essential for the completion of assessment tasks 1 and 3.
Content (topics)
- Introduction to Web Monitoring and Investigation
- Network Traffic Analysis
- Intrusion Detection (including honeypot)
- Incident Response
- Incident Response Continue.
- Internet Investigation (including browser forensic science)
- Email Forensic science
- Social Media Forensic science
- Web Surveillance
- Dark Web Monitoring and Investigation
- Cloud Forensic science and IoT Forensic science
Assessment
Assessment task 1: Computer Lab
| Intent: | This assessment task contributes to the development of the following graduate attributes:
|
|---|---|
| Objective(s): | This assessment task addresses subject learning objective(s): 1 and 2 This assessment task contributes to the development of course intended learning outcome(s): 1.1 and 2.1 |
| Type: | Laboratory/practical |
| Groupwork: | Individual |
| Weight: | 30% |
| Criteria: | Students will be assessed on their ability to:
|
Assessment task 2: Group project
| Intent: | This assessment task contributes to the development of the following graduate attributes:
|
|---|---|
| Objective(s): | This assessment task addresses subject learning objective(s): 1, 2 and 4 This assessment task contributes to the development of course intended learning outcome(s): 2.1, 4.1 and 5.1 |
| Type: | Project |
| Groupwork: | Group, group assessed |
| Weight: | 30% |
| Criteria: | Students will be assessed on their ability to:
|
Assessment task 3: Practical Assessment and Expert Report
| Intent: | This assessment task contributes to the development of the following graduate attributes:
|
|---|---|
| Objective(s): | This assessment task addresses subject learning objective(s): 1, 2, 3 and 4 This assessment task contributes to the development of course intended learning outcome(s): 1.1, 2.1, 4.1 and 5.1 |
| Type: | Laboratory/practical |
| Groupwork: | Individual |
| Weight: | 40% |
| Criteria: | Students will be assessed on their ability to:
|
Minimum requirements
Computer labs for this subject are an integral part of learning the material, thus students are expected to attend all scheduled computer lab sessions. Failure to attend a class that is associated with an assessment item will attract a mark of zero for that assessment item unless an acceptable reason for the absence, supported by relevant documentary evidence, is provided.