CS414 – Digital Forensics

Credits 20
Level 4
Prerequisites CS210 Computer Systems & Architecture, CS313 Computer Systems & Concurrency
Semester 2
Elective No
Contact Lectures: 20 | Tutorials: 0 | Labs: 20
Assignments: 80 | Self study: 80
Assessment 40% coursework, 60% written examination.
Lecturer Dr George Weir

Aims and Objectives

To enable students to understand issues associated with the nature of cybercrime, digital evidence, detection methods and proof, in a variety of digital forensic contexts, including computers, networks and portable digital devices.

Learning Outcomes

On completion of the class, a student should be able:

  • to understand the varieties and impact of cybercrime
  • to undertake digital forensic examinations, where evidence is collected to support or oppose a hypothesis;
  • to appreciate the need and nature of digital intelligence gathering;
  • to understand the role of the file system in detecting and mapping user activity
  • to understand the nature of live forensics and network-based detection techniques
  • to appreciate the implications for digital forensics of changes in digital devices and cloud services
  • to understand the nature of anti-forensics


1. Context, Legal and Practical Considerations
Cybercrime; Forensic process; Legal process and law enforcement; ACPO guidelines; Digital evidence; Incident response

2. Computer Forensics
File Systems, (File system organisation; Memory; Registry; System logs); Disk imaging; Programs and their traces; Searching and analysis; Investigative tools (Open Source and Proprietary); Email & Browsers

3. Network Forensics
Intrusion detection; Attack trace-back; Packet inspection; Log analysis

4. Other topics
Mobile devices, Games consoles, etc.; Hashing issues; Anti-forensics (encryption and stealth techniques); Cloud computing

Indicative Reading*

* This list is indicative only – the class lecturer may recommend alternative reading material. Please do not purchase any of the reading material listed below until you have confirmed with the class lecturer that it will be used for this class.

Digital Forensics with Open Source Tools. Altheide, C & Carvey, H., Syngress, 2011.

The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics. Sammons, J. Syngress, 2012.

Windows Forensic Analysis (2nd edition). Carvey, H. Syngress, 2009.

Real Digital Forensics: Computer Security and Incident Response. Jones, K., Bejtlich, R. & Rose, C. Addison-Wesley, 2005.