Unit 24: Forensics

Unit code F/615/1658
Unit type Core
Unit level 5
Credit value 15


This unit introduces students to digital forensics involving the use of specialised techniques to investigate the recovery, authentication and analysis of data on electronic data storage devices as well as Network Security breaches and cyberattacks using different tools and techniques.

With the current widespread use of digital devices, digital forensics has become an important part of the detection of crime by being able to identify details of what has been stored on a digital device(s) in the past. Students will have the opportunity to learn about some of the lower level structures of data storage devices, and techniques used to investigate them.

Among the topics included in this unit are: describing the process of carrying out digital forensics; Forensic Investigation legal guidelines and procedures; understanding low level file structures of several Operating Systems (OS); creating a book disk to enable forensic examination of devices; and undertaking a forensic examination of a device(s) and/or Network Security breaches and cyberattacks.

On successful completion of this unit students will be able to carry out digital forensics in accordance with industry and legal guidelines and procedures using different tools as well as understand low-level file structures of several Operating Systems and undertake digital Forensic Investigation of devices.

As a result they will develop skills such as communication literacy, critical thinking, analysis, reasoning and interpretation, which are crucial for gaining employment and developing academic competence.

Essential Content

LO1: Examine the processes and procedures for carrying out digital Forensic Investigation

  • The process of carrying out digital Forensic Investigation:
  • Discuss what is meant by Digital Forensics.
  • Identity the processes and procedures for carrying out digital Forensic Investigation.

LO2: Discuss the legal and professional guidelines and procedures for carrying out digital Forensic Investigation

  • Processes and procedures for carrying out digital Forensic Investigation:
  • Law enforcement:
  • Give a summary of the APCO guidelines in relation to evidence collection, evidence preservation in a Forensic Investigation case. Discuss the activities of authorities (e.g. MI5/MI6, GCHQ and NSA) in relation to Forensic Investigations.
  • Legal and ethical considerations:
  • Discuss the following legal and ethical considerations when conducting a Forensic Investigation; Data Protection Act; Computer Misuse Act and the Freedom of Information Act.
  • Other stakeholders:
  • Forensic Science‚Äôs Society guidelines
  • British Computer Society

LO3: Use a tool or tools to conduct digital Forensic Investigation on devices or networks or cyberattacks

  • Tools required to conduct digital Forensic Investigation:
  • Hardware and software tools.
  • Conduct digital Forensic Investigation:
  • Conduct digital Forensic Investigation of devices, networks or cyberattacks.

LO4: Develop a Test Plan and make some recommendations for use in digital Forensic Investigation

  • Develop a Test Plan for digital devices or networks or cyberattacks:
  • Digital Forensics Test Plan
  • Recommendations for improving digital Forensic Investigations.