rgb(255,255,0)
rgb(154,206,235)
rgb(255,165,0)
rgb(255,255,0)
rgb(255,255,0)
rgb(154,206,235)
rgb(255,0,0)
BN309 - Computer Forensics
Credit Points: 15 credit points
Workload: 48 hours
Prerequisite: BN203 Network Security 1
Co-requisite: N/A
Aims & Objectives
This is an elective unit out of a total of 24 units in the Bachelor of Networking (BNet). This unit addresses the BNet course learning outcomes and complements other courses in a related field by developing students’ specialised knowledge in computer forensics and applying critical skills such as data acquisition, processing crime scenes and analysing and validation of forensics data and forensics ethics. For further course information refer to: http://www.mit.edu.au/study-with-us/programs/bachelor-networking. This unit is part of the AQF Level 7 (BNet) course.
This unit provides students with an understanding and appreciation of the discipline of Computer Forensics. They will also learn how Computer Forensics interacts with other organisational groups, especially with general management and with other forensics groups.
This unit will cover the following areas:
- Introduction to Computer Forensics
- Understanding Computer Investigations
- Data Acquisition, Processing Crime and Incident Scenes
- Computer Forensics Analysis and Validation
- Report Writing for High-Tech Investigations
- Expert Testimony and Ethics
Learning Outcomes
4.1 Course Learning Outcomes
The Course learning outcomes applicable to this unit are listed on the Melbourne Institute of Technology’s website: www.mit.edu.au
4.2 Unit Learning Outcomes
At the completion of this unit students should be able to:
a. Document evidence and report on computer forensics findings;
b. Implement a number of methodologies for validating and testing computer forensics tools and evidence;
c. Exhibit and understand forensics ethical behaviour and professional conduct;
d. Implement a process to support the administration and management of computer forensics;
e. Conduct practical investigations into computer forensics, including industry and legal procedures with respect to data acquisitions
Weekly Topics
This unit will cover the content below:
| Week # | Lecture Topic | Laboratory and Tutorial |
|---|---|---|
| 1 | Introduction to Computer Forensics | Laboratory 1: Copy Image and Analyse |
| 2 | Understanding Computer Forensics Investigations (including Forensics Offices and Laboratory) | Laboratory 2: Crime Scene Investigations |
| 3 | Data Acquisition | Laboratory 3: Data Acquisition 1 |
| 4 | Processing Crime and Incident Scenes | Laboratory 4: Data Acquisition 2 |
| 5 | Windows Forensics | Laboratory 5: Data Recovery using Windows |
| 6 | Computer Forensics Tools | Laboratory 6: Data manipulation |
| 7 | Macintosh and Linux Forensics | Laboratory 7: Data Reconstruction |
| 8 | Computer Forensics Analysis and Validation | Laboratory 8: Virtual Machines and Emails |
| 9 | Virtual Machines, Network Forensic, Live Acquisitions and Emails | Laboratory 9: Emails Recovery |
| 10 | Mobile Devices and Forensics Reports | Laboratory 10: Preparing Forensics Evidence for Testimony |
| 11 | Expert Testimony | |
| 12 | Forensics Ethics | Review |
Assessment
| Assessment Task | Due Date | A | B | Learning Outcomes Assessed |
|---|---|---|---|---|
| Formative Assignment 1 | Week 3 (10/04/2022) | 5% | a | |
| In-Class Test | Week 7 (03/05/2022) | 10% | b-c | |
| Assignment 2 | Week 11 (01/06/2022) | 25% | a-d | |
| Laboratory and Problem Based Learning participation & submission | Week 2 – 11 (08/06/2022) | 10% | a-e | |
| Final Examination (2 hours) | 50% | a-e | ||
| TOTALS | 40% | 60% |
Task Type: Type A: unsupervised, Type B: supervised.
Contribution and participation
This unit has class participation and student contribution as an assessment. The assessment task and marking rubric will follow the Guidelines on Assessing Class Participation (https://www.mit.edu.au/about-us/governance/institute-rules-policies-andplans/policies-procedures-and-guidelines/Guidelines_on_Assessing_Class_Participation). Further details will be provided in the assessment specification on the type of assessment tasks and the marking rubrics.
Presentations (if applicable)
For presentations conducted in class, students are required to wear business attire.
Textbook and Reference Materials
Text Book:
- Jason Sachowski, Implementing Digital Forensic Readiness: From Reactive to Proactive Process, Second Edition, CRC Press, 2019
References:
- B. Nelson, A. Phillips, C. Steuart, Guide to Computer Forensics and Investigations, 5th ed., Course Technology Cengage Learning, 2016.
- M. E. Whitman and H. J. Mattord, Management of Information Security, 5th ed,, Cengage learning, 2016.
- R. Smith, Elementary Information Security, 2nd ed,, Jones & Bartlett Learning, 2015.
- J. R. Vacca, Computer and Information Security Handbook, 2nd ed., Morgan Kaufmann, 2013.
Internet references:
- SANS: http://www.sans.org
- NIST: http://www.nist.org
Reference Style: IEEE
Students are required to purchase the prescribed text and have it available each week in the class.
Graduate Attributes
MIT is committed to ensure the course is current, practical and relevant so that graduates are “work ready” and equipped for life-long learning. In order to accomplish this, the MIT Graduate Attributes identify the required knowledge, skills and attributes that prepare students for the industry.
The level to which Graduate Attributes covered in this unit are as follows:
| Ability to communicate | Independent and Lifelong Learning | Ethics | Analytical and Problem Solving | Cultural and Global Awareness | Team work | Specialist knowledge of a field of study |
|---|---|---|---|---|---|---|
Legend
| Levels of attainment | Extent covered |
|---|---|
| The attribute is covered by theory and practice, and addressed by assessed activities in which the students always play an active role, e.g. workshops, lab submissions, assignments, demonstrations, tests, examinations. | |
| The attribute is covered by theory or practice, and addressed by assessed activities in which the students mostly play an active role, e.g. discussions, reading, intepreting documents, tests, examinations. | |
| The attribute is discussed in theory or practice; it is addressed by assessed activities in which the students may play an active role, e.g. lectures and discussions, reading, interpretation, workshops, presentations. | |
| The attribute is presented as a side issue in theory or practice; it is not specifically assessed, but it is addressed by activities such as lectures or tutorials. | |
| The attribute is not considered, there is no theory or practice or activities associated with this attribute. |