Unit 49 Digital Forensics

Quick Upload



To provide learners with an understanding of the principles of digital forensics and the impact on commerce, society and the individual.

Unit abstract

With the evolution of information technology and the increasing adoption of telecommunication based systems, opportunities for criminal and illegal practice have expanded exponentially. For an ICT professional, managing the security of any complex corporate system comes with many challenges. When a breach of the system occurs a criminal act takes place against an organisation or an individual. As with a real-world crime scene, a computer system can be used as a tool to implicate criminal activity. The need to preserve the crime scene and ensure the analysis is completed in a manner conducive to the fair and unbiased pursuit of justice is of the greatest importance. In legal proceedings, the evidence presented is often called into doubt by the presence of unsafe practice in the acquisition of forensic evidence from a computer system. In taking this unit, the learner is introduced to IT forensics and the critical need for accurate, detailed and recorded investigation of the fact. The practice of IT forensics has to be supported by individuals trained in national or international law enforcement practice. In preserving the scene learners must ensure system logs, operating system data and other relevant information is acquired and stored as an image of the time of forensic acquisition. Learners must be in a position to assist any potential legal process and ensure the evidence acquired supports a successful and fair legal outcome. Learners will need to understand and review cases where the process of forensic analysis determines the absence of direct criminal intent and serves as a process to improve security and administrative processes as well as technological implementation.

Learning outcomes

1 Understand the impact of digital forensics on the social and commercial environments

  • Approach: types eg legal forensic analysis, illegal forensic analysis, defensive forensics, offensive forensics
  • Data manipulation: digital data/information hiding techniques eg steganography, encryption, obfuscation; tools available
  • Malware: types eg virus, trojan, worm, zombie, botnet, keylogger, screen recorder; social engineering; exploitation of personal confidence
  • Motivation: deliberate eg commercial, criminal, personal, political, ideological, investigative; casual eg explorative, leading to deliberate motivation
  • Commercial: impacts eg loss of faith, financial loss, competitive advantage, unfavourable corporate image
  • Social: impacts eg financial loss, loss of resource, loss of access, loss of trust

2 Understand the principles of evidence gathering

  • Evidence:chain of custody; evidence preservation; local legislation on evidence; international evidence requirements; jurisdiction
  • Evidential challenges: technological change; technological behaviours; adaptability of the opponent; change in legislative practice; legal challenge
  • Involvement of legal authorities: international law enforcement; local law enforcement; criminal proceedings; civil action
  • Record keeping: methods eg reporting, recording, statements, system logs, operating system images
  • Interview of witnesses: methods eg keeping a record, with a co-interviewer, interviewees right to counsel; involvement of corporate personnel management eg disciplinary management, criminal proceedings, civil action; background checks

3 Be able to plan and implement digital forensics investigations

  • Network forensics: sources eg traffic monitoring, traffic signatures, Simple Mail Transfer Protocol (SMTP) logging, span ports, traffic redirection, traffic reassembly, intrusion detection systems, email trails, firewall logs, anomaly identification and management, scanning tools, Address Resolution Protocol (ARP) poisoning
  • Workstation or server forensics: sources eg analysis of file systems, different operating system profiles, malware detection and removal, working on images of systems, application MD5 fingerprint, registry (system database) change analysis
  • Data Forensics: sources eg storage device data recovery, analysis of data change, database rollback and audit
  • Device specificbehaviour: devices eg server, desktop computer, mobile device, file system, communication medium, protocol, application used, power status
  • Tools: commercial eg encase, fdk, helix, cloning software, virtualisation environments, virus scanning, network scanning, network analysis; open source; system logs; access logs
  • Planning: evidence gathering techniques; involvement of legal authority; involvement of corporate personnel management; record keeping; time constraint; diligence
  • Safe practice: procedures eg handling evidence on first receipt, creation of images, disk cloning, safe shutdown of an active system for forensic analysis.

4 Be able to analyse the outcomes of digital forensics investigations

  • Presentation of the fact: impartial information; absence of supposition; detailed delivery; independent analysis eg second opinion
  • Reporting: legal proceedings (civil, criminal, disciplinary, technical review, security audit, procedural audit)
  • Procedural change: update policy eg security, technology, forensic analysis technique, staff vetting



Casey E – Handbook of Digital Forensics and Investigation (Academic Press, 2009) ISBN-10: 0123742676
Carvey H – Windows Forensic Analysis DVD Toolkit (Syngress, 2009) ISBN-10: 1597494224
Malin C et al – Malware Forensics: Investigating and Analyzing Malicious Code (Syngress, 2009) ISBN-10: 159749268X



Our Features
Recent Reviews

Thank you so much

Aliza Smith

I was running short of time in writing assignment as I ha...

Kurt Low

Good Work, answer of the task is awesome. There are no si...

Related Subjects
Related Assignments
Related Solutions

Related solutions yet to come.

Happy Students Testimonials