Module Specification

The information contained in this module specification was correct at the time of publication but may be subject to change, either during the session because of unforeseen circumstances, or following review of the module at the end of the session. Queries about the module should be directed to the member of staff with responsibility for the module.
1. Module Title Computer Forensics
2. Module Code COMP343
3. Year Session 2023-24
4. Originating Department Computer Science
5. Faculty Fac of Science & Engineering
6. Semester Second Semester
7. CATS Level Level 6 FHEQ
8. CATS Value 15
9. Member of staff with responsibility for the module
Dr JA Ray Computer Science Jeffrey.Ray@liverpool.ac.uk
10. Module Moderator
11. Other Contributing Departments  
12. Other Staff Teaching on this Module
Mrs J Birtall School of Electrical Engineering, Electronics and Computer Science Judith.Birtall@liverpool.ac.uk
Professor M Gairing Computer Science M.Gairing@liverpool.ac.uk
13. Board of Studies
14. Mode of Delivery
15. Location Main Liverpool City Campus
    Lectures Seminars Tutorials Lab Practicals Fieldwork Placement Other TOTAL
16. Study Hours 20

    20

    40
17.

Private Study

110
18.

TOTAL HOURS

150
 
    Lectures Seminars Tutorials Lab Practicals Fieldwork Placement Other
19. Timetable (if known)            
 
20. Pre-requisites before taking this module (other modules and/or general educational/academic requirements):

COMP124 Computer Systems
21. Modules for which this module is a pre-requisite:

 
22. Co-requisite modules:

 
23. Linked Modules:

 
24. Programme(s) (including Year of Study) to which this module is available on a mandatory basis:

25. Programme(s) (including Year of Study) to which this module is available on a required basis:

26. Programme(s) (including Year of Study) to which this module is available on an optional basis:

27. Aims
 

To provide a firm foundation to the field of information retrieval.

To develop an systematic understanding of the theory and practice of computer forensics.

To develop the skills and knowledge to undertake a forensic computing investigation in a systematic manner utilising existing methods, tools and techniques.

 
28. Learning Outcomes
 

(LO1) Demonstrate a systematic and thorough understanding of the theoretical concepts, processes and role of a computer forensics investigator in the organisation and law enforcement.

 

(LO2) Ability to Apply an appropriate and systematic approach to initiating and conducting a forensic investigation.

 

(LO3) Ability to select appropriate tools and techniques to recover and analyse material from a range of sources

 

(LO4) Demonstrate a critical awareness of issues and requirements for dealing with evidence.

 

(LO5) Demonstrate a critical awareness of issues and requirements when analysing and evaluating physical and forensic computing data evidence.

 

(S1) Self-management readiness to accept responsibility (i.e. leadership), flexibility, resilience, self-starting, appropriate assertiveness, time management, readiness to improve own performance based on feedback/reflective learning.

 

(S2) Literacy application of literacy, ability to produce clear, structured written work and oral literacy - including listening and questioning.

 

(S3) Computer Science practice

 
29. Teaching and Learning Strategies
 

Teaching Method 1 - Lecture
Description: Lectures

Teaching Method 2 - Practical
Description: Computer labs

Standard on-campus delivery with minimal social distancing.
As our planning has already gone too far, even if the campus opens up, we will offer hybrid teaching
Teaching Method 1 - Lecture
Description: On-line synchronous/asynchronous lectures
Teaching Method 2 - Laboratory Work
Description: On-line synchronous/asynchronous sessions
Teaching Method 3 - Tutorial
Description: Mix of on-campus/on-line synchronous/asynchronous sessions

 
30. Syllabus
   

Overview of Computer Forensics (Week 1)
- What is Computer/High Tech Crime?
Storage Media (Week 2)
- Basic Architecture
- Analysis of storage devices
Types of offences: (Week 3)
- Hacking, Fraud, Corporate Computer Misuse, etc.
Legal aspects, principles and current practice regarding the handling of digital evidence
- Forensic Computing in Law enforcement and National security
Forensic investigation technologies for various operating systems (Week 4 & 5)
Forensic investigation strategies & Methodologies
Forensic imaging of media
- Forensically sound copying and storing of media using
imaging software
E-Mail & Internet activity history (week 6)
Data Hiding / Steganography / Cryptography (Password cracking) (Week 7)
Industry software (Week 8 – 10)

 
31. Recommended Texts
  Reading lists are managed at readinglists.liverpool.ac.uk. Click here to access the reading lists for this module.
 

Assessment

32. EXAM Duration Timing
(Semester)
% of
final
mark
Resit/resubmission
opportunity
Penalty for late
submission
Notes
  (343) Final exam 120 70
33. CONTINUOUS Duration Timing
(Semester)
% of
final
mark
Resit/resubmission
opportunity
Penalty for late
submission
Notes
  (343.2) Assessment 2 Reassessment opportunity: Yes, resit exam will replace failed CA components, the Learning Outcomes will be covered in the resit exam. 0 15
  (343.1) Assessment 1 Reassessment opportunity: Yes, resit exam will replace failed CA components, the Learning Outcomes will be covered in the resit exam. 0 15