Investigative Techniques

This is the module web page for Investigative Techniques (see module specification).

All teaching material written by myself (ie. Dr. Carl Pulley) is placed within this site's resource blog. By subscribing to this blog, you get to see when new material has been released or updated. My teaching materials may also be accessed by clicking on the relevant teaching week link under Teaching Materials on this page's sidebar.

This course assumes you are familiar with the following subjects areas:

  • the MVC design pattern (eg. as used within Ruby/Rails)
  • Javascript
  • Discrete Mathematics (ie. propositional and predicate logic)
  • UNIX Command Line
  • File Systems (eg. NTFS, Ext3 and FAT file systems) and their forensic analysis (eg. using Sleuthkit)
You should have previously covered all of these subjects on other modules.

Important Notes

This years teaching materials are a major rewrite of the previously taught material. The course has been rewritten to place a greater emphasis on:

  • programmatical extraction of digital evidence
  • exploration of extracted data sets
  • analysis and investigative techniques
  • documenting and reporting findings.

Software Requirements

Term 1 teaching will use a specially configured Ubuntu VMWare virtual machine. In term 2, we will use specialised Windows based tool environments.

Only these virtual machines and machine environments will be supported on this module.

Assessment

This module is assessed by two equally weighted assignments (Note: all assignment related questions should be raised using the appropriate Blackboard forum):

  • assignment 1: you will be presented with a forensic report and supporting evidence. Your job will be to verify and validate that report and its supporting evidence.
  • assignment 2: this will be an extensive forensic exercise aimed at testing both your ability to perform complex digital forensics and to interact with case managers/supervisors.

In addition, throughout this module you will be expected to complete a series of quizzes (some will be in-class and some are expected to be completed before the next practical). These quizzes are designed to measure and monitor your understanding of the taught material.

Whilst these quizzes will not directly contribute to your overall marks, anyone who fails to maintain a good overall average will receive a refer grade. The refer grade will be awarded on the basis that you have failed to satisfy the module specification learning outcomes and so, you can not pass the module.

Currently, it is anticipated that the term 1 in-class quizzes will occur in weeks 6, 10 and 12. During week 8 of term 1, you will be expected to complete an out of class quiz (this quiz will close at midnight on the Tuesday of the following week).