COMP41660 Live Data Forensics

Academic Year 2022/2023

Please note this module is only available to active law enforcement students registered to the MSc in Forensic Computing and Cybercrime Investigation. There are no elective or audit places available to other programmes.

Live Data Forensics is a term describing tools, techniques, and procedures for preservation and analysis of volatile evidence contained from a running computer. Traditional forensics involves seizing the machine and returning it to the lab environment for a forensic analysis. This can destroy information or make information inaccessible, such as RAM contents, Encrypted containers, cloud storage data, etc. Live Data Forensics involves examining the machine on the scene in order to preserve this volatile information. In the course, we also will research new technologies regarding live data forensics.

Show/hide contentOpenClose All

Curricular information is subject to change

Learning Outcomes:

Upon successful completion of this module students should be able to:
• Describe the live data forensic process
• Prepare teams for site searches
• Knowing the legal aspects of live data forensics
• Acquire and analyse the contents of RAM
• Gather information on running systems
• Detect encrypted volumes
• Preserve information found on running systems in a forensically sound manner
• Analyse gathered artefacts and report their findings
• Research new devices or techniques in the field of live data forensics

Student Effort Hours: 
Student Effort Type Hours
Lectures

24

Practical

60

Autonomous Student Learning

116

Total

200

Approaches to Teaching and Learning:
Module is delivered online 
Requirements, Exclusions and Recommendations
Learning Requirements:

In order to take this module you must be a serving member of a law enforcement organisation.


Module Requisites and Incompatibles
Not applicable to this module.
 
Assessment Strategy  
Description Timing Open Book Exam Component Scale Must Pass Component % of Final Grade
Examination: End of trimester exam 2 hour End of Trimester Exam No Graded No

30

Continuous Assessment: Quizzes and assignments over the semester Throughout the Trimester n/a Graded Yes

70


Carry forward of passed components
No
 
Remediation Type Remediation Timing
In-Module Resit Prior to relevant Programme Exam Board
Please see Student Jargon Buster for more information about remediation types and timing. 
Feedback Strategy/Strategies

• Feedback individually to students, post-assessment

How will my Feedback be Delivered?

Not yet recorded.