Program Overview

Introduction to ITE515 Forensic Analysis

ITE515 Forensic Analysis is a subject that equips students with the knowledge, skills, and abilities to handle advanced incident handling scenarios, conduct formal incident investigations, and carry out forensic investigation of networks and hosts.

Subject Information

Grading System

The grading system for this subject is SY/US.

Duration

The duration of this subject is one session.

School

This subject is offered by the School of Computing and Mathematics.

Enrolment Restrictions

This subject is available only to students enrolled in the Master of Information Systems Security and Master of Management (Information Technology).

Prerequisites

The prerequisite for this subject is ITI500.

Learning Outcomes

Upon successful completion of this subject, students should:

• be able to demonstrate usage of a range of forensic tools and how they function
• be able to describe the forensic methodology, tools, and techniques
• be able to successfully solve a range of forensic case studies

Syllabus

This subject will cover the following topics:

• File System Structures and Metadata
• FAT/NTFS/Ext2/Ext3 File System Essentials
• Evidence Handling and Integrity Best Practices
• Evidence Acquisition of Hard Drives and Volatile Data
• String Searching Utilizing Dirty Word Lists
• File System Timeline Analysis
• Data Recovery Techniques Using Strings and File Headers
• Forensic Hash Comparisons via Hash Databases
• Media Analysis of System Registry, Internet Activity, and File Metadata
• Application Footprinting
• USB Forensic Analysis
• Fuzzy Hashing
• Windows XP and VISTA Forensics

Certification

Students will be required to pass the GIAC Certified Forensics Analyst (GCFA) industry certification exam to complete this subject.