Foundations of Forensic Computing

Duration: 2 weeks Full Time

Examination: Written 2 hours, Practical 3 hours

Students acquire the knowledge, understanding and practical experience that will enable them to find and recover admissible digital evidence from PC based computers and the skills that will permit them competently to present such evidence in a Court of Law.

Topics Include: Electrical Safety, Exhibit handling and Continuity, ACPO Guidelines, Imaging and Reliability, Disk and Solid State systems, Manufacturers reserved areas , Disk Mapping, Data Storage Methods, Raid Construction, Computing Fundamentals, BIOS operation, use of DOS tools, Internals of FAT and NTFS (in great detail), Hidden Data, USB and other external devices, File Signatures and association, search catches and indexes, Registry examination, Passwords and Encryption, Recovery of date from an allocated space and methods to give it provenance, Forensic Computing Ethics.

Many of the above are subject to practical exercises and at least 6 disks will be analysed. The practical examination is based on the analysis of a complete hard disk.

This course is for practitioners, and applicants should normally be employed by, and sponsored by law enforcement or associated agencies, or a reputable organisation involved in the forensic computing domain.

For new or inexperienced analysts, it is strongly recommended that this Foundation Course is completed before other relevant courses are attempted. Knowledge of much of the content of this course and the methods offered are assumed for later courses.

Accredited Prior Learning (APL) may be awarded for previous relevant studies. Individual guidance will be provided with respect to assessing APL.

This course is detailed to a degree that allows students to understand how commercial forensic tools work, and enables them to extract digital evidence directly from binary images, beneath the level at which the tools operate.

This course is designed to address the need for continuing professional development and career progression within a rapidly changing environment.

With this course students will be awarded 20 credits. Students can then build more credits through successful completion of related courses and assessments, which may lead to a PG Cert Higher Education award.

This course is taught exclusively by Professor Tony Sammes.

With well over 1,000 forensic examinations, and 14 years of experience in teaching forensic computing, courses offered by Tony are highly specialist with a blend of highly practical hands-on experience, combined with rigorous theoretical and academic training.

Course delivery is a combination of practical hands-on experience, combined with rigorous theoretical and academic training.

This course is delivered in the Forensic Laboratory at De Montfort University, in Leicester City Centre.

The laboratory is new, and has been purpose built with “super fast” machines, wide screen monitors, and an array of top-of-the range display systems. The Lab is situated within a security controlled area of the Cyber Security Centre, and is a very pleasant place to work.

£2,200

TBC

• Forensic Examination of Internet Use
• Forensic Examination of Network Computers

• Current Issues for Practitioners
• Scripting and Searching
• Binary Analysis of Microsoft Documents
• Alternative Operating System Forensics
• Advanced Topics in Forensic Computing

There are numerous hotels within easy walking distance (5-10 minutes) of De Montfort University (DMU) offering different grades of accommodation. Most will offer Government and Law Enforcement or DMU rates. A number are on the edge of the Town Centre and either have their own car parks, or have arrangements in place for discounted parking nearby.

T: +44 (0)116 250 6339

E: fc4p@dmu.ac.uk