Topic outline

  • Welcome to the course on 'Computer Security, Forensics and Ethical Hacking'


    The aim of this course is to equip you with the knowledge and techniques to computer forensics practices and evidence analysis. It prepares you to use various forensic investigation approaches and tools necessary to start a computer forensics investigation. It also aims at increasing the knowledge and understanding in cyber security and ethical hacking.

  • Unit 1: Introduction

    Overview

    In this unit, we introduce basic knowledge of Computer Forensics, Computer Hardware and understanding of File Systems. Electronic devices like smartphones, computers and other devices, though conferring numerous benefits to us, have become a major threat for us in today’s era. Technology has given rise to new crimes and new tactics that we read about every day. Moreover, we are also leaving a trail of 1s and 0s, leaving digital footprints as we go about our daily life.

    Smartphone records, bank transactions through ATM or internet banking, searches carried out on internet, emails, text messages, chats and so on, all leave trails of evidences. Computer evidences are often transparent but are also created by the respective operating systems without the knowledge of the users. A user has a tendency to conclude that the deletion of data from a device can secure him/her from tracking evidences. We shall see in later units that it is normally not the case.

    Cyber activities have become an important part of our daily lives and one of the major national security threats. Cyber activities have opened the doors for terrorism, human trafficking, child pornography, bank robbery, health care fraud, financial institution fraud, drug dealing, and many other types of frauds/crimes. Digital Forensics can help in finding evidences against cyber-attacks. Digital forensics plays a major role in admitting evidences in a court of law.

    Hence this module will address the above issues. But first, let us start by defining the basic terms and concepts pertinent to issues to Forensics and Ethical Hacking.


    Learning Outcomes

    Upon completion of this unit, you will be expected to:

    • define the terms computer crime, cybercrime and computer forensics
    • identify some digital forensic investigation methods
    • explain what is meant by forensic readiness
    • identify computer hardware components
    • define defragmentation
    • identify the hardware components for networking
    • define file systems, types of file systems, file system categories


  • Unit 2: Forensics Categories

    Overview

    In this unit, we introduce memory forensics and data acquisition from the memory. Traditional forensics investigation follows the dead-box-analysis of capturing and analyzing the data on computer hard drive, USB devices, floppy disk, CDs/DVDs and other related devices. Traditional forensics methods are limited when certain scenarios like encryption of hard-drive or hidden information in a document or in memory crop up. Memory forensics is based on live analysis by capturing and analyzing the volatile Random Access Memory (RAM) process and information.


    Learning Outcomes

    Upon completion of this unit, you will be expected to:

    • define memory forensics
    • explain the importance of searching memory for evidence, shadow walker
    • define Live Response
    • identify the categories of data that can be collected from memory
    • explain different commands used for getting data from different parts of the system
    • differentiate between Hardware Data Acquisition and Software Data Acquisition
  • Unit 3: Computer Forensics Tools

    Overview

    One important aspect in computer forensics is the use of software tools to collect digital evidence for analysis purposes. The collection of digital evidence can be termed as the process of acquiring, duplicating and recovering files. To enable this process, software tools are needed. To acquire and duplicate data, tools which can do an exact replica of the disk is needed to do a sector by sector replica of the disk. This will enable computer forensics analysts to analyse the data without the fear of tampering with the digital evidence. Also the replica will act as a backup which is very important. Recovering from deleted files require other tools. This unit will enumerate tools which computer forensics analysts use during collection and analysis of data.


    Learning Outcomes

    Upon completion of this unit, you should be able to :

    • identify how files are deleted
    • recover deleted files and partitions
    • utilise forensic tools to acquire digital information
    • explore the Windows Registry for important information

  • Unit 4: Forensics Investigation Process

    Overview

    In this unit, we introduce in more details the different steps carried out during a forensic investigation and how to collect digital evidences. A computer or a device can have distinct roles in a forensic case. A computer or any related devices can be the target of crime or it can be used as a tool to cause an attack or a computer or device can be the one where the crime related information are stored. Security Incident is considered regardless of an action to be a crime or any violation of security. Criminal investigation is done to investigate the first incident type in which a device is used as a tool in committing a crime. What matters is how we respond to a crime- related incident  involving computers and other related devices.


    Learning Outcomes

    Upon completion of this unit, you will be expected to:

    • explain what is meant by security incident, first response
    • identify incidents based on the category of Low, Mid or High level
    • explain how to secure and evaluate different electronic crime scenes
    • explain how to conduct preliminary interviews
    • explain how to document electronic crime scenes
    • identify the process to collect and preserve electronic evidences
    • explain how the packaging and transport of electronic evidences should be carried out

  • Unit 5: Ethical Hacking

    Overview

    In this unit, we discuss the major concepts related to hacking, malwares and the network security attacks. Cyber security threats come in various forms; ranging from hacking, to utilisation of malwares and through the use of coordinated network attacks. Those threats are major security challenges to a computer system and network. It is important to understand those threats in order to better provide security countermeasures. As a result, to comprehend the impact of those threats on a computer system and network, ethical hacking provides an objective analysis of the security risk and level of the computer system and network along with potential countermeasures. Therefore, during the process of ethical hacking, it is important to understand the roles and responsibilities of an ethical hacker compared to a hacker, understand the hacking process, elaborate an ethical hacking plan and the use of tools to conduct an ethical hacking. Furthermore, malwares are the main sources of threats to computer system. They come in different types, mainly viruses, worms and Trojan horses. Malwares are widely used by hackers to infect computer system. Hence it is important to understand the different types of malwares, ways of detecting them and solutions to combat them. Finally, since all computer systems are interconnected through a computer network, most security attacks emanate through the use of the networks. Therefore understanding the various forms of network attacks is important in order to provide appropriate solutions which will enable an ethical hacker to provide adaptable solutions.


    Learning Outcomes

    Upon completion of this unit, you should be able to :

    • differentiate between ethical hackers and malicious hackers
    • identify the different types of hackers and hacking
    • structure the ethical hacking process
    • define malwares
    • differentiate among the different types of malwares and the threats posed by them
    • recognise the symptoms of a malware
    • describe the process life cycle of a malware
    • propose tools for malware detection and for providing safeguards against such malwares

  • Mini Project: Casework Assessment

    Write a report discussing how you would conduct the computer forensic investigation for the Employee Intellectual Property Information Theft scenario. You make wish to expand in detailed each of the individual steps involved during the investigation, providing reasonable argument as to why you have chosen such approach, tools and methodology. Use the knowledge which you have acquired from Units 1 to 4.

    Submit your report in the 'Submission Box' below.