• E4J University Module Series: Cybercrime

• Module 6: Practical Aspects of Cybercrime Investigations and Digital Forensics

• Introduction and learning outcomes

• Key issues

• • Legal and ethical obligations
  • Handling of digital evidence
  • Digital evidence admissibility
  • Conclusion
  • References

• Exercises

• Possible class structure

• Core reading

• Advanced reading

• Student assessment

• Additional teaching tools

•  

• First published in March 2019 
  

•  

 

  This module is a resource for lecturers  

 

Additional teaching tools

 

Cases in the Media

These cases can be used as stimulate discussion during the lecture:

• NPR. FBI-Apple Encryption Dispute.
• Statt, Nick. (2016). Canadian police have had master key to BlackBerry's encryption since 2010. The Verge, 14 April 2016.

 

Mock Exercises

Lecturers can use the following information to create forensic data acquisition mock exercises:

There are several types of data imaging such as static drive based (ColdSnap), live system-based (HotSnap), and network-based etc. To image the drive or network, there are hardware and software write blocker solutions. A sample guide about write blockers can be found here.

Example of a hardware-based solution: Tableau Forensic Imager TX1

Image source; source guide.

You can identify acquisition steps from the above user guide and create an exercise.

Example of a software based solutions: FTK Imager

Image source.

A sample guide from which a mock exercise can be created using this tool can be found here.

Example of a digital forensics tool: EnCase

Image source.

A sample guide from which a mock exercise can be created using this tool can be found here.

Example of a network-based tool: Wireshark

Image source.

A sample guide from which a mock exercise can be created using this tool can be found here.

 

Websites

• DFIR Science, Digital Forensic Science.
• European Cybercrime Training and Education Group (ECTEG).
• European Union Agency for Law Enforcement Training (CEPOL).
• SWGDE. (n.d.). SWDGE Drafts For Public Comment.

 

Videos

• American Bar Association (ABA) Criminal Justice Section, Forensics 2016: Issues in Accreditation (Part 1) (length: 42:24). » The video includes the first part of a panel discussion by the American Bar Association, which covers digital forensics accreditation practices in the United States.

• American Bar Association (ABA) Criminal Justice Section, Forensics 2016: Issues in Accreditation (Part 2) (length: 32:22). » The video includes the second part of a panel discussion by the American Bar Association, which covers digital forensics accreditation practices in the United States.

• DFIR Science, Beginner Introduction to The Sleuth Kit (command line) (length: 22:54). » A video tutorial covering forensic disk imaging and file system examination using SleuthKit on a Linux operating system.

• DFIR Science, Forensic Data Acquisition - Hardware Write Blockers (length: 7:59). » This video discusses write blockers, what they do, and provides a step-by-step process on how to use them.

• DFIR Science, Forensic Acquisition in Windows - FTK Imager (length: 29:02). » This video includes a step by step process on forensic acquisition in a Windows operating system.

• DFIR Science, [How to] Identify File Types in Windows (length: 6:34). » The video provides a step by step tutorial on how to identify types of files in a Windows operating system.
  

 

Back to top