This activity will provide learners with an opportunity to understand how to undertake a digital forensic investigation. Students will have the opportunity to have hands-on practical experience of an open-source tool and be led through an investigation by the teacher.
50 minutes
- Computer Systems (AQA).
- Cyber Security (AQA).
- Ethical, legal, cultural & environmental impacts of digital technology (OCR).
The lession requires the following:
- Presentation slideset - this provides the core knowledge around cybercrime and digital forensics to lead into the practical exercise
- Auotpsy for Windows - an open-source computer forensic tool - a copy of this will need to be downloaded and installed on each machine you wish to run the software
- Case Image - this is a forenisc image of a computer hard drive and will be the basis for the investigation
The lession will begin with a slideset presentation to introduce the core concepts of digital forensics (15 mins)
The practical exercise will be teacher led - students will be given questions and will need to use Autopsy to identify relevant evidence. Over the duration of the session, students will get a clearer idea of the criminal activity and understand where to look for evidence. This will include:
- Recycle Bin
- Temporary files (CD burning and printer spool)
- Data carving
- Analysing email
- Internet histories
- Bookmarking
(30 mins)
Discussion and finishing up the lession - highlighting that there are a range of anti-forensic technologies (such as encryption and steganography) that can really impact a digital investigation! (5 mins)
- Understanding of cyber-dependent and cyber-enabled crime
- Practical experience of using digital forensic tools
- Understanding of operating/file systems and applications and how to locate evidence
- Presentation slideset
- Forensic Tool - Autopsy for Windows
- Forensic Image - HunterXP
- Additional forensic images to analyse - NIST Computer Forensic Images
- Additional background reading on digital forensics - NCSC CyBok Digital Forensics