This course focuses on the forensic investigation of illicit activity using mobile networks and artefacts attached to mobile networks (devices and memory). Students will reinforce concepts such as the digital forensic method, intent, and its application. The course will then cover technical topics such as network, memory, disk, and mobile device artefact analysis using contemporary open source tools, techniques and procedures. Students will be expected to demonstrate both their theoretical and technical understanding through the completion of practical exercises in a simulated operational environment.
This course comprises nine (9) separate modules of intensive theory and practical sessions delivered remotely in conjunction with the UNSW Canberra campus. Theory taught during lectures is reinforced with practical hands-on labs.
The intended audience for this course are students who have some experience or had some exposure to the field of digital forensics in general. Otherwise, students should expect some digital forensics pre-reading to be required. Students are also expected to be relatively comfortable working in a Linux command line environment.
On successful completion of this course a student will be able to
- Explain mobile network and memory forensic principles, methodologies, and processes, and compare and contrast related forensics tools and their output
- Explain the process of mobile network and memory forensics and the legal requirements relating to concepts such as chain of custody and evidence handling
- Conduct and defend a forensic examination in the areas mobile network and memory forensics
- Formulate a forensic case report and establish capability of presenting evidence to non-technical audiences
