COMP41660 Live Data Forensics

Academic Year 2023/2024

Please note this module is only available to active law enforcement students registered to the MSc in Forensic Computing and Cybercrime Investigation. There are no elective or audit places available to other programmes.

Live Data Forensics is a term describing tools, techniques, and procedures for preservation and analysis of volatile evidence contained from a running device. Traditional forensics involves seizing the device and returning it to the lab environment for a forensic analysis. This can destroy information or make information inaccessible, such as data in RAM, encrypted containers, cloud storage data, etc. Live Data Forensics involves examining the device on the scene in order to preserve this volatile information. In this module, we will also research new and innovative technologies regarding live data forensics.

Show/hide contentOpenClose All

Curricular information is subject to change

What will I learn?

Learning Outcomes:

Upon successful completion of this module, students should be able to:
• Describe the live data forensic process
• Prepare teams for live data forensics on site searches
• Know how to prepare a toolkit for LDF
• Know the legal aspects of live data forensics
• Perform triage on systems/devices/networks
• Explain the order of volatility and the Chain of Custody
• Acquire and basic analyse the contents of RAM
• Gather information on running systems/devices
• Know the risks of IoT/Smart home devices in site searches
• Gather information from IoT/Smart home devices
• Detect encrypted volumes and anti-forensics
• Preserve information found on running systems in a forensically sound manner
• Analyse gathered artefacts and report their findings
• Advise an investigative team towards further investigative directions
• Research new devices or techniques in the field of live data forensics

How will I learn?

Student Effort Hours:

Student Effort Type	Hours
Lectures	24
Practical	60
Autonomous Student Learning	116
Total	200

Approaches to Teaching and Learning:
Module is delivered online

Am I eligible to take this module?

Requirements, Exclusions and Recommendations

Learning Requirements:

In order to take this module you must be a serving member of a law enforcement organisation.

Module Requisites and Incompatibles

Not applicable to this module.

How will I be assessed?

Assessment Strategy

Description	Timing	Open Book Exam	Component Scale	Must Pass Component	% of Final Grade
Examination: End of trimester exam	2 hour End of Trimester Exam	No	Graded	No	30
Continuous Assessment: Quizzes and assignments over the semester	Throughout the Trimester	n/a	Graded	Yes	70

Carry forward of passed components
No

What happens if I fail?

Resit In	Terminal Exam
Summer	Yes - 2 Hour

Please see Student Jargon Buster for more information about remediation types and timing.

Assessment feedback

Feedback Strategy/Strategies

• Feedback individually to students, post-assessment

How will my Feedback be Delivered?

Not yet recorded.

When is this module offered?

Timetabling information is displayed only for guidance purposes, relates to the current Academic Year only and is subject to change.


There are no rows to display

UCD Course Search
Live Data Forensics (COMP41660)

Academic Year 2023/2024

The information contained in this document is, to the best of our knowledge, true and accurate at the time of publication, and is solely for informational purposes. University College Dublin accepts no liability for any loss or damage howsoever arising as a result of use or reliance on this information.

Live Data Forensics (COMP41660)

Subject:: Computer Science
College:: Science
School:: Computer Science
Level:: 4 (Masters)
Credits:: 10.0
Trimester:: Autumn
Module Coordinator:: Assoc Professor Mark Scanlon
Mode of Delivery:: Online
Internship Module:: No
How will I be graded?: Letter grades

(Google Chrome is recommended when printing this page)