computer forensics
DESCRIPTION
TRANSCRIPT
FINAL YEAR DEGREE PROJECT
Objective Settings Proforma
Student’s Name: Lisa Jarrett
First Assessor: Keith Verheyden
Second Assessor: Paula Thomas
Project Title:
Create and design a realistic case study investigation scenario for use by academia in a
computer forensics training program
"Murder of an entrepreneur”
Project Objectives & Deliverables
Objectives
1. To investigate and examine the current educational resources (Case Studies and forensics datasets) used by Universities in terms of development standards and implementation.
2. To investigate and examine the current training resources (Case Studies and forensics datasets) used by accredited companies conducting forensic training in terms of development standards and implementation.
3. Gain an understanding and insight into the students’ competencies with computer systems and evaluate their capabilities of using various software tools when conducting a digital evidence investigation.
4. To propose and develop a competency framework that can be used as an educational teaching resource for Computer Forensic investigation training.
Deliverables
A literature review of digital forensics training resources available for academic
purposes
A report based on a study of the skills and knowledge gap of current undergraduate
students (?)
ContentsTitle - Create a framework for Computer Forensics students..................................3
Statement of Originality...........................................................................................3
Abstract...................................................................................................................3
Project Introduction..................................................................................................3
Issues associated with its design and development................................................4
Clear Aims and Objectives......................................................................................4
Literature Review........................................................................................................5
Overview..................................................................................................................5
What is Computer Forensics...................................................................................5
Why do we need it?.................................................................................................5
Crimes.....................................................................................................................5
Digital Evidence.......................................................................................................6
Characteristics of computer forensics curriculum in Academia...............................6
Current Pedagogy strategies...................................................................................6
Characteristics of industry based computer forensics programs.............................7
1. Frameworks, Standards, Certification, Accreditation?...................................7
2. Training methods...........................................................................................7
3. Content..........................................................................................................7
4. Resource materials........................................................................................7
5. Digital forensic software applications and tools.............................................7
Part 2 - Design Phase.................................................................................................7
Summary Chapter...................................................................................................8
References..............................................................................................................8
Bibliography.............................................................................................................8
Appendices..............................................................................................................8
References..................................................................................................................9
Bibliography..............................................................................................................10
Appendix...................................................................................................................11
Title - Create a framework for Computer Forensics students
Statement of Originality
Abstract
In this report an investigation into the evolution and importance of computer crime
with computer forensics, at the same time discuss the crisis of computer forensics
and the challenges faced by the Academics in the newest forensic science discipline.
There has been much research and study into key topics and relevant subjects
needed to design a curriculum framework to train and educate students to become
Computer Forensic Investigators and prepare them for the real world. The main
objective of this report has been to propose and develop a competency framework
that can be used as an educational teaching resource for Computer Forensic
investigation training in Academia, proposing different approaches and directions to
better reflect the disciplines present-day objectives.
There will be a focus on the technical aspects of producing teaching repositories and
provide an insight of students understandings of the curriculum and the challenges
and unique issues they are up against in such a fast paced technological career.
Project Introduction
This report is a review of the current CF educational resources, forensic tools and
training programs’ content, it also outlines the deductions made from studying the
many different literatures and research papers. The results and conclusions made
from this review will be the basis for the new framework and outline different
proposals for academics that train and educate students to become CF investigators
and make considerations regarding different pedagogic approaches depending on
the crime being investigated.
Issues associated with its design and development
Clear Aims and Objectives
The overall aim of the project is to develop a digital crime case study resource based
on a crime (murder) and facilitate the practicum teaching of computer forensics in
academia. Digital forensic investigators will require an in-depth understanding and
knowledge of Information Technology which requires specialised training.
Recruitment in the high tech crime industry resembles every other, they want and
require experience. Like most industries they are unable to spare time or have
access to large funds of money for training graduate students without previous know-
how. The development of this framework will involve a full investigation and analysis
of digital evidence involved in the case study scenario in addition to producing
reports of any probative digital evidence found. The main objective will be to close
the skills gap and provide students with relevant experience whilst preparing for the
importance of managing electronic evidence cases. Furthermore graduate students
can demonstrate their skills and capabilities when dealing with a specific digital crime
scenario to prospective employers and illustrate their contribution in the
investigation. The research study indicated that the development of certain practicum
and pedagogy is much needed to cope with the current challenges faced in
computer forensics.
Despite the economic recession that we are currently experiencing and the new HE
policy introduced by the UK government, the computer forensics discipline has
benefitted with HE institutions are compelled to address the employability of students
and expected to achieve a more transitional balance from academia to industry.
Literature Review
Overview
A review of areas relating to recent advances and current issues, laboratory
exercises to improve technical experiences, hands on experience in hardware and
software tools develop active learning modules. Computer forensics is a unique discipline of science, and in
many areas it requires a different approach, different tools, as well as specialised education and training. While the distinctive position of
computer forensics is generally accepted, the formal recognition of computer forensics as a section of forensic science has not yet eventuated.
What is Computer Forensics
Computer forensics involves the preservation, identification, extraction and
documentation of digital evidence in magnetic, optical, or electronic forms hard drive,
disk drives, USB drive, Zip drive),on stored media unlike paper evidence (Craiger).
When computer systems are seized, forensic specialists perform their investigation
analysis and also protect the systems and any components in the likelihood it is be
needed for criminal or civil proceedings.
Why do we need it?
Computer Crimes have been a prevalent topic in the media for several years,
although the first computer crime committed was in 1820, it is only since the
This new forensic science disciple is fast becoming progressively popular as the
proliferation of advancing technology is enterprising the criminals illegal activities.
Crimes
To assist and for the simplicity in the understanding of computer crime the following
classifications are proposed:
Criminal activity targets computer systems, networks or media storage,
a tool to facilitate a new style of crime
Assisted by computer systems, a new way to commit traditional crimes
(harassment, fraud).
Computer systems that are secondary to the crimes but utilise their facilities
as a replacement for conventional tools (drug dealers tick list) using software
accounting packages.
The classification used here is only to support and understand the context of a
complex subject. Computer crime has directly led into efforts for fighting it, computer
forensics was born. The obvious attraction to computer crime is blatantly obvious. At
the turn of the century, criminals would have found it difficult to steal the filing cabinet
and its contents, but nowadays it has been made much easier by simply
downloading the entire contents onto a usb stick or emailing the information to
storage somewhere in the cloud.
Digital Evidence
Virtually every computer device incriminated in digital media investigations and court
cases rely on digital evidence obtained from them since they nearly always leave a
digital footprint (Locards Principle).The procedures in paper evidence cases are
instinctively clear, but digital evidence is invisible to the human eye so the specific
tools that have been developed to find this evidence are used and the paper
evidence procedures are mimicked. The procedure also involves the documentation
“an audit trail”, required for the integrity and authenticity of the evidence. More
importantly this documentation provides the method used by the expert and can be
used for third parties to repeat the process and arrive at the same conclusion and
provide explanations for use in court prosecutions.
Characteristics of computer forensics curriculum in Academia
Current Pedagogy strategies
Ref: Analysing teaching design repositories
Danyu Zhang, Rafael Calvo, Nicholas Carroll, John Currie
Ref http://docs.moodle.org/24/en/Pedagogy
1. Use of Simulation techniques -
2. Reusable learning object approach
3. Hands on experience – work based
4. Individual project lab exercises
5. Team Project lab exercises
6. Use a real to life crime scene house / unit
7. Case Study Scenarios
(i) Frameworks, standards, certification and accredidation?
(ii) Content and learning outcomes
(iii) Resource materials
(iv)Digital forensic software applications and tools
Characteristics of industry based computer forensics programs
Frameworks, Standards, Certification, Accreditation?
Training methods
Content
Resource materials
Digital forensic software applications ,tools and techniques
Part 2 - Design Phase
Proposed Design of a Teaching Repositories
(i) Key Objectives
(ii) Testing / Evaluation
(iii) Forensic Image
(iv)System and Material Requirements
(v) Case Scenario Plan
(vi)Story Board, Timeline, Character Roles
(vii) Secondary Data Sources
(viii) Creating the artefacts
(ix)Methodology - Hiding the Artefacts
(x) Answer Key and Master Artefact sheet
(xi) Implementation
(xii) Testing / Evaluation
(xiii) Implementation
Summary Chapter
Leads
References
Bibliography
Appendices
Leads
Journal – IEEE
A Comparative Study of Forensic Science and Computer Forensics
Developing a computer forensics program in police higher education
Developing an Innovative Baccalaureate Program in Computer Forensics
A Framework to Guide the Implementation of Proactive Digital Forensics in
Organisations
Pedagogy and Overview of a Graduate Program in Digital Investigation
Management
Science Direct
Current issues confronting well-established computer-assisted child
exploitation and computer crime task forces
Bringing science to digital forensics with standardized forensic corpora
The future of forensic and crime scene science: Part II. A UK perspective
on forensic science education Volume 157, Supplement, Pages S1-S20
(14 March 2006)
Forensic science on trial—still! Response to “Educating the next
generation” [Science and Justice, 48 (2008) 59–60]
http://www.sleuthkit.org/sleuthkit/docs/framework-docs/basics_page.html
http://zeltser.com/cheat-sheets/
Neil C. Rowe, Testing the National Software Reference Library, Digital Investigation, Volume 9, Supplement, August 2012, Pages S131-S138, ISSN 1742-2876, 10.1016/j.diin.2012.05.009.(http://www.sciencedirect.com/science/article/pii/S1742287612000345)Abstract: The National Software Reference Library (NSRL) is an essential data source for forensic investigators, providing in its Reference Data Set (RDS) a set of hash values of known software. However, the NSRL RDS has not previously been tested against a broad spectrum of real-world data. The current work did this using a corpus of 36 million files on 2337 drives from 21 countries. These experiments answered a number of important questions about the NSRL RDS, including what fraction of files it recognizes of different types. NSRL coverage by vendor/product was also tested, finding 51% of the vendor/product names in our corpus had no hash values at all in NSRL. It is shown that coverage or “recall” of the NSRL can be improved with additions from our corpus such as frequently-occurring
files and files whose paths were found previously in NSRL with a different hash value. This provided 937,570 new hash values which should be uncontroversial additions to NSRL. Several additional tests investigated the accuracy of the NSRL data. Experiments testing the hash values saw no evidence of errors. Tests of file sizes showed them to be consistent except for a few cases. On the other hand, the product types assigned by NSRL can be disputed, and it failed to recognize any of a sample of virus-infected files. The file names provided by NSRL had numerous discrepancies with the file names found in the corpus, so the discrepancies were categorized; among other things, there were apparent spelling and punctuation errors. Some file names suggest that NSRL hash values were computed on deleted files, not a safe practice. The tests had the secondary benefit of helping identify occasional errors in the metadata obtained from drive imaging on deleted files in our corpus. This research has provided much data useful in improving NSRL and the forensic tools that depend upon it. It also provides a general methodology and software for testing hash sets against corpora.Keywords: NSRL; Forensics; Files; Hash values; Coverage; Accuracy; Extensions; Directories
http://cfed-ttf.blogspot.co.uk/
President Obama Expands “Educate to Innovate” Campaign for Excellence in Science, Technology, Engineering, and Mathematics (STEM) Education.
For educators who want a view of some of the education materials already available, check out stay safe online sponsored by the National Cybersecurity Alliance to learn more.
The National Science Foundation is working to build an information security workforce who will play a critical role in implementing the national strategy to secure cyberspace through several efforts including its Advanced Technology Education (ATE) program. Currently three ATE Regional centers serve to increase the quality and quantity of the cybersecurity workforce: the Cyber Security Education Consortium, Center for System Security and Information Assurance, and CyberWatch.
o CyberWatch overview
The National Centers of Academic Excellence sponsored by NSA and the Department of Homeland Security (DHS) promotes higher education and research in IA and helps to increase the number of professionals with IA expertise in various disciplines
\\p
http://digitalforensicsisascience.blogspot.co.uk/2012/01/series-introduction-spring-
2012-anti.html
http://windowsir.blogspot.co.uk/p/little-black-book-of-windows-forensic.html
Welcome to ITALICS - Innovation in Teaching And Learning in Information and Computer SciencesEdited by Stephen Hagan, University of Ulster
This is a temporary home page until our exciting new website is constructed over the coming
months.
Welcome to ITALICS, Innovation in Teaching And Learning in Information and Computer Sciences, the electronic
journal of the Higher Education Academy for Information and Computer Sciences (ICS). ITALICS provides a
vehicle for members of the ICS communities to disseminate best practice and research on learning and teaching
within their disciplines.
ScopeITALICS aims to highlight current issues in learning and teaching Information and Computer Sciences at the
Higher Education (HE) level including:
Innovative approaches to learning and teaching
Developments in computer-based learning and assessment
Open, distance, collaborative and independent learning approaches
The variety of contexts in which students in HE learn -
Including work-based learning, placements and study visits
Improving the student experience
Continuous professional development
The integration of theory and practice
SubmissionsSubmissions to be sent to Stephen Hagan.
Along with your article, please send us a signed copy of the contributor’s agreement. Please download this pdf
file, sign it and return the paper copy to Hazel White, The Higher Education Academy, Innovation Way,
Heslington York, YO10 5BR. We would also welcome scanned, signed copies sent by email to Hazel White but
please send your paper copy as well. In the event that your article is not accepted for publication, we shall
destroy this agreement.
IssuesThere will be three issues of ITALICS each year, published in February, June and November. The journal will
include:
An editorial
Peer reviewed papers
Book reviews
Themed issues will be produced at least once a year and there will be opportunities for guest editors to take the
helm. If you are interested in contributing to a themed issue or becoming a guest editor for ITALICS, pleaseemail
us.
ITALICS, June 2012 issue
Volume 11
June 2012 issue
Editorial Individual papers from the authors
Paper 1
Paper 2
Paper 3
Paper 4
Paper 5
Paper 6
Paper 7
Previous issues of ITALICS are available on ICS website, and will shortly be available from this page.
References
Bibliography
2003. Accreditation, quality control & assurance. Forensic Science International,
136, Supplement 1, 5-10.
ARMSTRONG, C. J. 2003. Mastering computer forensics. Security education and critical
infrastructures, 125, 151.
ARMSTRONG, C. 2007. An Analysis of Computer Forensic Practitioners Perspectives on Education
and Training Requirements. Fifth World Conference on Information Security Education, 1-8.
ARMSTRONG, C. J. 2012. Computer Forensics (CF 601) Unit Outline Semester 1, 2012.
ARMSTRONG, H. & ARMSTRONG, C. 2007. The Role of Information Security Industry Training and
Accreditation in Tertiary Education. Fifth World Conference on Information Security Education, 137-
140.
ARMSTRONG, C. J. 2005. Development of a Research Framework for Selecting Computer Forensic
Tools. Curtin University of Technology.
ARMSTRONG, C. J. & ARMSTRONG, H. L. Mapping information security curricula to professional
accreditation standards. 2007. IEEE, 30-35.
ARMSTRONG, C. 2003. Developing a framework for evaluating computer forensic tools. Evaluation
in Crime Trends and justice: Trends and Methods Conference in Conjunction with the Australian
Bureau of Statistics, Canberra Australia, 24-25.
ARMSTRONG, C. & JAYARATNA, N. 2004. Teaching computer forensics, uniting practice with
intellect. Proceedings of the 8th Colloquium for Information Systems Security Education, West Point
New York.
AUSTIN, R. D. Digital forensics on the cheap: teaching forensics using open source tools.
Proceedings of the 4th annual conference on Information security curriculum development, 2007.
ACM, 6.
BATTEN, L. & PAN, L. 2008. Teaching digital forensics to undergraduate students. Security &
Privacy, IEEE, 6, 54-56.
BECKETT, J. & SLAY, J. 2011. Scientific underpinnings and background to standards and
accreditation in digital forensics. Digital Investigation, 8, 114-121.
BEM, D. & HUEBNER, E. Computer forensics workshop for undergraduate students. 2008. Australian
Computer Society, Inc., 29-33.
BASSETT, R., BASS, L. & O’BRIEN, P. 2006. Computer forensics: An essential ingredient for cyber
security. Journal of Information Science and Technology, 3, 22-32.
BRILL, A. E., POLLITT, M. & WHITCOMB, C. M. 2006. The evolution of computer forensic best practices: an
update on programs and publications. Journal of Digital Forensic Practice, 1, 3-11.
BRINSON, A., ROBINSON, A. & ROGERS, M. 2006. A cyber forensics ontology: Creating a new
approach to studying cyber forensics. digital investigation, 3, 37-43.
CALOYANNIDES, M. A. 2003. Digital evidence and reasonable doubt. IEEE Security and Privacy, 1,
89-91.
CARBONE, A., MANNILA, L. & FITZGERALD, S. 2007. Computer science and IT teachers' conceptions
of successful and unsuccessful teaching: A phenomenographic study. Computer Science Education,
17, 275-299.
CARRIER, B. & SPAFFORD, E. H. An event-based digital forensic investigation framework. Digital
forensic research workshop, 2004.
CARRIER, B. & SPAFFORD, E. H. 2003. Getting physical with the digital investigation process.
International Journal of Digital Evidence, 2, 1-20.
CHEN, P. S., TSAI, L. M. F., YING-CHIEH, C. & YEE, G. Standardizing the construction of a digital
forensics laboratory. Systematic Approaches to Digital Forensic Engineering, 2005. First
International Workshop on, 7-9 Nov. 2005 2005. 40-47.
CHI, H., JONES, E. L., CHATMON, C. & EVANS, D. Design and Implementation of Digital Forensics
Labs.
CHU, H. C., LIN, W. D. & CHANG, K. H. 2010. Digital Forensics Core Curriculum Design in Higher
Education in Ubiquitous Computing Era. 淡江理工學刊, 13, 89-97.
COHEN, M., GARFINKEL, S. & SCHATZ, B. 2009. Extending the advanced forensic format to
accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow.
digital investigation, 6, S57-S68.
COLLINS, D. & MCGUIRE, T. 2008. Using the DC3 forensic challenge as a basis for a special topics
digital forensics upper level undergraduate course. Journal of Computing Sciences in Colleges, 23,
8-14.
CONGDON, C. B., FITZGERALD, S., KING, M. S., SEMMES, P. & CHAIRMAN-KAY, D. G. 2000. Teaching
advice and support for new and adjunct faculty (panel session): experiences, policies, and
strategies. ACM SIGCSE Bulletin, 32, 414-415.
COOPER, P., FINLEY, G. T. & KASKENPALO, P. Towards standards in digital forensics education.
Proceedings of the 2010 ITiCSE working group reports, 2010. ACM, 87-95.
CRAIGER, J. P., POLLITT, M. & SWAUGER, J. 2005. Law enforcement and digital evidence. Handbook
of Information Security John Wiley & Sons (in Print).
CRAIGER, P., BURKE, P., MARBERRY, C. & POLLITT, M. 2008. A virtual digital forensics laboratory.
Advances in Digital Forensics IV, 357-365.
CRAIGER, P., PONTE, L., WHITCOMB, C., POLLITT, M. & EAGLIN, R. Master's Degree in Digital
Forensics. 2007. IEEE, 264b-264b.
CRELLIN, J., ADDA, M. & DUKE-WILLIAMS, E. 2010. The use of simulation in digital forensics
teaching.
CRELLIN, J., ADDA, M., DUKE-WILLIAMS, E. & CHANDLER, J. 2011. Simulation in computer forensics
teaching: the student experience.
CRELLIN, J. & KARATZOUNI, S. 2009. Simulation in digital forensic education.
DAVEY, J., ARMSTRONG, C. & ARMSTRONG, H. 2001. Teaching cyberwarfare tactics and strategy.
DINOLT, G., FARRELL, P., GARFINKEL, S. & ROUSSEV, V. 2009. Bringing Science to Digital Forensics
with Standardized Forensic Corpora. NAVAL POSTGRADUATE SCHOOL MONTEREY CA GRADUATE
SCHOOL OF OPERATIONAL AND INFORMATION SCIENCES.
DOWNS, J. C. U. & RANADIVE SWIENTON, A. 2012. Chapter 6 - Ethics Codes in Other Organizations:
Structures and Enforcement. In: DOWNS, J. C. U. & ANJALI RANADIVE, S. (eds.) Ethics in Forensic
Science. San Diego: Academic Press.
DURANTI, L. & ENDICOTT-POPOVSKY, B. 2010. Digital records forensics: A new science and
academic program for forensic readiness. Journal of Digital Forensics, Security and Law, 5.
ENDICOTT-POPOVSKY, B., FRINCKE, D. & POPOVSKY, V. 2004. Designing a Computer Forensics
Course for an Information Assurance Track. 8th Colloquium for Information Systems Security
Education, West Point, NY.
ENDICOYTT-POPUVSKY, B. 2003. Ethics and teaching information assurance. Security & Privacy,
IEEE, 1, 65-67.
FERGUSON-BOUCHER, K. & ENDICOTT-POPOVSKY, B. 2008. Digital Forensics and Records
Management: What We Can Learn from the Discipline of Archiving.
GARFINKEL, S. 2007. Anti-forensics: Techniques, detection and countermeasures. The 2nd
International Conference on i-Warfare and Security (ICIW), 77-84.
GARFINKEL, S. 2012. Lessons learned writing digital forensics tools and managing a 30TB digital
evidence corpus. Digital Investigation, 9, S80-S89.
GARFINKEL, S., FARRELL, P., ROUSSEV, V. & DINOLT, G. 2009. Bringing science to digital forensics
with standardized forensic corpora. digital investigation, 6, S2-S11.
GARFINKEL, S., WOODS, K., LEE, C. A., DITTRICH, D., RUSSELL, A. & KEARTON, K. 2011. Creating
Realistic Corpora for Security and Forensic Education. NAVAL POSTGRADUATE SCHOOL MONTEREY
CA DEPT OF COMPUTER SCIENCE.
GARFINKEL, S. L. 2007. Forensic corpora: a challenge for forensic research. Electronic Evidence
Information Center.
GARFINKEL, S. L. 2010. Digital forensics research: The next 10 years. Digital Investigation, 7, S64-
S73.
GARFINKEL, S. L. 2012. Methods for creating realistic disk images for forensics tool testing and
education.
GOTTSCHALK, L., LIU, J., DATHAN, B., FITZGERALD, S. & STEIN, M. 2005. Computer forensics
programs in higher education: a preliminary study. ACM SIGCSE Bulletin, 37, 147-151.
GILLAM, W. B. & ROGERS, M. 2005. File Hound: A Forensics Tool for First Responders. Digital
forensics research workshop, New Orleans, LA. Retrieved from http://www. dfrws. org.
GOTTSCHALK, P., FILSTAD, C., GLOMSETH, R. & SOLLI-SÆTHER, H. 2011. Information management
for investigation and prevention of white-collar crime. International Journal of Information
Management, 31, 226-233.
GUO, Y. & SLAY, J. 2010. Testing Forensic Copy Function of Computer Forensics Investigation Tools.
Journal of Digital Forensic Practice, 3, 46-61.
HAGGERTY, J. & TAYLOR, M. 2006. Managing corporate computer forensics. Computer Fraud &
Security, 2006, 14-16.
HANKINS, R., UEHARA, T. & LIU, J. A comparative study of forensic science and computer forensics.
2009. IEEE, 230-239.
HANNAN, M., FRINGS, S., BROUCEK, V. & TURNER, P. Forensic Computing Theory & Practice:
Towards developing a methodology for a standardised approach to Computer misuse. 1st
Australian Computer, Network and Information Forensics Conference, Perth, WA, Australia, 2003.
HARRISON, W. 2006. A term project for a course on computer forensics. Journal on Educational
Resources in Computing (JERIC), 6, 6.
HIBSHI, H., VIDAS, T. & CRANOR, L. Usability of forensics tools: a user study. IT Security Incident
Management and IT Forensics (IMF), 2011 Sixth International Conference on, 2011. IEEE, 81-91.
HUANG, J., YASINSAC, A. & HAYES, P. J. Knowledge Sharing and Reuse in Digital Forensics. 2010.
IEEE, 73-78.
HUEBNER, E., BEM, D. & BEM, O. 2007. Computer Forensics–Past, Present And Future. Information
security Technical report, 8, 32-46.
HUEBNER, E., BEM, D. & CHEUNG, H. 2010. Computer Forensics Education–the Open Source
Approach. Open Source Software for Digital Forensics, 9-23.
HUEBNER, E., BEM, D. & RUAN, C. Computer forensics tertiary education in Australia. 2008. IEEE,
1383-1387.
HUEBNER, E., BEM, D. & WEE, C. K. 2006. Data hiding in the NTFS file system. digital investigation,
3, 211-226.
HUEBNER, E. & ZANERO, S. 2010. Open source software for digital forensics, Springer
HUNTON, P. 2012. Managing the technical resource capability of cybercrime investigation: a UK law
enforcement perspective. Public Money & Management, 32, 225-232.
IRONS, A., STEPHENS, P. & FERGUSON, R. 2009. Digital Investigation as a distinct discipline: A
pedagogic perspective. Digital Investigation, 6, 82-90.
J CRELLIN, J., ADDA, M. DUKE-WILLIAMS, E. Virtual Worlds for Simulation in Computer Forensics
Teaching. 2011.
JIGANG, L. Developing an Innovative Baccalaureate Program in Computer Forensics. 2006. 1-6.
KABAY, M. E. 2003. Crime, Use of Computers in. In: EDITOR-IN-CHIEF: HOSSEIN, B. (ed.)
Encyclopedia of Information Systems. New York: Elsevier.
KESSLER, G. C. & HAGGERTY, D. Pedagogy and Overview of a Graduate Program in Digital
Investigation Management. Hawaii International Conference on System Sciences, Proceedings of
the 41st Annual, 2008. IEEE, 481-48
KESSLER, G. C. & SCHIRLING, M. E. 2006. The design of an undergraduate degree program in
computer & digital forensics. Journal of Digital Forensics, Security, and Law, 3, 37-50.
LACEY, T. H., PETERSON, G. L. & MILLS, R. F. The Enhancement of Graduate Digital Forensics
Education via the DC3 Digital Forensics Challenge. System Sciences, 2009. HICSS '09. 42nd Hawaii
International Conference on, 5-8 Jan. 2009 2009. 1-9.
LAWRENCE, K. R. & CHI, H. Framework for the design of web-based learning for digital forensics
labs. Proceedings of the 47th Annual Southeast Regional Conference, 2009. ACM, 76.
LEE, J., UN, S. & HONG, D. Improving Performance in Digital Forensics: A Case Using Pattern
Matching Board. Availability, Reliability and Security, 2009. ARES'09. International Conference on,
2009. IEEE, 1001-1005.
LIN, Y. C. 2008. Study of computer forensics from a cross-cultural perspective: Australia and Taiwan.
Ph. D. Dissertation, University of South Australia.
LISTER, R., BERGLUND, A., BOX, I., COPE, C., PEARS, A., AVRAM, C., BOWER, M., CARBONE, A.,
DAVEY, B. & DE RAADT, M. Differing ways that computing academics understand teaching. 2007.
Australian Computer Society, Inc., 97-106.
LIU, J. Developing an innovative baccalaureate program in computer forensics. 2006. IEEE, 1-6.
LIU, J. 2010. Implementing a baccalaureate program in computer forensics. Journal of Computing
Sciences in Colleges, 25, 101-109.
LIU, J. & UEHARA, T. Computer forensics in Japan: a preliminary study. 2009. IEEE, 1006-1011.
LIU, J., UEHARA, T. & SASAKI, R. 2011. Development of digital forensics practice and research in
Japan. Wireless Communications and Mobile Computing, 11, 240-253.
LOGAN, P. Y. & CLARKSON, A. Teaching students to hack: curriculum issues in information security.
ACM SIGCSE Bulletin, 2005. ACM, 157-161.
MANZANO, Y. Software Forensics Overview.
MANSON, D., CARLIN, A., RAMOS, S., GYGER, A., KAUFMAN, M. & TREICHELT, J. Is the open way a
better way? Digital forensics using open source tools. System Sciences, 2007. HICSS 2007. 40th
Annual Hawaii International Conference on, 2007. IEEE, 266b-266b.
MAXWELL, K. D., LOKAN, C., WRIGHT, T., HILL, P. R., STRINGER, M., HEIRES, J. T., FOGLE, S., LOULIS,
C., NEUENDORF, B. & THOMAS, G. C. Benchmarking Software Organizations.
MCGUIRE, T. J. & MURFF, K. N. 2006. Issues in the development of a digital forensics curriculum. J.
Comput. Sci. Coll., 22, 274-280.
MENNELL, J. 2006. The future of forensic and crime scene science: Part II. A UK perspective on
forensic science education. Forensic science international, 157, S13-S20.
MEYERS, M. 2005. Computer Forensics: Towards Creating A Certification Framework. M. Sc. Diss.,
Centre for Education and Research in Information Assurance and Security, Purdue University, West
Lafayette, IN.
MEYERS, M. 2005. CERIAS Tech Report 2005-28 COMPUTER FORENSICS: TOWARDS CREATING A
CERTIFICATION FRAMEWORK.
EYERS, M. & ROGERS, M. 2004. Computer forensics: the need for standardization and certification.
International Journal of Digital Evidence, 3, 1-11.
MEYERS, M. & ROGERS, M. 2005. Digital forensics: meeting the challenges of scientific evidence.
Advances in Digital Forensics, 43-50.
NANCE, K., ARMSTRONG, H. & ARMSTRONG, C. Digital forensics: Defining an education agenda.
2010. IEEE, 1-10.
OWEN, P. & THOMAS, P. 2011. An analysis of digital forensic examinations: Mobile devices versus hard disk drives utilising ACPO & NIST guidelines. Digital Investigation, 8, 135-140.
OSTERBURG, J. W. & WARD, R. H. 2010. Chapter 13 - Reconstructing the Past: Methods, Evidence,
Examples. Criminal Investigation (Sixth Edition). Boston: Anderson Publishing, Ltd.
PASHEL, B. A. Teaching students to hack: ethical implications in teaching students to hack at the
university level. Proceedings of the 3rd annual conference on Information security curriculum
development, 2006. ACM, 197-200.
PETERSON, G., RAINES, R. & BALDWIN, R. Graduate Digital Forensics Education at the Air Force
Institute of Technology. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International
Conference on, 2007. IEEE, 264c-264c.
PETERSON, G. L., RAINES, R. A. & BALDWIN, R. O. Graduate Digital Forensics Education at the Air
Force Institute of Technology. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii
International Conference on, Jan. 2007 2007. 264c-264c.
PHILIP, C., LUCILLE, P., CARRIE, W., MARK, P. & RONALD, E. Master's Degree in Digital Forensics.
System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, Jan. 2007
2007. 264b-264b.
POLLITT, M., CALOYANNIDES, M., NOVOTNY, J. & SHENOI, S. 2004. Digital forensics: operational,
legal and research issues. Data and Applications Security XVII, 393-403.
POLLITT, M., NANCE, K., HAY, B., DODGE, R. C., CRAIGER, P., BURKE, P., MARBERRY, C. & BRUBAKER,
B. 2008. Virtualization and digital forensics: a research and education agenda. Journal of Digital
Forensic Practice, 2, 62-73.
POLLITT, M. M. 1995. Principles, practices, and procedures: an approach to standards in computer
forensics. Second International Conference on Computer Evidence, 10-15.
ROGERS, M. 2003. Computer forensics: Science or fad. Security Wire Digest, 5.
ROGERS, M. 2003. The role of criminal profiling in the computer forensics process. Computers &
Security, 22, 292-298.
ROGERS, M. & MEYERS, M. 2010. Digital Forensics: Meeting the Challenges of Scientific Evidence.
IFIP International Federation for Information Processing, 194.
ROGERS, M. K. The Future of Digital Forensics: Challenges and Opportunities.
ROGERS, M. K. & SEIGFRIED, K. 2004. The future of computer forensics: a needs analysis survey. Computers & Security, 23, 12-16.
SAHAMI, M., ROACH, S., CUADROS-VARGAS, E. & REED, D. Computer science curriculum 2013:
reviewing the strawman report from the ACM/IEEE-CS task force. Proceedings of the 43rd ACM
technical symposium on Computer Science Education, 2012. ACM, 3-4.
SALT, D. W., LALLIE, H. S. & LAWSON, P. STUDYING FIRST YEAR FORENSIC COMPUTING: MANAGING
THE STUDENT EXPERIENCE.
SHINDER, L. & CROSS, M. 2008. Chapter 16 - Building the Cybercrime Case. Scene of the
Cybercrime (Second Edition). Burlington: Syngress.
SIMMONS, M. & CHI, H. Designing and implementing cloud-based digital forensics hands-on labs.
Proceedings of the 2012 Information Security Curriculum Development Conference, 2012. ACM, 69-
74.
SIMON, M. & SLAY, J. Forensic Computing Training, Certification and Accreditation: An Australian
Overview. Fifth World Conference on Information Security Education, 2007. Springer, 105-112.
SIMPSON, J., SIMPSON, M., ENDICOTT-POPOVSKY, B. & POPOVSKY, V. 2010. Secure Software
Education: A Contextual Model-Based Approach. International Journal of Secure Software
Engineering (IJSSE), 1, 35-61.
SOMMER, P. 1997. Downloads, logs and captures: Evidence from cyberspace. Journal of Financial
Crime, 5, 138-151.
SOMMER, P. 1998. Digital footprints: Assessing computer evidence. Criminal Law Review, 12, 61-78.
SOMMER, P. 2002. Downloads, Logs and Captures: Evidence from Cyberspace. CTLR-OXFORD-, 8,
33-42.
SOMMER, P. 2004. The future for the policing of cybercrime. Computer Fraud & Security, 2004, 8-
12.
SOMMER, P. 2004. The challenges of large computer evidence cases. Digital Investigation: The
International Journal of Digital Forensics & Incident Response, 1, 16-17.
SOMMER, P. 2010. Forensic science standards in fast-changing environments. Science & Justice, 50,
12-17.
SOMMER, P. 2011. Certification, registration and assessment of digital forensic experts: The UK
experience. Digital investigation, 8, 98-105.
SZEŻYŃSKA, M., HUEBNER, E., BEM, D. & RUAN, C. 2009. Methodology and Tools of IS Audit and
Computer Forensics–The Common Denominator. Advances in Information Security and Assurance,
110-121.
TAYLOR, C., ENDICOTT-POPOVSKY, B. & FRINCKE, D. A. 2007. Specifying digital forensics: A
forensics policy approach. digital investigation, 4, 101-104.
TAYLOR, C., ENDICOTT-POPOVSKY, B. & PHILLIPS, A. Forensics education: Assessment and measures
of excellence. 2007. IEEE, 155-165.
THOMAS, P., TRYFONAS, T. & SUTHERLAND, I. AN ANALYSIS OF THE CURRICULUM COMPONENTS OF
COMPUTER FORENSICS UNDERGRADUATE COURSES IN THE UNITED KINGDOM. ITALICS Volume 8
(1) February 2009, 39.
TU, M., CRONIN, K., XU, D. & WIRA, S. On the Development of Digital Forensics Curriculum.
WANG, Y., CANNADY, J. & ROSENBLUTH, J. 2005. Foundations of computer forensics: A technology
for the fight against computer crime. Computer Law & Security Review, 21, 119-127.
WASSENAAR, D., WOO, D. & WU, P. 2009. A certificate program in computer forensics. Journal of
Computing Sciences in Colleges, 24, 158-167
WHITE, J. H., LESTER, D., GENTILE, M. & ROSENBLEETH, J. 2011. The utilization of forensic science
and criminal profiling for capturing serial killers. Forensic Science International, 209, 160-165.
WOODS, K., LEE, C., GARFINKEL, S., DITTRICH, D., RUSSELL, A. & KEARTON, K. 2011. Creating
realistic corpora for forensic and security education. 2011 ADFSL conference on digital forensics,
security and law. Richmond, VA: Elsevier.
WOODS, K., LEE, C. A. & GARFINKEL, S. Extending digital repository architectures to support disk
image preservation and access. 2011. ACM, 57-66.
WOODS, K., LEE, C. A., GARFINKEL, S., DITTRICH, D., RUSSELL, A. & KEARTON, K. 2011. Creating
Realistic Corpora for Security and Forensic Education. DTIC Document.
YASINSAC, A. & BURMESTER, M. 2005. Centers of academic excellence: a case study. Security &
Privacy, IEEE, 3, 62-65.
YASINSAC, A., ERBACHER, R. F., MARKS, D. G., POLLITT, M. M. & SOMMER, P. M. 2003. Computer
forensics education. Security & Privacy, IEEE, 1, 15-23.
ZHOU, Y. & JIANG, K. An Analysis System for Computer Forensic Education, Training, and Awareness.
Computing, Measurement, Control and Sensor Network (CMCSN), 2012 International Conference
on, 2012. IEEE, 48-51.
Appendix