No offerings have been identified for this subject in 2016

ITE515 Forensic Analysis (8)


In this subject students will acquire the knowledge, skills, and abilities to handle advanced incident handling scenarios, conduct formal incident investigations, and carry out forensic investigation of networks and hosts. Students will be required to pass the GIAC Certified Forensics Analyst (GCFA) industry certification exam to complete this subject.

+ Subject Availability Modes and Location

Continuing students should consult the SAL for current offering details prior to contacting their course coordinator: ITE515
Where differences exist between the handbook and the SAL, the SAL should be taken as containing the correct subject offering details.

Subject information

Duration Grading System School:
One sessionSY/USSchool of Computing and Mathematics

Enrolment restrictions

Available only to students enrolled in the Master of Information Systems Security and Master of Management (Information Technology)

Learning Outcomes

Upon successful completion of this subject, students should:
- be able to demonstrate usage of a range of forensic tools and how they function;
- be able to describe the forensic methodology, tools, and techniques;
- be able to successfully solve a range of forensic case studies.


The subject will cover the following topics:
* File System Structures and Metadata * FAT/NTFS/Ext2/Ext3 File System Essentials * Evidence Handling and Integrity Best Practices * Evidence Acquisition of Hard Drives and Volatile Data * String Searching Utilizing Dirty Word Lists * File System Timeline Analysis * Data Recovery Techniques Using Strings and File Headers * Forensic Hash Comparisons via Hash Databases * Media Analysis of System Registry, Internet Activity, and File Metadata * Application Footprinting * USB Forensic Analysis * Fuzzy Hashing * Windows XP and VISTA Forensics


The information contained in the 2016 CSU Handbook was accurate at the date of publication: 06 September 2016. The University reserves the right to vary the information at any time without notice.