FINAL YEAR DEGREE PROJECT

Objective Settings Proforma

Student’s Name: Lisa Jarrett

First Assessor: Keith Verheyden

Second Assessor: Paula Thomas

Project Title:

Create and design a realistic case study investigation scenario for use by academia in a

computer forensics training program

"Murder of an entrepreneur”

Project Objectives & Deliverables

Objectives

1. To investigate and examine the current educational resources (Case Studies and forensics datasets) used by Universities in terms of development standards and implementation.

2. To investigate and examine the current training resources (Case Studies and forensics datasets) used by accredited companies conducting forensic training in terms of development standards and implementation.

3. Gain an understanding and insight into the students’ competencies with computer systems and evaluate their capabilities of using various software tools when conducting a digital evidence investigation.

4. To propose and develop a competency framework that can be used as an educational teaching resource for Computer Forensic investigation training.

Deliverables

A literature review of digital forensics training resources available for academic

purposes

A report based on a study of the skills and knowledge gap of current undergraduate

students (?)

ContentsTitle - Create a framework for Computer Forensics students..................................3

Statement of Originality...........................................................................................3

Abstract...................................................................................................................3

Project Introduction..................................................................................................3

Issues associated with its design and development................................................4

Clear Aims and Objectives......................................................................................4

Literature Review........................................................................................................5

Overview..................................................................................................................5

What is Computer Forensics...................................................................................5

Why do we need it?.................................................................................................5

Crimes.....................................................................................................................5

Digital Evidence.......................................................................................................6

Characteristics of computer forensics curriculum in Academia...............................6

Current Pedagogy strategies...................................................................................6

Characteristics of industry based computer forensics programs.............................7

1. Frameworks, Standards, Certification, Accreditation?...................................7

2. Training methods...........................................................................................7

3. Content..........................................................................................................7

4. Resource materials........................................................................................7

5. Digital forensic software applications and tools.............................................7

Part 2 - Design Phase.................................................................................................7

Summary Chapter...................................................................................................8

References..............................................................................................................8

Bibliography.............................................................................................................8

Appendices..............................................................................................................8

References..................................................................................................................9

Bibliography..............................................................................................................10

Appendix...................................................................................................................11

Title - Create a framework for Computer Forensics students

Statement of Originality

Abstract

In this report an investigation into the evolution and importance of computer crime

with computer forensics, at the same time discuss the crisis of computer forensics

and the challenges faced by the Academics in the newest forensic science discipline.

There has been much research and study into key topics and relevant subjects

needed to design a curriculum framework to train and educate students to become

Computer Forensic Investigators and prepare them for the real world. The main

objective of this report has been to propose and develop a competency framework

that can be used as an educational teaching resource for Computer Forensic

investigation training in Academia, proposing different approaches and directions to

better reflect the disciplines present-day objectives.

There will be a focus on the technical aspects of producing teaching repositories and

provide an insight of students understandings of the curriculum and the challenges

and unique issues they are up against in such a fast paced technological career.

Project Introduction

This report is a review of the current CF educational resources, forensic tools and

training programs’ content, it also outlines the deductions made from studying the

many different literatures and research papers. The results and conclusions made

from this review will be the basis for the new framework and outline different

proposals for academics that train and educate students to become CF investigators

and make considerations regarding different pedagogic approaches depending on

the crime being investigated.

Issues associated with its design and development

Clear Aims and Objectives

The overall aim of the project is to develop a digital crime case study resource based

on a crime (murder) and facilitate the practicum teaching of computer forensics in

academia. Digital forensic investigators will require an in-depth understanding and

knowledge of Information Technology which requires specialised training.

Recruitment in the high tech crime industry resembles every other, they want and

require experience. Like most industries they are unable to spare time or have

access to large funds of money for training graduate students without previous know-

how. The development of this framework will involve a full investigation and analysis

of digital evidence involved in the case study scenario in addition to producing

reports of any probative digital evidence found. The main objective will be to close

the skills gap and provide students with relevant experience whilst preparing for the

importance of managing electronic evidence cases. Furthermore graduate students

can demonstrate their skills and capabilities when dealing with a specific digital crime

scenario to prospective employers and illustrate their contribution in the

investigation. The research study indicated that the development of certain practicum

and pedagogy is much needed to cope with the current challenges faced in

computer forensics.

Despite the economic recession that we are currently experiencing and the new HE

policy introduced by the UK government, the computer forensics discipline has

benefitted with HE institutions are compelled to address the employability of students

and expected to achieve a more transitional balance from academia to industry.

Literature Review

Overview

A review of areas relating to recent advances and current issues, laboratory

exercises to improve technical experiences, hands on experience in hardware and

software tools develop active learning modules. Computer forensics is a unique discipline of science, and in

many areas it requires a different approach, different tools, as well as specialised education and training. While the distinctive position of

computer forensics is generally accepted, the formal recognition of computer forensics as a section of forensic science has not yet eventuated.

What is Computer Forensics

Computer forensics involves the preservation, identification, extraction and

documentation of digital evidence in magnetic, optical, or electronic forms hard drive,

disk drives, USB drive, Zip drive),on stored media unlike paper evidence (Craiger).

When computer systems are seized, forensic specialists perform their investigation

analysis and also protect the systems and any components in the likelihood it is be

needed for criminal or civil proceedings.

Why do we need it?

Computer Crimes have been a prevalent topic in the media for several years,

although the first computer crime committed was in 1820, it is only since the

This new forensic science disciple is fast becoming progressively popular as the

proliferation of advancing technology is enterprising the criminals illegal activities.

Crimes

To assist and for the simplicity in the understanding of computer crime the following

classifications are proposed:

Criminal activity targets computer systems, networks or media storage,

a tool to facilitate a new style of crime

Assisted by computer systems, a new way to commit traditional crimes

(harassment, fraud).

Computer systems that are secondary to the crimes but utilise their facilities

as a replacement for conventional tools (drug dealers tick list) using software

accounting packages.

The classification used here is only to support and understand the context of a

complex subject. Computer crime has directly led into efforts for fighting it, computer

forensics was born. The obvious attraction to computer crime is blatantly obvious. At

the turn of the century, criminals would have found it difficult to steal the filing cabinet

and its contents, but nowadays it has been made much easier by simply

downloading the entire contents onto a usb stick or emailing the information to

storage somewhere in the cloud.

Digital Evidence

Virtually every computer device incriminated in digital media investigations and court

cases rely on digital evidence obtained from them since they nearly always leave a

digital footprint (Locards Principle).The procedures in paper evidence cases are

instinctively clear, but digital evidence is invisible to the human eye so the specific

tools that have been developed to find this evidence are used and the paper

evidence procedures are mimicked. The procedure also involves the documentation

“an audit trail”, required for the integrity and authenticity of the evidence. More

importantly this documentation provides the method used by the expert and can be

used for third parties to repeat the process and arrive at the same conclusion and

provide explanations for use in court prosecutions.

Characteristics of computer forensics curriculum in Academia

Current Pedagogy strategies

Ref: Analysing teaching design repositories

Danyu Zhang, Rafael Calvo, Nicholas Carroll, John Currie

Ref http://docs.moodle.org/24/en/Pedagogy

1. Use of Simulation techniques -

2. Reusable learning object approach

3. Hands on experience – work based

4. Individual project lab exercises

5. Team Project lab exercises

6. Use a real to life crime scene house / unit

7. Case Study Scenarios

(i) Frameworks, standards, certification and accredidation?

(ii) Content and learning outcomes

(iii) Resource materials

(iv)Digital forensic software applications and tools

Characteristics of industry based computer forensics programs

Frameworks, Standards, Certification, Accreditation?

Training methods

Content

Resource materials

Digital forensic software applications ,tools and techniques

Part 2 - Design Phase

Proposed Design of a Teaching Repositories

(i) Key Objectives

(ii) Testing / Evaluation

(iii) Forensic Image

(iv)System and Material Requirements

(v) Case Scenario Plan

(vi)Story Board, Timeline, Character Roles

(vii) Secondary Data Sources

(viii) Creating the artefacts

(ix)Methodology - Hiding the Artefacts

(x) Answer Key and Master Artefact sheet

(xi) Implementation

(xii) Testing / Evaluation

(xiii) Implementation

Summary Chapter

Leads

References

Bibliography

Appendices

Leads

Journal – IEEE

A Comparative Study of Forensic Science and Computer Forensics

Developing a computer forensics program in police higher education

Developing an Innovative Baccalaureate Program in Computer Forensics

A Framework to Guide the Implementation of Proactive Digital Forensics in

Organisations

Pedagogy and Overview of a Graduate Program in Digital Investigation

Management

Science Direct

Current issues confronting well-established computer-assisted child

exploitation and computer crime task forces

Bringing science to digital forensics with standardized forensic corpora

The future of forensic and crime scene science: Part II. A UK perspective

on forensic science education Volume 157, Supplement, Pages S1-S20

(14 March 2006)

Forensic science on trial—still! Response to “Educating the next

generation” [Science and Justice, 48 (2008) 59–60]

http://www.sleuthkit.org/sleuthkit/docs/framework-docs/basics_page.html

http://zeltser.com/cheat-sheets/

Neil C. Rowe, Testing the National Software Reference Library, Digital Investigation, Volume 9, Supplement, August 2012, Pages S131-S138, ISSN 1742-2876, 10.1016/j.diin.2012.05.009.(http://www.sciencedirect.com/science/article/pii/S1742287612000345)Abstract: The National Software Reference Library (NSRL) is an essential data source for forensic investigators, providing in its Reference Data Set (RDS) a set of hash values of known software. However, the NSRL RDS has not previously been tested against a broad spectrum of real-world data. The current work did this using a corpus of 36 million files on 2337 drives from 21 countries. These experiments answered a number of important questions about the NSRL RDS, including what fraction of files it recognizes of different types. NSRL coverage by vendor/product was also tested, finding 51% of the vendor/product names in our corpus had no hash values at all in NSRL. It is shown that coverage or “recall” of the NSRL can be improved with additions from our corpus such as frequently-occurring

files and files whose paths were found previously in NSRL with a different hash value. This provided 937,570 new hash values which should be uncontroversial additions to NSRL. Several additional tests investigated the accuracy of the NSRL data. Experiments testing the hash values saw no evidence of errors. Tests of file sizes showed them to be consistent except for a few cases. On the other hand, the product types assigned by NSRL can be disputed, and it failed to recognize any of a sample of virus-infected files. The file names provided by NSRL had numerous discrepancies with the file names found in the corpus, so the discrepancies were categorized; among other things, there were apparent spelling and punctuation errors. Some file names suggest that NSRL hash values were computed on deleted files, not a safe practice. The tests had the secondary benefit of helping identify occasional errors in the metadata obtained from drive imaging on deleted files in our corpus. This research has provided much data useful in improving NSRL and the forensic tools that depend upon it. It also provides a general methodology and software for testing hash sets against corpora.Keywords: NSRL; Forensics; Files; Hash values; Coverage; Accuracy; Extensions; Directories

http://cfed-ttf.blogspot.co.uk/

President Obama Expands “Educate to Innovate” Campaign for Excellence in Science, Technology, Engineering, and Mathematics (STEM) Education.

For educators who want a view of some of the education materials already available, check out stay safe online sponsored by the National Cybersecurity Alliance to learn more.

The National Science Foundation is working to build an information security workforce who will play a critical role in implementing the national strategy to secure cyberspace through several efforts including its Advanced Technology Education (ATE) program. Currently three ATE Regional centers serve to increase the quality and quantity of the cybersecurity workforce:  the Cyber Security Education Consortium, Center for System Security and Information Assurance, and CyberWatch.

o CyberWatch overview

The National Centers of Academic Excellence sponsored by NSA and the Department of Homeland Security (DHS) promotes higher education and research in IA and helps to increase the number of professionals with IA expertise in various disciplines

\\p

http://digitalforensicsisascience.blogspot.co.uk/2012/01/series-introduction-spring-

2012-anti.html

http://windowsir.blogspot.co.uk/p/little-black-book-of-windows-forensic.html

Welcome to ITALICS - Innovation in Teaching And Learning in Information and Computer SciencesEdited by Stephen Hagan, University of Ulster

This is a temporary home page until our exciting new website is constructed over the coming

months.

Welcome to ITALICS, Innovation in Teaching And Learning in Information and Computer Sciences, the electronic

journal of the Higher Education Academy for Information and Computer Sciences (ICS). ITALICS provides a

vehicle for members of the ICS communities to disseminate best practice and research on learning and teaching

within their disciplines.

ScopeITALICS aims to highlight current issues in learning and teaching Information and Computer Sciences at the

Higher Education (HE) level including:

Innovative approaches to learning and teaching

Developments in computer-based learning and assessment

Open, distance, collaborative and independent learning approaches

The variety of contexts in which students in HE learn -

Including work-based learning, placements and study visits

Improving the student experience

Continuous professional development

The integration of theory and practice

SubmissionsSubmissions to be sent to Stephen Hagan.

Along with your article, please send us a signed copy of the contributor’s agreement.  Please download this pdf

file, sign it and return the paper copy to Hazel White, The Higher Education Academy, Innovation Way,

Heslington York, YO10 5BR.  We would also welcome scanned, signed copies sent by email to Hazel White but

please send your paper copy as well.  In the event that your article is not accepted for publication, we shall

destroy this agreement.

IssuesThere will be three issues of ITALICS each year, published in February, June and November. The journal will

include:

An editorial

Peer reviewed papers

Book reviews

Themed issues will be produced at least once a year and there will be opportunities for guest editors to take the

helm. If you are interested in contributing to a themed issue or becoming a guest editor for ITALICS, pleaseemail

us.

ITALICS, June 2012 issue

Volume 11

June 2012 issue

Editorial Individual papers from the authors

Paper 1

Paper 2

Paper 3

Paper   4

Paper 5

Paper 6  

Paper 7

Previous issues of ITALICS are available on ICS website, and will shortly be available from this page.

References

Bibliography

2003. Accreditation, quality control & assurance. Forensic Science International,

136, Supplement 1, 5-10.

ARMSTRONG, C. J. 2003. Mastering computer forensics. Security education and critical

infrastructures, 125, 151.

ARMSTRONG, C. 2007. An Analysis of Computer Forensic Practitioners Perspectives on Education

and Training Requirements. Fifth World Conference on Information Security Education, 1-8.

ARMSTRONG, C. J. 2012. Computer Forensics (CF 601) Unit Outline Semester 1, 2012.

ARMSTRONG, H. & ARMSTRONG, C. 2007. The Role of Information Security Industry Training and

Accreditation in Tertiary Education. Fifth World Conference on Information Security Education, 137-

140.

ARMSTRONG, C. J. 2005. Development of a Research Framework for Selecting Computer Forensic

Tools. Curtin University of Technology.

ARMSTRONG, C. J. & ARMSTRONG, H. L. Mapping information security curricula to professional

accreditation standards. 2007. IEEE, 30-35.

ARMSTRONG, C. 2003. Developing a framework for evaluating computer forensic tools. Evaluation

in Crime Trends and justice: Trends and Methods Conference in Conjunction with the Australian

Bureau of Statistics, Canberra Australia, 24-25.

ARMSTRONG, C. & JAYARATNA, N. 2004. Teaching computer forensics, uniting practice with

intellect. Proceedings of the 8th Colloquium for Information Systems Security Education, West Point

New York.

AUSTIN, R. D. Digital forensics on the cheap: teaching forensics using open source tools.

Proceedings of the 4th annual conference on Information security curriculum development, 2007.

ACM, 6.

BATTEN, L. & PAN, L. 2008. Teaching digital forensics to undergraduate students. Security &

Privacy, IEEE, 6, 54-56.

BECKETT, J. & SLAY, J. 2011. Scientific underpinnings and background to standards and

accreditation in digital forensics. Digital Investigation, 8, 114-121.

BEM, D. & HUEBNER, E. Computer forensics workshop for undergraduate students. 2008. Australian

Computer Society, Inc., 29-33.

BASSETT, R., BASS, L. & O’BRIEN, P. 2006. Computer forensics: An essential ingredient for cyber

security. Journal of Information Science and Technology, 3, 22-32.

BRILL, A. E., POLLITT, M. & WHITCOMB, C. M. 2006. The evolution of computer forensic best practices: an

update on programs and publications. Journal of Digital Forensic Practice, 1, 3-11.

BRINSON, A., ROBINSON, A. & ROGERS, M. 2006. A cyber forensics ontology: Creating a new

approach to studying cyber forensics. digital investigation, 3, 37-43.

CALOYANNIDES, M. A. 2003. Digital evidence and reasonable doubt. IEEE Security and Privacy, 1,

89-91.

CARBONE, A., MANNILA, L. & FITZGERALD, S. 2007. Computer science and IT teachers' conceptions

of successful and unsuccessful teaching: A phenomenographic study. Computer Science Education,

17, 275-299.

CARRIER, B. & SPAFFORD, E. H. An event-based digital forensic investigation framework. Digital

forensic research workshop, 2004.

CARRIER, B. & SPAFFORD, E. H. 2003. Getting physical with the digital investigation process.

International Journal of Digital Evidence, 2, 1-20.

CHEN, P. S., TSAI, L. M. F., YING-CHIEH, C. & YEE, G. Standardizing the construction of a digital

forensics laboratory. Systematic Approaches to Digital Forensic Engineering, 2005. First

International Workshop on, 7-9 Nov. 2005 2005. 40-47.

CHI, H., JONES, E. L., CHATMON, C. & EVANS, D. Design and Implementation of Digital Forensics

Labs.

CHU, H. C., LIN, W. D. & CHANG, K. H. 2010. Digital Forensics Core Curriculum Design in Higher

Education in Ubiquitous Computing Era. 淡江理工學刊, 13, 89-97.

COHEN, M., GARFINKEL, S. & SCHATZ, B. 2009. Extending the advanced forensic format to

accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow.

digital investigation, 6, S57-S68.

COLLINS, D. & MCGUIRE, T. 2008. Using the DC3 forensic challenge as a basis for a special topics

digital forensics upper level undergraduate course. Journal of Computing Sciences in Colleges, 23,

8-14.

CONGDON, C. B., FITZGERALD, S., KING, M. S., SEMMES, P. & CHAIRMAN-KAY, D. G. 2000. Teaching

advice and support for new and adjunct faculty (panel session): experiences, policies, and

strategies. ACM SIGCSE Bulletin, 32, 414-415.

COOPER, P., FINLEY, G. T. & KASKENPALO, P. Towards standards in digital forensics education.

Proceedings of the 2010 ITiCSE working group reports, 2010. ACM, 87-95.

CRAIGER, J. P., POLLITT, M. & SWAUGER, J. 2005. Law enforcement and digital evidence. Handbook

of Information Security John Wiley & Sons (in Print).

CRAIGER, P., BURKE, P., MARBERRY, C. & POLLITT, M. 2008. A virtual digital forensics laboratory.

Advances in Digital Forensics IV, 357-365.

CRAIGER, P., PONTE, L., WHITCOMB, C., POLLITT, M. & EAGLIN, R. Master's Degree in Digital

Forensics. 2007. IEEE, 264b-264b.

CRELLIN, J., ADDA, M. & DUKE-WILLIAMS, E. 2010. The use of simulation in digital forensics

teaching.

CRELLIN, J., ADDA, M., DUKE-WILLIAMS, E. & CHANDLER, J. 2011. Simulation in computer forensics

teaching: the student experience.

CRELLIN, J. & KARATZOUNI, S. 2009. Simulation in digital forensic education.

DAVEY, J., ARMSTRONG, C. & ARMSTRONG, H. 2001. Teaching cyberwarfare tactics and strategy.

DINOLT, G., FARRELL, P., GARFINKEL, S. & ROUSSEV, V. 2009. Bringing Science to Digital Forensics

with Standardized Forensic Corpora. NAVAL POSTGRADUATE SCHOOL MONTEREY CA GRADUATE

SCHOOL OF OPERATIONAL AND INFORMATION SCIENCES.

DOWNS, J. C. U. & RANADIVE SWIENTON, A. 2012. Chapter 6 - Ethics Codes in Other Organizations:

Structures and Enforcement. In: DOWNS, J. C. U. & ANJALI RANADIVE, S. (eds.) Ethics in Forensic

Science. San Diego: Academic Press.

DURANTI, L. & ENDICOTT-POPOVSKY, B. 2010. Digital records forensics: A new science and

academic program for forensic readiness. Journal of Digital Forensics, Security and Law, 5.

ENDICOTT-POPOVSKY, B., FRINCKE, D. & POPOVSKY, V. 2004. Designing a Computer Forensics

Course for an Information Assurance Track. 8th Colloquium for Information Systems Security

Education, West Point, NY.

ENDICOYTT-POPUVSKY, B. 2003. Ethics and teaching information assurance. Security & Privacy,

IEEE, 1, 65-67.

FERGUSON-BOUCHER, K. & ENDICOTT-POPOVSKY, B. 2008. Digital Forensics and Records

Management: What We Can Learn from the Discipline of Archiving.

GARFINKEL, S. 2007. Anti-forensics: Techniques, detection and countermeasures. The 2nd

International Conference on i-Warfare and Security (ICIW), 77-84.

GARFINKEL, S. 2012. Lessons learned writing digital forensics tools and managing a 30TB digital

evidence corpus. Digital Investigation, 9, S80-S89.

GARFINKEL, S., FARRELL, P., ROUSSEV, V. & DINOLT, G. 2009. Bringing science to digital forensics

with standardized forensic corpora. digital investigation, 6, S2-S11.

GARFINKEL, S., WOODS, K., LEE, C. A., DITTRICH, D., RUSSELL, A. & KEARTON, K. 2011. Creating

Realistic Corpora for Security and Forensic Education. NAVAL POSTGRADUATE SCHOOL MONTEREY

CA DEPT OF COMPUTER SCIENCE.

GARFINKEL, S. L. 2007. Forensic corpora: a challenge for forensic research. Electronic Evidence

Information Center.

GARFINKEL, S. L. 2010. Digital forensics research: The next 10 years. Digital Investigation, 7, S64-

S73.

GARFINKEL, S. L. 2012. Methods for creating realistic disk images for forensics tool testing and

education.

GOTTSCHALK, L., LIU, J., DATHAN, B., FITZGERALD, S. & STEIN, M. 2005. Computer forensics

programs in higher education: a preliminary study. ACM SIGCSE Bulletin, 37, 147-151.

GILLAM, W. B. & ROGERS, M. 2005. File Hound: A Forensics Tool for First Responders. Digital

forensics research workshop, New Orleans, LA. Retrieved from http://www. dfrws. org.

GOTTSCHALK, P., FILSTAD, C., GLOMSETH, R. & SOLLI-SÆTHER, H. 2011. Information management

for investigation and prevention of white-collar crime. International Journal of Information

Management, 31, 226-233.

GUO, Y. & SLAY, J. 2010. Testing Forensic Copy Function of Computer Forensics Investigation Tools.

Journal of Digital Forensic Practice, 3, 46-61.

HAGGERTY, J. & TAYLOR, M. 2006. Managing corporate computer forensics. Computer Fraud &

Security, 2006, 14-16.

HANKINS, R., UEHARA, T. & LIU, J. A comparative study of forensic science and computer forensics.

2009. IEEE, 230-239.

HANNAN, M., FRINGS, S., BROUCEK, V. & TURNER, P. Forensic Computing Theory & Practice:

Towards developing a methodology for a standardised approach to Computer misuse. 1st

Australian Computer, Network and Information Forensics Conference, Perth, WA, Australia, 2003.

HARRISON, W. 2006. A term project for a course on computer forensics. Journal on Educational

Resources in Computing (JERIC), 6, 6.

HIBSHI, H., VIDAS, T. & CRANOR, L. Usability of forensics tools: a user study. IT Security Incident

Management and IT Forensics (IMF), 2011 Sixth International Conference on, 2011. IEEE, 81-91.

HUANG, J., YASINSAC, A. & HAYES, P. J. Knowledge Sharing and Reuse in Digital Forensics. 2010.

IEEE, 73-78.

HUEBNER, E., BEM, D. & BEM, O. 2007. Computer Forensics–Past, Present And Future. Information

security Technical report, 8, 32-46.

HUEBNER, E., BEM, D. & CHEUNG, H. 2010. Computer Forensics Education–the Open Source

Approach. Open Source Software for Digital Forensics, 9-23.

HUEBNER, E., BEM, D. & RUAN, C. Computer forensics tertiary education in Australia. 2008. IEEE,

1383-1387.

HUEBNER, E., BEM, D. & WEE, C. K. 2006. Data hiding in the NTFS file system. digital investigation,

3, 211-226.

HUEBNER, E. & ZANERO, S. 2010. Open source software for digital forensics, Springer

HUNTON, P. 2012. Managing the technical resource capability of cybercrime investigation: a UK law

enforcement perspective. Public Money & Management, 32, 225-232.

IRONS, A., STEPHENS, P. & FERGUSON, R. 2009. Digital Investigation as a distinct discipline: A

pedagogic perspective. Digital Investigation, 6, 82-90.

J CRELLIN, J., ADDA, M. DUKE-WILLIAMS, E. Virtual Worlds for Simulation in Computer Forensics

Teaching. 2011.

JIGANG, L. Developing an Innovative Baccalaureate Program in Computer Forensics. 2006. 1-6.

KABAY, M. E. 2003. Crime, Use of Computers in. In: EDITOR-IN-CHIEF:   HOSSEIN, B. (ed.)

Encyclopedia of Information Systems. New York: Elsevier.

KESSLER, G. C. & HAGGERTY, D. Pedagogy and Overview of a Graduate Program in Digital

Investigation Management. Hawaii International Conference on System Sciences, Proceedings of

the 41st Annual, 2008. IEEE, 481-48

KESSLER, G. C. & SCHIRLING, M. E. 2006. The design of an undergraduate degree program in

computer & digital forensics. Journal of Digital Forensics, Security, and Law, 3, 37-50.

LACEY, T. H., PETERSON, G. L. & MILLS, R. F. The Enhancement of Graduate Digital Forensics

Education via the DC3 Digital Forensics Challenge. System Sciences, 2009. HICSS '09. 42nd Hawaii

International Conference on, 5-8 Jan. 2009 2009. 1-9.

LAWRENCE, K. R. & CHI, H. Framework for the design of web-based learning for digital forensics

labs. Proceedings of the 47th Annual Southeast Regional Conference, 2009. ACM, 76.

LEE, J., UN, S. & HONG, D. Improving Performance in Digital Forensics: A Case Using Pattern

Matching Board. Availability, Reliability and Security, 2009. ARES'09. International Conference on,

2009. IEEE, 1001-1005.

LIN, Y. C. 2008. Study of computer forensics from a cross-cultural perspective: Australia and Taiwan.

Ph. D. Dissertation, University of South Australia.

LISTER, R., BERGLUND, A., BOX, I., COPE, C., PEARS, A., AVRAM, C., BOWER, M., CARBONE, A.,

DAVEY, B. & DE RAADT, M. Differing ways that computing academics understand teaching. 2007.

Australian Computer Society, Inc., 97-106.

LIU, J. Developing an innovative baccalaureate program in computer forensics. 2006. IEEE, 1-6.

LIU, J. 2010. Implementing a baccalaureate program in computer forensics. Journal of Computing

Sciences in Colleges, 25, 101-109.

LIU, J. & UEHARA, T. Computer forensics in Japan: a preliminary study. 2009. IEEE, 1006-1011.

LIU, J., UEHARA, T. & SASAKI, R. 2011. Development of digital forensics practice and research in

Japan. Wireless Communications and Mobile Computing, 11, 240-253.

LOGAN, P. Y. & CLARKSON, A. Teaching students to hack: curriculum issues in information security.

ACM SIGCSE Bulletin, 2005. ACM, 157-161.

MANZANO, Y. Software Forensics Overview.

MANSON, D., CARLIN, A., RAMOS, S., GYGER, A., KAUFMAN, M. & TREICHELT, J. Is the open way a

better way? Digital forensics using open source tools. System Sciences, 2007. HICSS 2007. 40th

Annual Hawaii International Conference on, 2007. IEEE, 266b-266b.

MAXWELL, K. D., LOKAN, C., WRIGHT, T., HILL, P. R., STRINGER, M., HEIRES, J. T., FOGLE, S., LOULIS,

C., NEUENDORF, B. & THOMAS, G. C. Benchmarking Software Organizations.

MCGUIRE, T. J. & MURFF, K. N. 2006. Issues in the development of a digital forensics curriculum. J.

Comput. Sci. Coll., 22, 274-280.

MENNELL, J. 2006. The future of forensic and crime scene science: Part II. A UK perspective on

forensic science education. Forensic science international, 157, S13-S20.

MEYERS, M. 2005. Computer Forensics: Towards Creating A Certification Framework. M. Sc. Diss.,

Centre for Education and Research in Information Assurance and Security, Purdue University, West

Lafayette, IN.

MEYERS, M. 2005. CERIAS Tech Report 2005-28 COMPUTER FORENSICS: TOWARDS CREATING A

CERTIFICATION FRAMEWORK.

EYERS, M. & ROGERS, M. 2004. Computer forensics: the need for standardization and certification.

International Journal of Digital Evidence, 3, 1-11.

MEYERS, M. & ROGERS, M. 2005. Digital forensics: meeting the challenges of scientific evidence.

Advances in Digital Forensics, 43-50.

NANCE, K., ARMSTRONG, H. & ARMSTRONG, C. Digital forensics: Defining an education agenda.

2010. IEEE, 1-10.

OWEN, P. & THOMAS, P. 2011. An analysis of digital forensic examinations: Mobile devices versus hard disk drives utilising ACPO & NIST guidelines. Digital Investigation, 8, 135-140.

OSTERBURG, J. W. & WARD, R. H. 2010. Chapter 13 - Reconstructing the Past: Methods, Evidence,

Examples. Criminal Investigation (Sixth Edition). Boston: Anderson Publishing, Ltd.

PASHEL, B. A. Teaching students to hack: ethical implications in teaching students to hack at the

university level. Proceedings of the 3rd annual conference on Information security curriculum

development, 2006. ACM, 197-200.

PETERSON, G., RAINES, R. & BALDWIN, R. Graduate Digital Forensics Education at the Air Force

Institute of Technology. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International

Conference on, 2007. IEEE, 264c-264c.

PETERSON, G. L., RAINES, R. A. & BALDWIN, R. O. Graduate Digital Forensics Education at the Air

Force Institute of Technology. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii

International Conference on, Jan. 2007 2007. 264c-264c.

PHILIP, C., LUCILLE, P., CARRIE, W., MARK, P. & RONALD, E. Master's Degree in Digital Forensics.

System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, Jan. 2007

2007. 264b-264b.

POLLITT, M., CALOYANNIDES, M., NOVOTNY, J. & SHENOI, S. 2004. Digital forensics: operational,

legal and research issues. Data and Applications Security XVII, 393-403.

POLLITT, M., NANCE, K., HAY, B., DODGE, R. C., CRAIGER, P., BURKE, P., MARBERRY, C. & BRUBAKER,

B. 2008. Virtualization and digital forensics: a research and education agenda. Journal of Digital

Forensic Practice, 2, 62-73.

POLLITT, M. M. 1995. Principles, practices, and procedures: an approach to standards in computer

forensics. Second International Conference on Computer Evidence, 10-15.

ROGERS, M. 2003. Computer forensics: Science or fad. Security Wire Digest, 5.

ROGERS, M. 2003. The role of criminal profiling in the computer forensics process. Computers &

Security, 22, 292-298.

ROGERS, M. & MEYERS, M. 2010. Digital Forensics: Meeting the Challenges of Scientific Evidence.

IFIP International Federation for Information Processing, 194.

ROGERS, M. K. The Future of Digital Forensics: Challenges and Opportunities.

ROGERS, M. K. & SEIGFRIED, K. 2004. The future of computer forensics: a needs analysis survey. Computers & Security, 23, 12-16.

SAHAMI, M., ROACH, S., CUADROS-VARGAS, E. & REED, D. Computer science curriculum 2013:

reviewing the strawman report from the ACM/IEEE-CS task force. Proceedings of the 43rd ACM

technical symposium on Computer Science Education, 2012. ACM, 3-4.

SALT, D. W., LALLIE, H. S. & LAWSON, P. STUDYING FIRST YEAR FORENSIC COMPUTING: MANAGING

THE STUDENT EXPERIENCE.

SHINDER, L. & CROSS, M. 2008. Chapter 16 - Building the Cybercrime Case. Scene of the

Cybercrime (Second Edition). Burlington: Syngress.

SIMMONS, M. & CHI, H. Designing and implementing cloud-based digital forensics hands-on labs.

Proceedings of the 2012 Information Security Curriculum Development Conference, 2012. ACM, 69-

74.

SIMON, M. & SLAY, J. Forensic Computing Training, Certification and Accreditation: An Australian

Overview. Fifth World Conference on Information Security Education, 2007. Springer, 105-112.

SIMPSON, J., SIMPSON, M., ENDICOTT-POPOVSKY, B. & POPOVSKY, V. 2010. Secure Software

Education: A Contextual Model-Based Approach. International Journal of Secure Software

Engineering (IJSSE), 1, 35-61.

SOMMER, P. 1997. Downloads, logs and captures: Evidence from cyberspace. Journal of Financial

Crime, 5, 138-151.

SOMMER, P. 1998. Digital footprints: Assessing computer evidence. Criminal Law Review, 12, 61-78.

SOMMER, P. 2002. Downloads, Logs and Captures: Evidence from Cyberspace. CTLR-OXFORD-, 8,

33-42.

SOMMER, P. 2004. The future for the policing of cybercrime. Computer Fraud & Security, 2004, 8-

12.

SOMMER, P. 2004. The challenges of large computer evidence cases. Digital Investigation: The

International Journal of Digital Forensics & Incident Response, 1, 16-17.

SOMMER, P. 2010. Forensic science standards in fast-changing environments. Science & Justice, 50,

12-17.

SOMMER, P. 2011. Certification, registration and assessment of digital forensic experts: The UK

experience. Digital investigation, 8, 98-105.

SZEŻYŃSKA, M., HUEBNER, E., BEM, D. & RUAN, C. 2009. Methodology and Tools of IS Audit and

Computer Forensics–The Common Denominator. Advances in Information Security and Assurance,

110-121.

TAYLOR, C., ENDICOTT-POPOVSKY, B. & FRINCKE, D. A. 2007. Specifying digital forensics: A

forensics policy approach. digital investigation, 4, 101-104.

TAYLOR, C., ENDICOTT-POPOVSKY, B. & PHILLIPS, A. Forensics education: Assessment and measures

of excellence. 2007. IEEE, 155-165.

THOMAS, P., TRYFONAS, T. & SUTHERLAND, I. AN ANALYSIS OF THE CURRICULUM COMPONENTS OF

COMPUTER FORENSICS UNDERGRADUATE COURSES IN THE UNITED KINGDOM. ITALICS Volume 8

(1) February 2009, 39.

TU, M., CRONIN, K., XU, D. & WIRA, S. On the Development of Digital Forensics Curriculum.

WANG, Y., CANNADY, J. & ROSENBLUTH, J. 2005. Foundations of computer forensics: A technology

for the fight against computer crime. Computer Law & Security Review, 21, 119-127.

WASSENAAR, D., WOO, D. & WU, P. 2009. A certificate program in computer forensics. Journal of

Computing Sciences in Colleges, 24, 158-167

WHITE, J. H., LESTER, D., GENTILE, M. & ROSENBLEETH, J. 2011. The utilization of forensic science

and criminal profiling for capturing serial killers. Forensic Science International, 209, 160-165.

WOODS, K., LEE, C., GARFINKEL, S., DITTRICH, D., RUSSELL, A. & KEARTON, K. 2011. Creating

realistic corpora for forensic and security education. 2011 ADFSL conference on digital forensics,

security and law. Richmond, VA: Elsevier.

WOODS, K., LEE, C. A. & GARFINKEL, S. Extending digital repository architectures to support disk

image preservation and access. 2011. ACM, 57-66.

WOODS, K., LEE, C. A., GARFINKEL, S., DITTRICH, D., RUSSELL, A. & KEARTON, K. 2011. Creating

Realistic Corpora for Security and Forensic Education. DTIC Document.

YASINSAC, A. & BURMESTER, M. 2005. Centers of academic excellence: a case study. Security &

Privacy, IEEE, 3, 62-65.

YASINSAC, A., ERBACHER, R. F., MARKS, D. G., POLLITT, M. M. & SOMMER, P. M. 2003. Computer

forensics education. Security & Privacy, IEEE, 1, 15-23.

ZHOU, Y. & JIANG, K. An Analysis System for Computer Forensic Education, Training, and Awareness.

Computing, Measurement, Control and Sensor Network (CMCSN), 2012 International Conference

on, 2012. IEEE, 48-51.

Appendix