module specification

CC5005 - Computer Forensics (2018/19)

Module specification Module approved to run in 2018/19
Module title Computer Forensics
Module level Intermediate (05)
Credit rating for module 30
School School of Computing and Digital Media
Total study hours 300
90 hours Scheduled learning & teaching activities
139 hours Guided independent study
71 hours Assessment Preparation / Delivery
Assessment components
Type Weighting Qualifying mark Description
Coursework 30%   CW1 a technical report 1200 words online submission
Coursework 30%   CW2 a case study 1200 words online submission
Unseen Examination 40%   2 hours unseen written exam
Running in 2018/19
Period Campus Day Time Module Leader
Year North Monday Afternoon

Module summary

This module addresses the growing demand from law enforcement departments, security agencies and commercial organisations for skilled practitioners in Computer forensics. Computer forensic investigation requires an understanding of computer-related crimes, an appreciation of relevant laws, a high level of technical expertise, a methodical approach to investigation, and the ability to explain complex technical ideas simply. This module introduces the principles of computer forensics, develops the digital forensic analysis knowledge and skills required by the discipline, and prepares students for the career as a computer forensic investigator.

Prior learning requirements

Successful completion of level 4 or equivalent


History of computer forensics, the use of electronic evidence, and scientific techniques in computer forensic investigations; LO1,LO2
• Computer law, ethics, and ethical responsibilities of studying computer forensics; LO1,LO2
• New developments in digital crimes based on the latest Internet technology, including the Internet chat room, etc.; LO5, LO6
• Professional guidelines and policies in the discipline of computer forensics, such as those defined by the Association of Chief Police Officers (ACPO); LO4
• Principles of computer forensic investigation, control of a crime scene, and securement and verification of authenticity of evidence; LO3
• Computer forensic tools and applications, the functionality of a range of computer forensic tools, benefits and short comes/limitations of various computer forensics tools, e.g. EnCase, FTK, WinHex, etc.; LO3,LO4
• Investigative plans and forensic workstations set up for specific investigations, and outlines of step-by-step processes for retrieving potential evidence;LO5,LO6
• Image files on an evidence disk, examinations and recovery of image files, data compression, steganography, and copyright issues; LO5,LO6
• Dealing with deleted files and slack space, and acquisition of data from a suspect's drive with special tools; LO5,LO6
• E-mail crimes and violations, email forensic investigations, and popular e-mail forensic tools; LO5,LO6
• Network-centred forensic investigations, tools, methods, and using network logs to collect evidence of a network intrusion incident or a crime; LO1,LO7
• Communicating and presenting investigative findings in such ways that they meet the standards expected in a court of law LO1,LO7
• Expert witness and reporting results of investigations in a court of law LO1,LO4
• General introduction to forensic examinations on mobile devices LO5,LO6

Balance of independent study and scheduled teaching activity

• A process of personal development planning takes place throughout the course to help students to think about and make sense of what is being learnt and why, plan ahead and relate to what has been learned and their own future.
• Students will be expected and encouraged to produce such as reflective commentaries and graduation statements on the learning activities and tasks that they carry out to complete their work.
• Students are invited to include PDP via learning journals, case books, annotated sketchbooks, and/or blog environment.

Learning outcomes

By the end of this module, students should be able to:
LO1. develop a broader understanding of the relevant computer crime, law and computer forensics literature and explain the particular legal, ethical and professional challenges facing the computer forensics practitioners;
LO2. discuss the basic principles of computer forensics and describe the role computer forensics plays in deterring and detecting computer crime;
LO3. appreciate and explain the basic tools including the hardware and software, required in the investigations;
LO4. understand the nature of computer forensic investigation, control of a crime scene, and securement and verification of authenticity of evidence;
LO5. undertake computer forensic analysis by applying appropriate principles of computer forensics whilst preserving evidential integrity throughout the analysis;
LO6. analyse and evaluate digital evidence (and the interpretations of that evidence) obtained from computer forensics investigations and apply appropriate legal and procedural principles to that evidence;
LO7. communicate and present investigative findings in such ways that they meet the standards expected in a court of law.

Assessment strategy

Coursework 1 is a technical report (1200 words) - online submission, which is the culmination of good literature review work carried out through using a wide mix of sources: lecture slides, textbooks, industrial standards and guidelines, research papers, and web resources. It’s aimed at developing students’ knowledge, confidence and problem solving strategies [LO1].

Coursework 2 is a case study (1200 words) - online submission, which is designed to enhance learning by offering a case study in computer forensic investigation and the opportunities to carry out research into current issues and technologies with computer forensics [LO6,7].

The workshop materials, activities and informal feedback opportunities in the class and workshops will be used to support student learning and provide the impetus for tackling coursework 1 and 2.

Formative assessment and feedback opportunities will be provided to develop student understanding of the subject.
• The formative exam will be used to assess students’ deeper understanding of the concepts [LO2-5].


Where possible, the most current version of reading materials is used during the delivery of this module.  Comprehensive reading lists are provided to students in their handbooks.  Reading Lists will be updated annually.

Core Text:
• Solomon Michael G. & Barrett D. & Broom N., 2011, Computer Forensics Jump Start, SYBEX
• Bryant R. & etc. 2008, Investigating Digital Crime, Wiley
• Volonino L. & Anzaldua R. & Godwin J., 2007, Computer Forensics: Principles and Practices, Pearson Prentice Hall
• Nelson B. & Philips A. & Enfinger F. & Steuart C., 2016, Guide to Computer Forensics and Investigations, 5edition, Cengage Learning Course Technology
Other Texts:
• Kruse II  W. G. & Heiser J. G., 2002, Computer Forensics: incident response essentials, Addison Wesley
• Jones K. J. & Bejtlich R. & Rose C. W., 2006, Real Digital Forensics Computer Security and Incident Response, Addison-Wesley
• Carrier B., 2005, File Systems Forensic Analysis, Addison-Wesley
• Farmer D. & Venema W., 2005, Forensic Discovery, Addison-Wesley
• Britz M. T., 2004, Computer Forensics and Cyber Crime, Pearson Prentice Hall

• IEEE transactions on information forensics and security, IEEE Signal Processing Society, 2006 Quarterly
• Digital forensics magazine [electronic resource], TR Media, Quarterly, Began with Issue 01 (Nov. 2009)
Electronic Databases:
• Westlaw, UK [electronic resource], Sweet and Maxwell
Social Media Sources: N/A
Other: None