module specification

CC6003 - Digital Crime Investigation (2018/19)

Module specification Module approved to run in 2018/19
Module title Digital Crime Investigation
Module level Honours (06)
Credit rating for module 30
School School of Computing and Digital Media
Total study hours 300
90 hours Scheduled learning & teaching activities
139 hours Guided independent study
71 hours Assessment Preparation / Delivery
Assessment components
Type Weighting Qualifying mark Description
Coursework 50%   CW (1500 words) - online submission
Unseen Examination 50%   1-hour exam, designed for CompTIA Security+ certification
Running in 2018/19
Period Campus Day Time Module Leader
Year North Monday Morning

Module summary

Nowadays, digital crimes are far more sophisticated and harder to fight against. It is imperative to explore advanced detective and preventive technology in combating the ever-changing computer crimes. This module provides knowledge of how to detect and prevent digital crimes. In this module, students are also prepared for their career as a professional working in Computer Forensics and IT Security industry. It provides students with practical knowledge and skills needed to succeed in the external exam from the certification of CompTIA Security+.

Prior learning requirements

Successful completion of level 5 or equivalent


• Introduction to digital crime evolution and cyber hacking LO1,LO2,LO3
• The media and techniques involved in information hiding LO2,LO3
• Data recovery and analysis, digital evidence collection and processing LO4,LO5
• Data hiding and detection techniques at physical and operating system level LO3
• Covert Channel Analysis and Data Hiding in TCP/IP LO4,LO6
• Steganography in different types of media such as textual data, images, audio, and streaming media LO3,LO4,LO5
• Steganalytical techniques for selected media types and approaches to traitor tracing LO3,LO4,LO5
• Digital watermarking and media signature, detecting copying LO3,LO5
• Data mining security, associated crime detection, and criminal behaviour LO3,LO5
• Real-time analytical techniques for detecting security events on active systems and networks (eg intrusion detection) LO6
• CompTIA Security+ Study Guide, which includes LO7
 Network security LO7
 Compliance and operational security LO7
 Threats and vulnerabilities LO7
 Application, data and host security LO7
 Access control and identity management LO7
Cryptography LO3

Balance of independent study and scheduled teaching activity

• A process of personal development planning takes place throughout the course to help students to think about and make sense of what is being learnt and why, plan ahead and relate to what has been learned and their own future.
• Students will be expected and encouraged to produce such as reflective commentaries and graduation statements on the learning activities and tasks that they carry out to complete their work.
• Students are invited to include PDP via learning journals, case books, annotated sketchbooks, and/or blog environment.

Learning outcomes

On successful completion of the module students will be able to:
LO1. identify and apply major developments in the digital crime investigation field;
LO2. demonstrate an understanding of how advances in digital technology are related to criminal behaviour;
LO3. appreciate the relationships between the advances in digital technology and information hiding technique and their retrieval;
LO4. evaluate and select appropriate tools and techniques for the detection and prevention of digital crime;
LO5. perform a digital forensic analysis using suitable steganalytical methods for different types of media;
LO6. be familiar with the different approaches that can be applied to real-time cyber crime detection;
LO7. be prepared for the CompTIA Security+ certification exam.

Assessment strategy

Students are assessed by two compulsory assessments [LO1-7] and an optional assessment [LO7] which is organised externally by the CompTIA, a leading provider of vendor-neutral certifications in the world.

The first compulsory assessment [LO1-6] is an assignment based on the successful completion of a series of workshop tasks. It will allow students to demonstrate their awareness of the contexts in the prevention and detection of digital crimes. Students will produce a report (about 1500 words in total) detailing with their findings of an investigation into an area relating to theoretical understanding and explanation of new technology crimes, their detection and prevention, as well as the knowledge and skills necessary for handling digital evidence.

The second compulsory assessment [LO7], 1-hour exam, is designed to assess the practical knowledge and skills needed to succeed in the CompTIA Security+ certification exam, which will provide students with the confidence and competence in the external CompTIA Security+ accreditation exam.


Where possible, the most current version of reading materials is used during the delivery of this module.  Comprehensive reading lists are provided to students in their handbooks.  Reading Lists will be updated annually.

Core Text:
• Robin, B., (2008) Investigating Digital Crime. Wiley
• David L. Prowse (2017) CompTIA Security+ SY0-501 Cert Guide (4th Edition) (Certification Guide), Pearson
Other Texts:
• Casey, E. (2010) Digital evidence and computer crime, Third edition: forensic science, computers and the Internet, Academic Press.
• Carrier, B. (2005) File System Forensic Analysis. Addison-Wesley.
• Jones, K.J., Bejtlich, R., and Rose, C.W. (2006) Real Digital Forensics. Addison-Wesley.
• Steve Anson, Steve Bunting, Ryan Johnson, and Scott Pearson, 2012,Mastering Windows Network Forensics and Investigation, SYBEX
• Michael Gregg, Build Your Security LAB a field guide for network testing, 2008, Wiley
• Cox, I.J., Miller, M., and Bloom, J. (2007) Digital Watermarking and Steganography, Morgan Kaufmann Publishers
• International Conference on IT Security Incident Management & IT Forensics, Proceedings/International Conference on IT Security Incident Management & IT Forensics, Los Alamitos, Calif. IEEE Computer Society
• IEEE transactions on information forensics and security, IEEE Signal Processing Society, 2006 Quarterly
• Digital forensics magazine [electronic resource], TR Media, Quarterly, Began with Issue 01 (Nov. 2009)
• Digital investigation, ScienceDirect (Online service), Kidlington & Elsevier, eJournal/eMagazine
Electronic Databases:
Social Media Sources: N/A
Other: None