CC6010 - Digital Investigation and E-Discovery (2024/25)
Module specification | Module approved to run in 2024/25 | ||||||||||||
Module title | Digital Investigation and E-Discovery | ||||||||||||
Module level | Honours (06) | ||||||||||||
Credit rating for module | 30 | ||||||||||||
School | School of Computing and Digital Media | ||||||||||||
Total study hours | 300 | ||||||||||||
|
|||||||||||||
Assessment components |
|
||||||||||||
Running in 2024/25(Please note that module timeslots are subject to change) |
|
Module summary
Digital crimes are becoming far more sophisticated and harder to fight against. Therefore the need for educating cybersecurity, investigation, and e-Discovery professionals is more critical than ever-there is a large talent gap for people with these skills. It is imperative to explore advanced detective and preventive technology in combating the ever-changing digital and cybercrimes. This module provides knowledge of how to detect and prevent digital crimes and cyber incident at both law enforcement and corporate level. In this module, students are also prepared for their career as a professional working in Cyber security and notably the digital investigation and e-discovery domains. It provides students with practical knowledge and skills needed to succeed in the external exam from the certification of CompTIA Security+.
Prior learning requirements
Successful completion of level 5 ‘CC5065’ and ‘CC5066’ or equivalent APL (Top-Up)
Syllabus
• Introduction and reviews of new digital crime, cyber threat and digital assets misuse. (LO1, LO2, LO3)
• Investigating digital crime using the appropriate resources and approaches for both law enforcement and corporate e-discovery; including data detection, recovery, processing, and validation. Preserving critical data and perform targeted, remote collections in context of e-discovery. (LO3, LO4, LO6)
• Detecting Data Exfiltration and Unauthorized Browsing using E-discovery approach; detecting Insider Threats and Advanced Persistent Threats. (LO3, LO4, LO5)
• Data-hiding detection and investigation techniques for selected media types and approaches; digital watermarking and media signature, detecting copying. (LO3, LO5)
• Steganography in different types of media such as textual data, images, audio, and streaming media. (LO6)
• Data mining security, associated crime detection, and criminal behaviour. (LO4, LO5, LO6)
• Real-time analytical techniques for detecting security events on active systems and networks (e.g. intrusion and exfiltration detection). (LO4, LO5, LO6)
• preparing for the CompTIA Security+ examination which includes:
- Network security
- Compliance and operational security
- Threats and vulnerabilities
- Application, data and host security
- Access control and identity management. (LO7)
Balance of independent study and scheduled teaching activity
•A process of personal development planning takes place throughout the course to help students to think about and make sense of what is being learnt and why, plan ahead and relate to what has been learned and their own future.
•Students will be expected and encouraged to produce such as reflective commentaries and graduation statements on the learning activities and tasks that they carry out to complete their work.
•Students are invited to include PDP via learning journals, case books, annotated sketchbooks, and/or blog environment.
Learning outcomes
On successful completion of the module students will be able to:
- LO1: identify and apply major developments in the digital crime investigation and E-discovery field.
- LO2: demonstrate an understanding of how advances in digital technology are related to criminal behaviour.
- LO3: appreciate the relationships between the advances in digital technology such as encryption, data hiding techniques and obstruction and their retrieval.
- LO4: evaluate and select appropriate tools and techniques for the detection and prevention of digital crime and e-discovery.
- LO5: perform a digital forensic analysis using suitable the appropriate investigation tools and approaches on different types of crime, platforms and contexts.
- LO6: Understand the e-discovery landscape through the Electronic Discovery Reference Model (EDRM) and notably Identification, Preservation, Collection, Processing, Review & Analysis, Production and Presentation.
- LO7: be familiar with the different approaches that can be applied to real-time cybercrime investigation at law enforcement level and e-discovery at corporate level.
- LO8: be prepared for the CompTIA Security+ certification exam.
Bibliography
Reading List:
https://rl.talis.com/3/londonmet/lists/9D3EABB4-9CC8-CB9E-A36E-02F8948839B6.html?lang=en&login=1