module specification

CC7179 - Digital Forensics (2024/25)

Module specification Module approved to run in 2024/25
Module title Digital Forensics
Module level Masters (07)
Credit rating for module 20
School School of Computing and Digital Media
Total study hours 200
100 hours Guided independent study
48 hours Scheduled learning & teaching activities
52 hours Assessment Preparation / Delivery
Assessment components
Type Weighting Qualifying mark Description
Coursework 50%   An investigative case study and a technical report (2500 words) - online submission
Unseen Examination 50%   Two-hour unseen written exam
Running in 2024/25

(Please note that module timeslots are subject to change)
No instances running in the year

Module summary

This module addresses the growing demand from police forces, security agencies and commercial organisations for skilled professionals in this developing area. It covers such topics: digital crime activities and their prosecution, digital forensic & digital evidence, digital forensic process tools, and the legal and regulatory issues.

The aim of this module is to provide students with the knowledge of preservation and extraction of relevant digital evidence from main stream digital equipment, including computers, computer networks (including the cyber space/Internet), and other digital devices in appropriate procedures, tools and techniques. The students will be able to expand their knowledge of how computers operate and communicate as well as issues related to networking and web technologies in order to develop the skills required to be able to use computers as a crime investigative tool.


Digital forensics, digital evidence, forensic analysis and interpretation of digital evidence
• Legal issues, and scientific technologies in forensic investigations
• Current digital forensic investigation tools and evaluation of their strengths and weaknesses, and the investigator's office/laboratory
• Nature of a typical digital forensic case, control of a crime scene, and protection and verification of authenticity of digital evidence
• Investigative plans and forensic workstations set up for specific investigations, and outlines of process of retrieving potential digital evidence
• Dealing with the deleted and slack spaces to find the evidence from a suspect's drive and the relevant specialist tools available
• Image files on an evidence disk, use of image recovery tools, data compression, restoring graphics, and steganography
• Tools and methods involved in network-centred forensic investigations, and an overview of using network logs to collect evidence of a network intrusion incident or a crime
• E-mail crimes and violations and their forensics investigations, plus popular e-mail forensic tools.
• Modern digital devices and their forensics investigations

Balance of independent study and scheduled teaching activity

Students will develop theoretical understanding and practically investigative skills based on weekly lectures, tutorials and supervised workshops.  The workshops, in particular, are provided to support students in gaining practical experience in digital forensic investigations.

Appropriate blended learning approaches and technologies, such as, the University’s VLE and industry-strength digital forensic tools, will be used to facilitate and support student learning, in particular, to:
• deliver content;
• encourage active learning;
• provide formative and summative assessments, and prompt feedback;
• enhance student engagement and learning experience.

Students will be expected and encouraged to produce reflective commentaries on the learning activities and tasks that they carry out to complete their work.

Learning outcomes

By the end of this module students should be able to:
LO1. Appreciate the principles of digital forensic process and appreciate where and how these principles should be applied;
LO2. Critically understand and discuss the digital evidence obtained from forensics investigations and their interpretations in a tribunal/court procedure;
LO3. Appreciate the legal and procedural issues and be aware of the documentary and evidentiary standards expected in presenting investigative findings in a court of law.
LO4. Produce systems designs for computer systems to aid in criminal investigations.
LO5. Analyse and evaluate the professional requirements of a digital forensics practitioner, and to critically discuss the challenges facing the digital forensic practitioners.