module specification

CC5065 - Computer and Mobile Forensics (2022/23)

Module specification Module approved to run in 2022/23
Module title Computer and Mobile Forensics
Module level Intermediate (05)
Credit rating for module 15
School School of Computing and Digital Media
Total study hours 150
35 hours Assessment Preparation / Delivery
70 hours Guided independent study
45 hours Scheduled learning & teaching activities
Assessment components
Type Weighting Qualifying mark Description
Coursework 70%   CW a practical case study 1500 words online submission
Unseen Examination 30%   1 hour unseen written exam
Running in 2022/23

(Please note that module timeslots are subject to change)
Period Campus Day Time Module Leader
Autumn semester North Monday Afternoon

Module summary

This module addresses the growing demand from law enforcement departments, security agencies and commercial organisations for skilled practitioners in Computer forensics. Computer forensic investigation requires an understanding of computer-related crimes, an appreciation of relevant laws, a high level of technical expertise, a methodical approach to investigation, and the ability to explain complex technical ideas simply. This module introduces the principles of computer forensics, develops the digital forensic analysis knowledge and skills required by the discipline, and prepares students for the career as a computer forensic investigator.

Prior learning requirements

Successful completion of level 4 or equivalent


• History of computer and mobile forensics, the use of electronic evidence, and scientific techniques in computer and mobile forensic investigations. [LO1, LO2]
• Digital evidence law, ethics, and ethical responsibilities of studying computer forensics. [LO1]
• New developments in computed and mobile crimes based on the latest technology, including cloud, mobile devices, smartphones, and Internet of Things. [LO1, LO2]
• Professional guidelines and policies in the discipline of digital forensics, such as those defined by the Association of Chief Police Officers (ACPO). [LO4, LO5]
• Principles of computer and mobile forensic investigation, control of a crime scene, and securement and verification of authenticity of evidence.  [LO4]
• Computer and mobile forensic tools and applications, the functionality of a range of computer forensic tools, benefits and short comes/limitations of various computer forensics tools, e.g. EnCase, FTK, UFED and XRY. [LO3]
• Investigative plans and forensic workstations set up for specific investigations, and outlines of step-by-step processes for retrieving potential evidence. [LO3, LO4]
• Image files on an evidence disk, examinations and recovery of image files, data compression, mobile physical and logical data acquisition and imaging. [LO4, LO5]
• Dealing with deleted files and slack space, and acquisition of data from a suspect's drive with special tools. [LO5]
• mobile and E-crimes and violations, email forensic investigations, and popular e-mail forensic tools. [LO5]
• Communicating and presenting investigative findings in such ways that they meet the standards expected in a court of law [LO1, LO6]
• Expert witness and reporting results of investigations in a court of law. [LO6]
• General introduction to forensic examinations on mobile devices. [LO5, LO6]

Balance of independent study and scheduled teaching activity

• A process of personal development planning takes place throughout the course to help students to think about and make sense of what is being learnt and why, plan ahead and relate to what has been learned and their own future.
• Students will be expected and encouraged to produce such as reflective commentaries and graduation statements on the learning activities and tasks that they carry out to complete their work.
• Students are invited to include PDP via learning journals, case books, annotated sketchbooks, and/or blog environment.

Learning outcomes

By the end of this module, students should be able to:
LO1. develop a broader understanding of the relevant computer crime, law and computer forensics literature and explain the particular legal, ethical and professional challenges facing the computer forensics practitioners;
LO2. discuss the basic principles of computer forensics and describe the role computer forensics plays in deterring and detecting computer and mobile crime;
LO3. appreciate and explain the basic tools including the hardware and software, required in the investigations.
LO4. understand the nature of computer forensic investigation, control of a crime scene, and securement and verification of authenticity of evidence.
LO5. undertake a complete computer and mobile forensic investigation starting from  acquisition to analysis by applying appropriate principles of digital forensics whilst preserving evidential integrity throughout the process and applying appropriate legal and procedural principles.
LO6. Give a forensic interpretation to findings obtained from computer and mobile evidence and communicate and present investigative findings in such ways that they meet the standards expected in a court of law.

Assessment strategy

Coursework  is a report (1500 words) for case study practical digital forensic investigation. Students will be using professional tools and frameworks available in the cyber security  lab to conduct a forensic investigation and conclude the investigation by a report to be submitted online. The coursework is designed to enhance learning by offering a case study in computer and mobile devices investigation and the opportunities to put in practice the skills acquired during the workshops [LO5,6].

The workshop materials, activities and informal feedback opportunities in the class and workshops will be used to support student learning and provide support for tackling coursework.  Formative assessment and feedback opportunities will be provided to develop student understanding of the subject.

The summative exam will be used to assess students’ deeper understanding of the concepts [LO1-5] and will be inspired (similar but lighter version from AccessData Certified Investigator exam) which is one of the entry level certification which tests the investigator’s basic knowledge of AccessData's Forensic Toolkit, FTK Imager, Registry Viewer, and Password Recovery Toolkit.


Reading List:
Core Text:
• Gerard Johansen,  2020, Digital forensics and incident response: incident response techniques and procedures to respond to modern cyber threats, 2nd edition, Packt Publishing
• Solomon Michael G. & Barrett D. & Broom N., 2011, Computer Forensics Jump Start, SYBEX
• Bryant R. & et al. 2008, Investigating Digital Crime, Wiley
• Nelson B. & Philips A. & Enfinger F. & Steuart C., 2016, Guide to Computer Forensics and Investigations, 5th edition, Cengage Learning Course Technology
Other Texts:
• Kruse II  W. G. & Heiser J. G., 2002, Computer Forensics: incident response essentials, Addison Wesley
• Jones K. J. & Bejtlich R. & Rose C. W., 2006, Real Digital Forensics Computer Security and Incident Response, Addison-Wesley
• Carrier B., 2005, File Systems Forensic Analysis, Addison-Wesley
• Farmer D. & Venema W., 2005, Forensic Discovery, Addison-Wesley
• Britz M. T., 2004, Computer Forensics and Cyber Crime, Pearson Prentice Hall

• IEEE transactions on information forensics and security, IEEE Signal Processing Society, 2006 Quarterly
• Digital forensics magazine [electronic resource], TR Media, Quarterly, Began with Issue 01 (Nov. 2009)
Electronic Databases:
• Westlaw, UK [electronic resource], Sweet and Maxwell
Social Media Sources: N/A
Other: None