Module Descriptors
DIGITAL FORENSICS FUNDAMENTALS
COMP50110
Key Facts
Digital, Technology, Innovation and Business
Level 5
20 credits
Contact
Leader: Pantaleon Lutta Odongo
Email: pantaleon.lutta@staffs.ac.uk
Hours of Study
Scheduled Learning and Teaching Activities: 28
Independent Study Hours: 30
Total Learning Hours:
Pattern of Delivery
- Occurrence A, Stoke Campus, UG Semester 2
- Occurrence B, Stoke Campus, UG Semester 3
Sites
- Stoke Campus
Assessment
- PORTFOLIO OF DIGITAL FORENSICS ACTIVITIES weighted at 30%
- REPORT - 3000 WORDS weighted at 70%
Module Details
LEARNING OUTCOMES
1. Critically evaluate and apply forensic theories, methodologies and standards
Knowledge & Understanding
2. Plan & execute digital forensic acquisitions ensuring a defensible chain of custody
Problem Solving
Application
3. Analyse digital evidence including NTFS/MFT/registry artefacts to reconstruct events
Application
Analysis
4. Produce structured digital forensic reports demonstrating ethical and legal requirements for specialist & lay audiences
Learning
Communication
Enquiry
Knowledge & Understanding
2. Plan & execute digital forensic acquisitions ensuring a defensible chain of custody
Problem Solving
Application
3. Analyse digital evidence including NTFS/MFT/registry artefacts to reconstruct events
Application
Analysis
4. Produce structured digital forensic reports demonstrating ethical and legal requirements for specialist & lay audiences
Learning
Communication
Enquiry
ADDITIONAL ASSESSMENT DETAILS
Portfolio of Digital Forensic Activities 30%
You will undertake a series of activities using specialist digital forensic tools during the module launch week. You will undertake the analysis of these recovered artifacts to form a portfolio of tasks demonstrating your digital forensic knowledge and skills.
(Learning Outcomes 2 and 3)
Report 70%
A report demonstrating your understanding of the science of the digital forensics, methodologies, tools, techniques, and standards used in forensic investigations. As a forensic investigator, you will need to conduct a digital forensic and you will be required to obtain and present any located evidence suggesting criminality, or any information of note e.g. account names, passwords, images, and files etc, to different audiences. As part of your submission you are required to create sections suitable for a highly technical audience and a more accessible versions for non-technical audiences. (Learning Outcomes 1, 4)
Assessing aspects of the following KSBs from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K5: Operating System principles, architectures, features, mechanisms, security features and exploits
S5: Configure an Operating System in accordance with security policy. Identify threats and features
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K14: Structured and ethical intelligence analysis, methods, techniques
S14: Undertake ethical system reconnaissance and intelligence analysis
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K16: Quantitative & qualitative risk management theory & practice, role of risk stakeholders
S16: Undertake risk assessment to an external standard
K22: How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques
S22: Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours
K23: Cyber incident response, management, escalation, investigation & 3rd party involvement
S23: Manage intrusion response, including with 3rd parties
K24: Legal, regulatory, compliance & standards environment
K25: Applicability of laws regulations & ethical standards
S25: Organise testing & investigation work in accordance with legal & ethical requirements
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B1: Fluent in written communications and able to articulate complex issues.
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations.
B10: Can conduct effective research, using literature and other media.
B11: Logical thinking and creative approach to problem solving.
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make).
B15: A thorough approach to work in the cyber security role.
You will undertake a series of activities using specialist digital forensic tools during the module launch week. You will undertake the analysis of these recovered artifacts to form a portfolio of tasks demonstrating your digital forensic knowledge and skills.
(Learning Outcomes 2 and 3)
Report 70%
A report demonstrating your understanding of the science of the digital forensics, methodologies, tools, techniques, and standards used in forensic investigations. As a forensic investigator, you will need to conduct a digital forensic and you will be required to obtain and present any located evidence suggesting criminality, or any information of note e.g. account names, passwords, images, and files etc, to different audiences. As part of your submission you are required to create sections suitable for a highly technical audience and a more accessible versions for non-technical audiences. (Learning Outcomes 1, 4)
Assessing aspects of the following KSBs from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K5: Operating System principles, architectures, features, mechanisms, security features and exploits
S5: Configure an Operating System in accordance with security policy. Identify threats and features
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K14: Structured and ethical intelligence analysis, methods, techniques
S14: Undertake ethical system reconnaissance and intelligence analysis
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K16: Quantitative & qualitative risk management theory & practice, role of risk stakeholders
S16: Undertake risk assessment to an external standard
K22: How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques
S22: Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours
K23: Cyber incident response, management, escalation, investigation & 3rd party involvement
S23: Manage intrusion response, including with 3rd parties
K24: Legal, regulatory, compliance & standards environment
K25: Applicability of laws regulations & ethical standards
S25: Organise testing & investigation work in accordance with legal & ethical requirements
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B1: Fluent in written communications and able to articulate complex issues.
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations.
B10: Can conduct effective research, using literature and other media.
B11: Logical thinking and creative approach to problem solving.
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make).
B15: A thorough approach to work in the cyber security role.
INDICATIVE CONTENT
Introduction to Digital Forensics/The Scope of Computer Forensics
Forensic Fundamentals: investigation lifecycle, standards (ISO 27037), tool selection
Windows Operating and File Systems
Windows Artefact Analysis: NTFS internals, MFT, registry artefacts
Incidence response
Evidence Acquisition & Imaging: write-blocking, FTK Imager, hashing algorithms, chain of custody
Acquiring Evidence in a Computer Forensics Lab
Online Investigations
Documenting an Investigation
Reporting & Presentation: structured reporting, stakeholder communication, non-technical summaries
Admissibility of Digital Evidence
Legal & Ethical Context: Data Protection Act, GDPR, admissibility, ethical decision-making
Network Forensics
Mobile Forensics
Photograph Forensics
Video Forensics
Vehicle Forensics
Mac Forensics
Use of forensic tools such as EnCase, FTK Imager, Autopsy, XRY, Wireshark
Forensic equipment such as write-blockers and imaging capability
IR strategy
This module will support the development and assessment of the following KSBs from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K5: Operating System principles, architectures, features, mechanisms, security features and exploits
S5: Configure an Operating System in accordance with security policy. Identify threats and features
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K13: Human dimensions of cyber security
S13: Assess culture & individual responsibilities
K14: Structured and ethical intelligence analysis, methods, techniques
S14: Undertake ethical system reconnaissance and intelligence analysis
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K16: Quantitative & qualitative risk management theory & practice, role of risk stakeholders
S16: Undertake risk assessment to an external standard
K19: How to compose a justified security case
S19: Design & evaluate a system to a security case
K22: How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques
S22: Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours
K23: Cyber incident response, management, escalation, investigation & 3rd party involvement
S23: Manage intrusion response, including with 3rd parties
K24: Legal, regulatory, compliance & standards environment
K25: Applicability of laws regulations & ethical standards
S25: Organise testing & investigation work in accordance with legal & ethical requirements
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B1: Fluent in written communications and able to articulate complex issues
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations
B10: Can conduct effective research, using literature and other media
B11: Logical thinking and creative approach to problem solving
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make)
B15: A thorough approach to work in the cyber security role
Learning within this module maps to the following Fundamental British Values:¿¿
Tolerance
Rule of law
Democracy
Learning within this module maps to the following principles of Safeguarding & Prevent:¿
Preventing radicalisation
Duty of care
Reporting and accountability
Protecting from harm
Learning within this module maps to the following principles of Equality, Diversity & Inclusion:¿
Accessibility in cyber security
Forensic Fundamentals: investigation lifecycle, standards (ISO 27037), tool selection
Windows Operating and File Systems
Windows Artefact Analysis: NTFS internals, MFT, registry artefacts
Incidence response
Evidence Acquisition & Imaging: write-blocking, FTK Imager, hashing algorithms, chain of custody
Acquiring Evidence in a Computer Forensics Lab
Online Investigations
Documenting an Investigation
Reporting & Presentation: structured reporting, stakeholder communication, non-technical summaries
Admissibility of Digital Evidence
Legal & Ethical Context: Data Protection Act, GDPR, admissibility, ethical decision-making
Network Forensics
Mobile Forensics
Photograph Forensics
Video Forensics
Vehicle Forensics
Mac Forensics
Use of forensic tools such as EnCase, FTK Imager, Autopsy, XRY, Wireshark
Forensic equipment such as write-blockers and imaging capability
IR strategy
This module will support the development and assessment of the following KSBs from the CSTP Apprenticeship Standard:
K1: Foundations of cyber security, its significance, concepts, threats, vulnerabilities and assurance
K5: Operating System principles, architectures, features, mechanisms, security features and exploits
S5: Configure an Operating System in accordance with security policy. Identify threats and features
K12: Threats, vulnerabilities, impacts and mitigations in ICT systems and the enterprise environment
S12: Discover, identify and analyse threats, attack techniques, vulnerabilities and mitigations
K13: Human dimensions of cyber security
S13: Assess culture & individual responsibilities
K14: Structured and ethical intelligence analysis, methods, techniques
S14: Undertake ethical system reconnaissance and intelligence analysis
K15: Management of cyber security risk, tools and techniques
S15: Undertake risk modelling, analysis and trades
K16: Quantitative & qualitative risk management theory & practice, role of risk stakeholders
S16: Undertake risk assessment to an external standard
K19: How to compose a justified security case
S19: Design & evaluate a system to a security case
K22: How to diagnose cause from observables. Application of SIEM (Security Information and Event Management) tools & techniques
S22: Security monitoring, analysis and intrusion detection. Recognise anomalies & behaviours
K23: Cyber incident response, management, escalation, investigation & 3rd party involvement
S23: Manage intrusion response, including with 3rd parties
K24: Legal, regulatory, compliance & standards environment
K25: Applicability of laws regulations & ethical standards
S25: Organise testing & investigation work in accordance with legal & ethical requirements
K26: Legal responsibilities of system owners, users, employers, employees
S26: Develop & apply information security policy to implement legal or regulatory requirements
B1: Fluent in written communications and able to articulate complex issues
B8: Analytical and critical thinking skills for Technology Solutions development and can systematically analyse and apply structured problem-solving techniques to complex systems and situations
B10: Can conduct effective research, using literature and other media
B11: Logical thinking and creative approach to problem solving
B12: Able to demonstrate a ‘security mind-set’ (how to break as well as make)
B15: A thorough approach to work in the cyber security role
Learning within this module maps to the following Fundamental British Values:¿¿
Tolerance
Rule of law
Democracy
Learning within this module maps to the following principles of Safeguarding & Prevent:¿
Preventing radicalisation
Duty of care
Reporting and accountability
Protecting from harm
Learning within this module maps to the following principles of Equality, Diversity & Inclusion:¿
Accessibility in cyber security
WEB DESCRIPTOR
This module introduces you to the scope and practice of digital forensics, covering the full investigation lifecycle in line with standards such as ISO 27037. You will examine file systems (particularly Windows), analyse system artefacts like NTFS and registries, and perform evidence acquisition using forensic tools like FTK Imager, Autopsy, and EnCase. Alongside the practical skills the module emphasizes documenting findings, structured reporting, and presenting evidence clearly to stakeholders. Legal and ethical considerations, including GDPR, the Data Protection Act, and admissibility of evidence, are explored throughout. You'll also develop skills in ethical analysis, intrusion detection, and the use of SIEM tools.
LEARNING STRATEGIES
This module will be delivered in a blended learning mode consisting of face-to-face, online and guided learning sessions.
Teaching sessions will blend theory and practical learning, and most importantly where possible will seek to be contextualised in your workplace as part of your apprenticeship. You will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, you will be provided with a range of resources for independent study such as case studies, academic papers and industry case studies. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help you build knowledge and confidence in preparation for summative (formal) assessment.
The delivery will be delivered as follows:
Module Launch week: 12 hours.
There will be a module launch week with up to 12 hours of face-to-face contact time devoted to developing your understanding of the core purpose and assessment of the module. You will be presented with details of how the learning will be structured and how to access to the learning materials for the remainder of the module.
During launch week you will undertake a series of digital forensic activities that will be used as part of the practical assessment.
Structured Learning Sessions: 15 hours
Following the module launch week you will have a further 15 hours of attendance-based contact time as a class with the module team. This will typically be as 10 x 1.5-hour online classes. Classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars. Some sessions maybe in flipped classroom style, where you will be expected to watch online recordings, read materials or respond to practical activities in preparation for active engagement with problem solving in the online session.
1:1 Progress Checks: 1 hour
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20-minute meetings). Some of these may be in small groups if appropriate. These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.
Assignment Development: Time 60 hours
A typical assignment will take you around 60 hours to complete.
This module includes 58 off-the-job (OTJ) training hours as standard, covering new learning funded by the apprenticeship levy. A total 200 nominal learning hours has been attributed to this module, incorporating OTJ training alongside broader academic development beyond levy-funded new learning.
Teaching sessions will blend theory and practical learning, and most importantly where possible will seek to be contextualised in your workplace as part of your apprenticeship. You will be introduced to curriculum concepts and ideas and will then be able to apply theory to practical examples. In addition, you will be provided with a range of resources for independent study such as case studies, academic papers and industry case studies. There will be a mixture of practical and theoretical formative (mock or practice) exercises which will help you build knowledge and confidence in preparation for summative (formal) assessment.
The delivery will be delivered as follows:
Module Launch week: 12 hours.
There will be a module launch week with up to 12 hours of face-to-face contact time devoted to developing your understanding of the core purpose and assessment of the module. You will be presented with details of how the learning will be structured and how to access to the learning materials for the remainder of the module.
During launch week you will undertake a series of digital forensic activities that will be used as part of the practical assessment.
Structured Learning Sessions: 15 hours
Following the module launch week you will have a further 15 hours of attendance-based contact time as a class with the module team. This will typically be as 10 x 1.5-hour online classes. Classes which will be a combination of activities including lectures, demonstrations, discussions, tutorials and seminars. Some sessions maybe in flipped classroom style, where you will be expected to watch online recordings, read materials or respond to practical activities in preparation for active engagement with problem solving in the online session.
1:1 Progress Checks: 1 hour
As a Blended Learner understanding your progress can be a challenge so you are allocated an hour of 1:1 time with your tutor (typically 3 x 20-minute meetings). Some of these may be in small groups if appropriate. These sessions may be used to discuss key topics, troubleshoot solutions, review working drafts etc.
Assignment Development: Time 60 hours
A typical assignment will take you around 60 hours to complete.
This module includes 58 off-the-job (OTJ) training hours as standard, covering new learning funded by the apprenticeship levy. A total 200 nominal learning hours has been attributed to this module, incorporating OTJ training alongside broader academic development beyond levy-funded new learning.
TEXTS
Abd El-Latif, A. A. (Ed.). (2024). Digital forensics and cyber crime investigation: recent advances and future directions. Springer.
Reveron, D. S. (2024). Security in the cyber age. Georgetown University Press.
David, M. (2023). Networked crime. Routledge.
Madsen, T. (2022), Security Architecture – How & Why (River Publishers Series in Security and Digital Forensics), River Publishers; 1st edition
Holt, T, J et. al. (2022), Cybercrime and Digital Forensics: An Introduction, Routledge; 3rd edition
Johansen, G, (2022), Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response, 3rd Edition, Packt Publishing; 3rd edition
Oettinger, G. (2022), Learn Computer Forensics: Your one-stop guide to searching, analysing, acquiring, and securing digital evidence, 2nd Edition, Packt Publishing; 2nd edition
Mullins, M. (2022), Cyber Security Awareness: Employee Handbook, Kindle Edition
Anderson, R. (2021), Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, Wiley, 3rd Edition
Hayes, D. R. (2020) A Practical Guide to Computer Forensics Investigations. Pearson Education.
Kävrestad, J. (2020) Fundamentals of Digital Forensics. Springer International Publishing.
Le-Khac, N. A., & Choo, K. K. R. (2020) Cyber and Digital Forensic Investigations. Springer International Publishing.
Casey, E. (2019) Handbook of digital forensics and investigation. Academic Press.
Sheward, M., (2018). Hands-on incident response and digital forensics. BCS Publishing.
IEEE Transactions on Information Forensics and Security.
IEEE Security & Privacy.
ScienceDirect - Forensic Science International: Digital Investigation
Reveron, D. S. (2024). Security in the cyber age. Georgetown University Press.
David, M. (2023). Networked crime. Routledge.
Madsen, T. (2022), Security Architecture – How & Why (River Publishers Series in Security and Digital Forensics), River Publishers; 1st edition
Holt, T, J et. al. (2022), Cybercrime and Digital Forensics: An Introduction, Routledge; 3rd edition
Johansen, G, (2022), Digital Forensics and Incident Response: Incident response tools and techniques for effective cyber threat response, 3rd Edition, Packt Publishing; 3rd edition
Oettinger, G. (2022), Learn Computer Forensics: Your one-stop guide to searching, analysing, acquiring, and securing digital evidence, 2nd Edition, Packt Publishing; 2nd edition
Mullins, M. (2022), Cyber Security Awareness: Employee Handbook, Kindle Edition
Anderson, R. (2021), Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd Edition, Wiley, 3rd Edition
Hayes, D. R. (2020) A Practical Guide to Computer Forensics Investigations. Pearson Education.
Kävrestad, J. (2020) Fundamentals of Digital Forensics. Springer International Publishing.
Le-Khac, N. A., & Choo, K. K. R. (2020) Cyber and Digital Forensic Investigations. Springer International Publishing.
Casey, E. (2019) Handbook of digital forensics and investigation. Academic Press.
Sheward, M., (2018). Hands-on incident response and digital forensics. BCS Publishing.
IEEE Transactions on Information Forensics and Security.
IEEE Security & Privacy.
ScienceDirect - Forensic Science International: Digital Investigation
RESOURCES
Specialist Digital Forensics Laboratory with CISCO equipment and equivalent simulation tools
Wireshark, FTK Imager, EnCase, Autopsy, XRY
Wireshark, FTK Imager, EnCase, Autopsy, XRY