Computers are central to all aspects of our daily lives; as industries ranging from communications to banking have come to rely on them, the need for improved computer security has never been greater. This course focusses on two aspects of Cyber Security: analysis and assessment of risk plus how to minimise it, and, how to extract and use digital information from a wide range of systems and devices. The course is structured so that all students cover the same introductory material, but then choose to specialise in either Cyber Security or Digital Forensics.
Students taking the course will gain an understanding of the nature of the security threats that face computer systems and the type of information that is stored on digital devices (and how it can be extracted from them). They will benefit from a broad and varied array of state-of-the-art technologies, including:
- EnCase, FTK and open-source forensic tools, and a dedicated forensics computer laboratory
- Specialist input from guest lecturers
- Over 20 university computing laboratories providing access to Unix, Novell and NT servers, all supported by high-bandwidth networks
- Specialist technicians to ensure you can get the most out of these technologies.
All students will take the core modules which are designed to give a comprehensive introduction to this specialist field. They will cover basic digital forensics and network security, and also cover computer system tools and the UNIX operating system. Dealing with digital evidence in a professional manner (that includes adhering to appropriate legal guidelines) is also covered. You will then follow either the Cyber Security or Digital Forensics pathway within the course (though each lead to the same named degree: the pathways are simply opportunities to specialise within the field). In addition, all students will take a Research Methods module and complete a project module.
The course offers the opportunity to examine a variety of tools available on the open market, and the use of forensic tools to retrieve data from electronic sources. It will also consider the analysis of professional and ethical issues relating to computer security and forensics, and the development of professional competencies, such as report writing and presenting evidence in court.
Teaching methods include lab-based sessions, student-led tutorials and lectures by internal staff and guest speakers from industry. Our courses are offered by friendly, highly experienced staff, and benefit from the diverse specialist knowledge and skills within the departments of the Faculty. Assessments will be carried out mostly through practical or research-based course work.
The following modules are indicative of what you will study on this course.
Computer Forensics Fundamentals
This module gives you an introduction to some of the general concepts of computer forensics, as well as helping you to develop the skills that will be needed on other modules. You will cover in detail the layout of volumes on storage devices, and file systems within volumes, with particular emphasis on the FAT file system. You will learn to look at raw devices using low-level tools like hex editors, and consider how security considerations should affect software design and implementation.
Computer System Tools
This module commences by giving you a hands-on introduction to the UNIX operating system. You will look at a range of tools that might be used by a forensic examiner: this will include high-level tools like EnCase, FTK and Autopsy, although your main focus will be on low-level tools such as dd and the Sleuthkit tools, as these help to develop your understanding of what (and how) the higher level tools are actually doing. You will also learn to use basic system tools such as grep. In addition you will learn a scripting language so that you can develop your own forensic tools.
Evidence and Procedure
You will examine the legal obligations of computer forensics, gaining an understanding of the relevant statutes and industry guidelines, and of proving the authenticity of evidence via a chain of custody from collecting evidence through to presenting findings in a professional manner. The module also aims to provide you with a broad understanding of the professional factors that influence the work of professional practitioners, particularly in the context of the 'Expert Witness'.
The module will cover the basics of how networks work, what the specific threats to networks are, and how they might be ameliorated.
Postgraduate Project Module
This module is the culmination of the course. It is an opportunity for you to put into practise many of the skills learned elsewhere on the course. It is a major piece of work on a topic chosen by you (normally, this topic will be chosen as part of the Research Methods module). You will undertake this work individually, and will be assigned a project supervisor to assist with and guide the development of the project.
This module is shared with other MSc courses run by the Department. Its main focus is on introducing you to research, and developing the skills you need to read and evaluate original research literature. This in turn leads into the Project, and a major outcome of the module should be a Project Proposal. In addition, the module addresses certain aspects of Personal Development Planning (PDP).
Digital Forensics pathway
Data Recovery and Analysis
You will cover many of the most important concepts of digital forensics through this module, including various methods of data recovery (noting those that meet ACPO guidelines for evidence preservation). Analysis of the data will include finding and recovering deleted files, searching slack space on storage devices, examining log and registry entries, and constructing timelines of activity.
Advanced Comouter Forensics
This module continues the examination of essential digital forensics concepts. The topics you will cover include network forensics, live systems, mobile phones and other devices. A further aim of the module is to introduce you to developing areas of computer forensics, and provide you with the skills to investigate new areas of computer forensics, such as covert analysis and intruder artefacts.
Cyber Security pathway
You will examine the issues involved with business continuity and disaster recovery planning, and environmental security.
Threats and Countermeasures
This module will look at system architectures and how systems can be defended; it will include consideration of the threat to security posed by legitimate users of the system and behavioural issues.
Depending on their chosen pathway graduates of the course are expected to find employment as information security/senior security officers and related cyber security roles or more technical roles investigating threats and safeguarding digital assets their life-cycle. Such roles will range from supporting industry, the public sector in general and the police and law enforcement agencies specifically, while some may focus more on researching new security threats and countermeasures. Additional also arrive for a supportive alumni community, including graduates with work experience who use their new skills and qualification to progress their career to more senior posts.
This school offers programs in:
Last updated March 1, 2017