Education

• Prospective Students
• Forensic Computing & Cybercrime Investigation Programmes
  (Law Enforcement Only)
• Msc Forensic Computing & Cybercrime Investigation
• Continuous Professional Development Modules (FCCI)
• Graduate Diploma Forensic Computing & Cybercrime Investigation
• Graduate Certificate Forensic Computing & Cybercrime Investigation
• MSc in Digital Investigation & Forensic Computing
• General Information for Prospective Students
• Current Students
• Alumni
• Online Learning

Module Options:
Semester 1 (September to December)

COMP40100 Computer Forensics (10 Credits)*

Lecturer: Dr. Pavel Gladyshev Duration: 12 Weeks

This course covers forensic analysis of a stand-alone computer system. The emphasis is on the analysis of personal computers Running Windows operating system.
The topics covered include:

• Foundations: Time Standards & Data Representation
• Sources of Evidence in Computer System
• Overview of Investigation process
• Introduction to File System Forensics

In addition the course comprises two one-day workshops during the annual examination period covering a Crime scene search and Disk imaging & live forensics.

Module accreditation requires attendance in UCD for a mandatory workshop and examination. Examination of this module takes place during either the December or summer examination sessions.

* COMP 40100 Computer Forensics is one of the four FCCI foundation modules, which all MSc students are encouraged to take as part of their first year.

COMP40110 Network Investigations (10 Credits)*

Lecturer: Dr. Nhien An Le KhacDuration: 12 Weeks

This module introduces elements of computer network technology relevant to investigations of cyber crimes, common network- oriented investigation techniques, and sources of evidence beyond suspect's computer.
The topics covered include:

• Networking Concepts
• Internet Protocols
• Cryptography
• Network Analysis
• Web Forensics
• Email Forensics
• IRC and BotNets

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

* COMP 40110 Network Investigation is one of the four FCCI foundation modules, which all MSc students are encouraged to take as part of their first year.

COMP41650 Malware Investigations (10 Credits)

Lecturer: Mr. Robert McArdleDuration: 12 Weeks

This module is aimed at teaching students how to investigate crimes directed against computer systems themselves.
The topics covered include:

• Offences related to hacking as defined by the CoE Convention on Cybercrime
• Introduction to malware
• "Business models" of malware
• Introduction to malware analysis
• Determining purpose of unknown executable

In addition to usual assignments, this module features a realistic investigation project simulating a malware based intrusion investigation.

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

COMP41560 Mobile Phone Forensics (5 Credits)

Lecturer: Mr. Pat MorrisseyDuration: 12 Weeks

This module covers principles and theory as well as hands-on practical skills required to perform mobile phone forensics.
The topics covered include:

• Mobile Phone Forensic Challenges
• Seizure and Handling of Mobile Phone Evidence
• Mobile Devices and Their Components
• Introduction to Mobile Phone Networks
• Examination Tools
• SIM UICC

The course is complemented by two full day workshops and an in-depth project about analysis of mobile phone hex dumps.

Module accreditation requires attendance in UCD for a mandatory workshop and examination. Examination of this module takes place during either the December or summer examination sessions.

COMP41660 Live Data Forensics (10 Credits)

Lecturer: Mr. Joshua JamesDuration: 12 Weeks

Live Data Forensics is a term describing tools, techniques, and procedures for preservation and analysis of volatile evidence contained in the main memory (RAM) of a computer system.
The topics covered include:

• Introduction to Live Data Forensics
• Overall Process of Live Data Forensics
• Site search preparation
• RAM Acquisition Tools (Software, Hardware)
• RAM Analysis Tools
• System Information Gathering Tools (COFEE, WFT, etc.)
• Detection of encrypted volumes
• Preservation of information from encrypted volumes
• Gathered Information Analysis and Reporting

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

COMP41430 Linux for Investigators (10 Credits)

Lecturer: Dr. Nhien An Le KhacDuration: 12 Weeks

This course aims to show you the power and utility of the Linux operating system in conducting forensic investigations. Much of the course is devoted to demonstration of Linux forensics analysis techniques via investigation case studies.
The topics covered include:

• Introduction and Installation
• Basic Linux Commands
• Standard Linux Tools
• Investigation & Forensic Analysis Case Studies

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

Module Options:
Semester 2 (January to May)

COMP40120 Introduction to Programming for Cybercrime Investigators (10 Credits)*

Lecturer: Dr. Nhien An Le KhacDuration: 12 Weeks

This module introduces students to the elements of programming and discusses algorithms underlying more advanced digital forensic tools. The aim of the course is to equip students with better understanding of software systems and advanced digital forensic tools, as well as to give them an ability to write custom tools for data analysis.
The topics covered include:

• Introduction to PERL programming
• Introduction to database programming (SQL via perl)
• Applications to data carving and inconsistency detection

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

* COMP 40120 Introduction to Programming for Cybercrime Investigators is one of the four FCCI foundation modules, which all MSc students are encouraged to take as part of their first year.

COMP41590 Advanced Computer Forensics (10 Credits)*

Lecturer: Dr. Pavel Gladyshev Duration: 12 Weeks

This module is a continuation of the foundational Computer Forensics module.
The topics covered include:

• In-depth Windows OS and Application artifacts and analysis
• Linux & Mac forensic artifacts
• Advanced data recovery techniques
• Principles and practice of applied forensic research
  

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

* COMP 40130 Advanced Computer Forensics (10 Credits)* is one of the four FCCI foundation modules, which all MSc students are encouraged to take as part of their first year.

COMP41570 Advanced Scripting (10 Credits)

Lecturer: Dr. Fergus Toolan Duration: 12 Weeks

This course focuses on means of building your own forensic applications.
It is based on the Bourne Again Shell (BASH) in the Linux System.
The topics covered include:

• Basic Bash and Arithmetics
• Flow of Control
• Strings, Arrays, Functions & User Interface
• Log file analysis
• Data carving
• Steganography detection
• Web monitoring
• Keyword Searching
• Disk Imaging
• Timeline Analysis
• File system analysis

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

COMP 41430 Linux for Investigators & COMP 40120 Introduction to Programming for Cybercrime Investigators are both pre/co-requisite modules for students who wish to take COMP 41570 Advanced Scripting.

COMP41580 VoIP and Wireless Investigations (10 Credits)

Lecturer: Mr. Giorgio Ruggieri, Mr. Aberto Morales Duration: 12 Weeks

Voice over IP and Wireless Networking technologies have become widespread over the past decade. Along with the improved user experience they brought a number of investigative challenges including the difficulty of identifying and locating mobile users and the widespread use of encryption, which complicates the lawful interception of communications. This module covers the state of the art investigative techniques aimed at overcoming these challenges.
The topics covered include:

• Wireless Technology Overview
• Wireless Security Overview
• Wireless Passive Mode Information Gathering
• Wireless Active Mode Information Gathering
• Introduction to VoIP
• Skype Investigations

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

COMP41300 Money Laundering Investigations (5 credits)

Duration: 12 Weeks

Money Laundering is a key aspect of the criminal economy. This course is designed for investigators and police officers working in the general financial crime area. The twelve modules cover the various methods and mechanism of money laundering, the international legal responses to it, and a detailed examination of techniques for investigating and tracing illicit funds. The final two modules introduce structured intelligence analysis in a financial crime context - looking at how we can sift, grade, value and analyse the intelligence that we obtain during investigations.
The topics covered include:

• Introduction to accounting techniques
• Use of open information sources for asset tracing
• Link analysis techniques

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

COMP41330 Open Source intelligence (5 credits)

Lecturer: Mr. Marco Doodeman Duration: 12 Weeks

Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analyzing it to produce actionable intelligence.

In the intelligence community (IC), the term "open" refers to overt, publicly available sources as opposed to covert or classified sources. (Source Wikipedia). Despite the fact that the number of available open source is infinite, as digital investigators, during the course we will focus only on open sources as we find them on the Internet. In addition to many practical guidelines, we will explore issues of prejudice and how to reduce risk, discuss existing applications to secure messaging and proven solutions to assist you positioning OSINT in your organization.
The topics covered include:

• Introduction to Open Source Intelligence Gathering
• Search Basics
• Effective Searching
• Reliability of Search Results
• Thematic Research
• Online Databases and Online Information Gathering Tools
• Search Result Processing, Analysis, and Presentation

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

COMP41480 Investigation of Sexual Abuse of Children on the Internet / Online Child Exploitation (5 Credits)

Lecturer: Mr. Mick MoranDuration: 12 Weeks

This course aims to help in the understanding of this crime type. It will cover all aspects of Child Sexual Exploitation and how the Internet is used by some people to facilitate that. Students will be expected to understand why and how Sex Offenders use the Internet to possess, disseminate and make Child Abuse Material as well as grooming and intelligence gathering and the online services and technologies used by them to commit this type of crime. There will be a section on victim centric policing and the emerging discipline of Victim Identification Specialist. Skills like image and movie analysis will be taught along with familiarisation with open source analysis and covert internet investigation.

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

Module Options: Non-Semester Linked

All MSc FCCI students must complete either a minor or major piece of research as part of their Master of Science.

COMP40150 Case Study (10 credits)

Duration: 36 Weeks

This module serves as the equivalent of a final year project in a primary science or engineering degree. The Case Study module is a minor research project and should be taken by MSc students not completing the major research project (students should not take both). 

Students are expected to perform an individual investigation and produce a report describing the method of investigation, its results, and a discussion of lessons learned. By doing so, students must demonstrate correct application of skills and knowledge learned in the previous modules.

COMP40160 Research Project (30 credits)

Duration: 36 Weeks

This 30 credit module comprises an individual research project on a real-world topic in forensic computing and/or cybercrime investigation. At the end of it each student is expected to write a dissertation on the chosen research topic. The Research Project module is a major research project. Students who take this module should not also take the minor research project (Case Study).

The purpose of this exercise is to demonstrate the student's ability to conduct independent research and convey the discovered knowledge to colleagues.

COMP 40160 Research project is only available to MSc level students.