UCD Home | About UCD | UCD News | UCD Events | Virtual Tour | Contact UCD | Staff Directories | UCD A-Z | UCD Connect

Module Options:
Semester 1 (September to December)

Apply Online


COMP40100 Computer Forensics (10 Credits)*

This module provides students with an introduction to Computer Forensics.
Topics include:

  • Information representation
  • Information storage
  • Disk imaging / Hashing / Forensic tool kits
  • File system forensic analysis

Upon successful completion of this module students should be able to:

  • Explain how common information, such as text, numbers, and time, is represented in computing
  • Convert between number systems
  • Interpret raw hexadecimal information
  • Acquire and verify a disk image
  • Explain logical and physical hard disk structure
  • Interpret common file system structures

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

* COMP 40100 Computer Forensics is one of the two FCCI foundation modules, which all MSc students are encouraged to take as part of their first year.

More Information on COMP40100

COMP40110 Network Investigations (10 Credits)*

This module introduces elements of computer network technology relevant to investigations of cybercrimes, common network-oriented investigation techniques, and sources of evidence beyond a suspect's computer.

Upon successful completion of this module students should be able to:

  • Describe basic networking concepts and hardware
  • Identify networking hardware components
  • Design subnetworks
  • Describe common Internet protocols
  • Perform lawful interception and analysis of network traffic
  • Analyse common networking artifacts such as: Web browsers; email clients; IRC; etc.

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

* COMP 40110 Network Investigation is one of the two FCCI foundation modules, which all MSc students are encouraged to take as part of their first year.

More Information on COMP40110

COMP41650 Malware Investigations (10 Credits)

This module is aimed at teaching students how to investigate crimes directed against computer systems themselves.
Upon successful completion of this module students should be able to:

  • List and explain hacking offences as defined by the Council of Europe's Convention of Cybercrime
  • Explain the purpose of malware
  • Describe common methods of malware dispersal and transmission
  • Explain the "Business Models" of Malware
  • Describe the process of Malware Analysis
  • Determine the purpose of unknown executable files in a safe manner
  • Detect the signs of malware intrusion on computer systems

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

More Information on COMP41650

COMP47430 Mobile Devices Investigation (10 Credits)

This module will provide students with the ability to investigate in detail data stored by mobile devices such as phones, tablet computers, etc. Students will be exposed to the advanced techniques used in investigations to acquire, decode and analyze the content of different mobile device operating systems. Techniques such as reverse engineering, data carving and overcoming user and manufacturer imposed restrictions will be covered.
On successful completion of this module the student will be able to:

  • Identify common data types stored on mobile devices
  • Understand the different methods of data acquisition
  • Acquire knowledge of how data is stored on different mobile operating systems
  • Develop an awareness of different methods of communication used by mobile devices
  • Have knowledge of flash memory used in mobile devices

Module accreditation requires attendance in UCD for a mandatory workshop and examination. Examination of this module takes place during either the December or summer examination sessions.

More Information on COMP47430

COMP41430 Linux for Investigators (10 Credits)

This course aims to show you the power and utility of the Linux operating system in conducting forensic investigations. Much of the course is devoted to demonstration of Linux forensics analysis techniques via investigation case studies.
Upon successful completion of this module students should be able to:

  • Install the Linux Operating System
  • Navigate the Linux File System
  • Utilise standard Linux tools for digital forensics
  • Acquire images of electronic storage devices in a forensically sound manner
  • Analyse file systems using Linux tools
  • Perform data carving using Linux tools
  • Gather information on running Linux systems

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

More Information on COMP41430

COMP41660 Live Data Forensics (10 Credits)

Live Data Forensics is a term describing tools, techniques, and procedures for preservation and analysis of volatile evidence contained in the main memory (RAM) of a computer system. Traditional forensics involves seizing the machine and returning it to the lab environment for a forensic analysis. This can lose information such as RAM contents, Encrypted containers, cloud storage devices, etc. Live Data Forensics involves examining the machine on the scene in order to preserve this volatile information.
Upon successful completion of this module students should be able to:

  • Describe the Live Data Forensic Process
  • Prepare teams for site searches
  • Acquire and Analyse the contents of RAM
  • Gather information on running systems
  • Detect encrypted volumes
  • Preserve information found on running systems in a forensically sound manner
  • Analyse gathered artifacts and report their findings

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

More Information on COMP41660

COMP47370 Data and Database Forensics (10 Credits)

Since the rise of the Internet, e-mail and social media the amount of produced data has grown exponentially. Most parts of digital forensics deal with extraction and collection of variant types of structured and unstructured data across electronic devices. The aim of this course is two-fold. Firstly, it illustrates how to utilise databases for investigations including use of Structured Query Language and how to analyse databases recovered during an investigation. Secondly, this course shows basic techniques for unstructured data forensics including extracting evidences from text files, "non-transactional" data structures and analysing information by using of data mining techniques and social network analysis.

On successful completion of this module the learner will be able to:

  • Define database terminology, design and build simple database solutions for investigations
  • Describe a general technique for analysing databases
  • Analyse SQLite3 artefacts from common applications
  • Extract information from unstructured data
  • Analyse text files, email, log files, social media feeds, news feeds, blogs and chats

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

More Information on COMP47370

COMP47420 Online Fraud Investigations (5 Credits)**

tsetThis course introduces students to the basic concept of cybercrimes and describes how online fraud activity is conducted. Students will receive practical demonstrations for securing potentially volatile data during simulated search seizure operations. There will also be a particular emphasis on open source intelligence gathering, Virtual Private networking and Darknet Investigations. All of the topics discussed will relate to how the Irish Computer Crime Investigation Unit (CCIU) can be used to support participants throughout the process of fraud investigations.

On successful completion of this module the learner will be able to:

  • Understand how fraud is conducted via the Internet and the models that support it
  • Understand the Darknet and how Virtual Private Networking can be used by investigators andcriminals
  • Seize devices at a crime scene in an appropriate manner, with respect to the preservation of evidence while maintaining chain of custody
  • Request subscriber information from Internet service providers through the SPOC (Garda Single Point of Contact)
  • Perform basic open source intelligence gathering tasks while maintaining anonymity on theInternet
  • Understand and utilise their relationship with the Garda Bureau of Fraud Investigation, CCIU

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

** COMP 47420 Online Fraud Investigations is available to the members of the An Garda Síochána Grad Cert programme only. Approval by GBFI is required to take them.

More Information on COMP47420

COMP47440 Legislation (5 Credits)**

tsetThis module is aimed at providing students with the legal knowledge of the various acts that are used in prosecuting fraud offences. At the end of this module students will be equipped to recognize and charge under the different offences that have been breached, to recognize any additional offences that have occurred and serve the correct warrants and orders and seize any realizable assets. They will also have learned how to apply for mutual assistance on cross border cases.

On successful completion of this module the student will be able to:

  • Investigate payment card & currency fraud. They will have a detailed understanding of the relevant offences for counterfeiting, possession of articles, theft & deception offences, (criminal Justice Theft & Fraud Offences Act 2001 section 4, 6, 17, 25.
  • Students will gain a working knowledge of the main fraud offences contained in the Criminal Justice (Theft & Fraud Offences) Act 2001, Money Laundering & Terrorist financing offences Act 2010 & criminal Justice Act 2013 and how they can be applied in fraud investigations.
  • Have a working knowledge of the Bankers Book of Evidence Acts, Criminal Evidence Act 1992 Section 8 of Data Protection Act, and its use in fraud investigations.
  • How to apply for information from Revenue under Disclosure of certain Information for Taxation Purposes 1996 and Taxes Consolidation Act to assist in fraud investigation.
  • Obtain the most suitable warrant or court order for the fraud investigation they are involved in. This will include court orders and warrants under several different sections of fraud related legislation including applying for orders to freeze and seize funds under cash confiscations section 39 and section 61 of the CJA Act 1994 and forfeiture orders and applying for mutual assistance on trans-border cases.
  • Have a broad knowledge of other relevant legislation including Criminal Law Act 1997, Consumer Credit Act 1993, Criminal Justice Act 1984 & 2011 and Criminal Damage Act 1997.

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

** COMP 47440 Legislation is available to the members of the An Garda Síochána Grad Cert programme only. Approval by GBFI is required to take them.

More Information on COMP47440

COMP47450 Financial Fraud Investigation (10 Credits)**

tsetThe objective of this module is to provide the students with an in depth knowledge and understanding and awareness of fraud and fraud related offences. It gives an insight into the investigation techniques required to carry out both simple and complex fraud complaints. This module also provides students with an appreciation of the best practices and procedures regarding the taking of Statements from complainants and witnesses. This module demonstrates methodology used in serious fraud investigation. It enables moreover students have an understanding on how to conduct a serious fraud investigation from start to finish.

On successful completion of this module the student will be able to:

  • Conduct a fraud investigation including preparing and managing a complex fraud investigation file including handling exhibits.
  • Identify criminality in a complaint and identify proofs necessary.
  • Prepare for the taking of witness statements and suspect statements.
  • Carry out investigation plan, including uplifting evidence correctly and to be cognisant of disclosure obligations.
  • Be able to apply learned skills in investigations of specific types of criminality (Complex commercial fraud cases e.g. pyramid schemes, mortgage fraud, bribery & corruption fraud, company fraud, money laundering and terrorist financing, payment card fraud, and proceeds of crime etc.)
  • Prepare and submit of investigation file to DPP (Director of Public Prosecutions).

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during either the December or summer examination sessions.

** COMP 47450 Financial Fraud Investigation is available to the members of the An Garda Síochána Grad Cert programme only. Approval by GBFI is required to take them.

More Information on COMP47450




Module Options:
Semester 2 (January to May)




COMP40120 Programming for Investigators (10 Credits)

This module introduces students to the elements of programming and discusses algorithms underlying more advanced digital forensic tools. The aim of the course is to equip students with better understanding of software systems and advanced digital forensic tools, as well as to give them an ability to write custom tools for data analysis.
Upon successful completion of this module students should be able to:

  • Build custom tools for extracting necessary information from evidential data and for post-processing of output of third-party digital forensic tools.
  • Describe the differences between compiled and interpreted programming languages
  • Write programs using simple constructs such as assignment, selection, iteration, etc.
  • Write programs using regular expressions
  • Write programs which can interact with databases

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

More Information on COMP40120


COMP41590 Advanced Computer Forensics (10 Credits)

This module is a continuation of the foundational Computer Forensics module. It looks in more detail at certain Windows system artifacts and also examines other operating systems.
Upon successful completion of this module students should be able to:

  • Locate and describe various Windows system and application artifacts
  • Analyse various Windows system and application artifacts
  • Locate, describe, and analyse Linux Forensic Artifacts
  • Describe the principles of applied forensic research
  • Evaluate the performance of forensic tools
  • Conduct applied research into new artifacts

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

More Information on COMP41590

COMP41570 Advanced Scripting (10 Credits)

Forensic tools are expensive, and sometimes limited in their functionality. This module teaches BASH scripting, and shows the development of numerous forensic tools. Topics covered in the module include: Web Site Monitoring; Log File Analysis; File System Forensics; etc.
Upon successful completion of this module students should be able to:

  • Write simple scripts in BASH
  • Explain and use command substitution, arithmetic substitution and tests in BASH
  • Develop robust scripts that gracefully handle error conditions
  • Develop simple forensically sound applications

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

COMP 41430 Linux for Investigators & COMP 40120 Programming for Investigators are both pre/co-requisite modules for students who wish to take COMP 41570 Advanced Scripting.

More Information on COMP41570


COMP41580 VoIP and Wireless Investigations (10 Credits)

Voice over IP and Wireless Networking technologies have become widespread over the past decade. Along with improved user experience they bring a number of investigative challenges including the difficulty of identifying and locating mobile users and the widespread use of encryption, which complicates the lawful interception of communications. This module covers the state of the art investigative techniques aimed at overcoming these challenges.
Upon successful completion of this module students should be able to:

  • Describe the technologies used in creating and using a wireless network
  • Explain the operation of various wireless security protocols
  • Compare and contrast the relative strengths of said security protocols
  • Gather information on wireless networks using both passive and active means
  • Explain the technology on which Voice over IP is reliant
  • Describe the potential sources of evidence available in VoIP clients and interceptions.
  • Analyse artifacts associated with common VoIP clients.

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

More Information on COMP41580

COMP47630 OSINT Collection and Analysis (10 credits)

Open source intelligence (OSINT) is a form of intelligence collection management that involves finding, selecting, and acquiring information from publicly available sources and analysing it to produce actionable intelligence. In the intelligence community (IC), the term "open" refers to overt, publicly available sources as opposed to covert or classified sources. Despite the fact that the number of available open sources is infinite, as digital investigators, during the course we will focus only on open sources as we find them on the Internet. In addition to many practical guidelines, we will explore issues of prejudice and how to reduce risk, discuss existing applications to secure messaging and proven solutions to assist you positioning OSINT in your organisation.
Upon successful completion of this module students should be able to:

  • Describe the open source intelligence gathering procedure
  • Search open sources for intelligence
  • Describe the reliability of search results
  • List and use online databases and online information gathering tools
  • Analyse and present search results

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

More Information on COMP47630


COMP47510 Financial Investigation Techniques - Following the Money (10 credits)

Money is at the root of most crime. This course will teach students how criminally-derived money works in both the real world and in cyberspace, and how to investigate both. We will looks at how money and assets are used and abused by criminals and terrorists. During the course we will examine the major types of fraud, including VAT Carousel Fraud (responsible for the loss of between €43-53 Billion in the EU, annually) and we will examine methods used to launder criminal proceeds. The course will make extensive use of Open source Intelligence (OSINT) methods of particular relevance to investigators.
On successful completion of this module the learner will be able to:

  • Explain basic principles of financial investigation
  • Apply basic accounting techniques to money laundering investigations
  • Be aware of, and familiar with, the main methods used by criminals to hide the proceeds of crime.
  • Safely use the many OSINT methods that are available to investigate financial crimes
  • Understand how criminals use the Darknet and hidden internet.
  • Recognise and be capable of investigating money laundering and the financing of terrorism
  • Understand and be able to counter the most common excuses offered by criminals for unexplained wealth.
  • Understand the financing of terrorism

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

More Information on COMP47510


COMP47640 Online Child Abuse Investigations (10 Credits)

Child sexual abuse is a societal issue that has serious implications for children and society and is therefore acknowledged as a serious crime. In the UK alone 1 in 20 children have been sexually abused. It is a complex and difficult crime type with many taboos, myths and untruths associated with it. Within Policing it is a specialised area due to the aforementioned societal nature of the crime but also because it requires specialised skills especially in knowledge, interviewing techniques and particular investigative practise. Sexual abuse of children has always existed in one form or another but has, like a lot of other areas, been revolutionised by ICT. The internet has opened up opportunities for non-contact sex offending, such as the viewing of child pornography. Distribution of CSAM (both commercial and non-commercial), Grooming, live streaming child sexual abuse, and sexual extortion are also forms of offending Police are now seeing in their daily work as legislation improves around the world. This course is a standalone module covering all aspects of the exploitation of children online (and understanding offline related offending) that will equip students to deal with the ever increasing level of crime in this area.
Upon successful completion of this module students should be able to:

  • Describe how sex offenders use the Internet to commit crimes
  • Describe the technologies used to commit the crimes
  • Describe the process of Victim Identification
  • Analyse movies / still pictures as a means of victim identification

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

More Information on COMP47640


COMP47380 Advanced Malware Analysis (10 Credits)

This course follows on from the "Malware Investigation" module to teach students the skills required for more in-depth investigations of modern malware, and the tools used to analyze, defend and recover from malware attacks. Particular emphasis will be put on more advanced topics like Reverse Engineering, and Debugging – as well as low level descriptions of the Windows OS and file formats used by malware. These approaches are key to move from the knowledge of what a malware is doing to the system (from blackboxing), to a deeper level of understanding of the purpose of the code itself.
On successful completion of this module the learner will be able to:

  • Assess the Windows Operating System as an attack platform for malicious code
  • Analyse malware through reverse engineering and debugging
  • Analyse some of the most common non-Windows executable malware, such as PDF or Android.

Required: All Students are expected to have completed the "Malware Analysis" module before taking this course. This course covers content such as Blackboxing and Static analysis of malware which is essential to understand before undertaking this course.

Module accreditation requires attendance in UCD for an examination. Examination of this module takes place during the summer examination session.

More Information on COMP47380



.




Module Options:
Non-Semester Linked




COMP40150 Case Study (10 credits)

This module serves as the equivalent of a final year project in a primary science or engineering degree. The Case Study module is a minor research project and should be taken by MSc students not completing the major research project (students should not take both). 

Students are expected to perform an individual investigation and produce a report describing the method of investigation, its results, and a discussion of lessons learned. By doing so, students must demonstrate correct application of skills and knowledge learned in the previous taught modules on the MSc in Forensic Computing and Cybercrime Investigation course.
Upon successful completion of this module students should be able to:

  • Apply forensic techniques to running investigations
  • Report on the results of these investigations
  • Evaluate the performance of these techniques

More Information on COMP40150


COMP40160 Research Project (30 credits)

This module comprises an individual research project on a real-world topic in forensic computing and/or cybercrime investigation. At the end of it each student is expected to write a dissertation on the chosen research topic. The Research Project module is a major research project. Students who take this module should not also take the minor research project (Case Study).

Upon successful completion of this module students should be able to:

  • Conduct research into novel forensic and cybercrime investigation problems
  • Present results of their research
  • Analyse data and draw conclusions from this analysis

COMP 40160 Research project is only available to MSc level students.

More Information on COMP40160

















































back to top