UCD Home | About UCD | UCD News | UCD Events | Virtual Tour | Contact UCD | Staff Directories | UCD A-Z | UCD Connect

Module Information (MSc DIFC)


COMP40800 Computer Forensics Foundations

This module introduces fundamental principles and techniques of computer forensics. Starting from an overview of logical reasoning and interpretation of evidence, the course discusses the role of digital investigator and teaches fundamental skills of the profession. The course participants will learn ways of writing forensic reports, techniques for performing basic Internet investigations and basic forensic analysis (including the use of write blocking, disk imaging, evidence searching, applying hash libraries of known good & known bad files, file carving, systematic exploration of the file system & Windows registry, exploration of internet usage history and some other well known forensic artefacts in Windows operating systems, etc). The ideas and techniques of this module are illustrated using simulated evidential data. The course culminates in the inidividual investigation project, where the students are required to perform a complete digital forensic examination of a simulated crime case.

More Information on COMP40800

LAW40860 Digital Investigations & the Law

This module deals with the legal framework governing the activities of persons involved in Information Technology security and forensics.
Topics covered will include:

  • Legal issues associated with securing networks (including penetration testing, legal obligations to store data / keep data secure);
  • Legal issues raised in the conduct of investigations (including the legality of network monitoring and employee surveillance, duties to report certain findings to the police, interaction with police investigations);and
  • The role of digital evidence in litigation (including the use of discovery, Anton Piller orders and other court procedures, reliability and admissibility of digital evidence, implications of illegally and unconstitutionally obtained evidence).

This course will primarily reflect Irish and European law but, where relevant, comparison will be made with practice in other jurisdictions.

More Information on LAW40860

COMP40790 Application Forensics

New application programs appear frequently and it is not possible to develop and teach forensic techniques covering examination of ALL existing and future applications. This module teaches forensic experimentation and reverse engineering (through disassembly) in order to equip students with the ability and knowledge to perform their own forensic research of unknown software & hardware applications (including malware) and to use the results of the performed forensic research to draw credible conclusions from the available evidence.

More Information on COMP40790

COMP40760 Investigative Techniques

This module covers the principles and practice of detective work focusing on the context of corporate investigations. Unlke many police investigations that have clear division between forensic and detective work, corporate investigators routinely have to combine these two roles.

The module begins with an introduction into detective techniques employed during the initial investigation phase. This includes skills required to effectively interview witnesses, securing digital and physical crime scene, performing searches, identifying and preserving evidence at the crime scene.

According to Spafford-Carrier model, digital crime scene is a sub-set of the physical crime scene. Thus, the middle part of the module deals with the initial investigation of the digital crime scene, which includes live forensic techinques.

The final part of the module is devoted to interrogating suspects, preparation of affidavits for court, and giving witness testimony in court.

The module includes *mandatory* practical workshops on crime scene processing and presentation of evidence in court, which are conducted on UCD campus in Dublin, Ireland.

More Information on COMP40760

COMP40750 Corporate Investigations

This module focuses on investigation and forensics in the context of large corporate networks. The two main foci of this module are (1) network forensics and (2) electronic discovery of documents. This is complemented by a few guest lectures conveying the opinion and perspectives on the future of the discipline from the leading experts in the field. The module is organised in three parts. The first part is devoted to the review of TCP/IP networking and practical skills required to build TCP/IP networks from machines running Linux. This includes routing, packet filtering, and trafic capture among others. The second part deals with traffic monitoring, collecting and analyzing digital evidence from networks, and some technical aspects of incident response. The final part of the course deals with the issues related to electronic discovery of documents in civil cases, as well as a number of guest lectures.

More Information on COMP40750

COMP40770 Information Security

This module serves as an introduction to information security standards and offensive security techniques (penetration testing) for digital investigators. Large corporate environments require digital investigators to be familiar with the common regulatory framework governing information security processes in such organisations as well as an understanding of how corporate information security controls could be breached. The first six weeks of this module are devoted to a discussion of information security principles and management standards, in which the students create information security policies for a small imaginary company and devise strategy for handling information security incident. The remaining six weeks serve as an introduction to penetration testing and culminate in a pentesting project.

More Information on COMP40770

COMP40780 Digital Investigation Project

This module is a research and development project on a topic related to digital investigation and forensic computing. The students will be asked to either take an individual project or join one of several pre-defined team projects. A team will be led by a lecturer or a researcher associated with the course and will tackle a substantial R&D task. (Please the number of researcher lead teams is usually small and we do not guarantee a place on a team for every student. If you are not chosen for a team you will have to pick and individual project). Following several introductory lectures in January-February, each project (team-based or individual) will be requested to produce detailed project objectives and a project plan including milestones and (where appropriate) task allocations to specific team members. The progress of each individual will be monitored through three project milestones spaced through a March-July timeframe.

More Information on COMP40780