University of London

Small Navigation Menu

Primary Menu

Digital forensics


The objective of this module is to introduce the foundations of digital forensics, from the discovery to collection and analysis of evidence suitable for use in a court of law or purposes such as documenting compliance.

You will cover the ways in which data is generated, stored, and transmitted in a number of settings including desktop and mobile environments as well as networks. Preserving the integrity of such evidence also in the presence of malware or explicit counter-forensic mechanisms as well as means for discovering the presence of such mechanisms is also covered explicitly.

Topics covered

  • Introduction
  • Storage forensics
  • Host forensics
  • Selected aspects of network forensics
  • Malware forensics
  • Mobile device forensics
  • Steganography (not examinable)
  • Forensic analysis of embedded device

Learning outcomes

If you complete the module successfully, you should be able to:

  • Have an understanding of audit and indirect dynamic activity records retained by operating systems, particularly in file systems
  • Understand selected network protocols, collection and derivation of evidence allowing reconstruction of activities
  • Be able to identify and apply sound forensic practices
  • Be able to identify and counter obfuscation and counter-forensic techniques
  • Have in-depth insight on retention characteristics of storage systems for desktop, mobile, and non-standard computing systems


This module is assessed by a two hour unseen written examination.

Essential reading

  • C. Altheide, H. Carvey: Digital Forensics with Open Source Tools, Syngress (2011)
  • E. Casey: Digital Evidence and Computer Crime, 3rd ed. Academic Press (2011)