MSc Forensic Computing and Security (incorporating PG Cert/PG Dip)

What will I cover in this module?

Module description

Using a blend of practical and theoretical approaches this module will empower you with the analytical tools to perform pragmatic and ethical system penetration testing. Using popular open source tools you will be given a framework to research and develop innovative methods which can be used to uncover security vulnerabilities in modern networked environments. Research will be performed in how to circumvent real world attacks using novel detection and prevention techniques. Through investigation, analysis and creative design, you will become adept in how to protect systems against internal and external threats.

Learning outcomes

On completion of this module you will be able to:

1. Analyse and research the efficacy of computer systems through the use of penetration testing techniques
2. Research and design custom protection techniques for identified attack types and justify their use

Areas of study

• Investigating  social engineering and host reconnaissance
• Researching effective ways of utilising and deploying Intrusion Detection Systems (IDS)
• Explore techniques for circumventing IPS/firewalls and how to guard against these
• Analysis and synthesis of research into new techniques for indentifying Windows and Linux server vulnerabilities
• Analysing popular exploits such as buffer overflows and investigating methods of mitigating them
• Critical analysis and evaluation of models of system test plans
• Investigate the most effective ways of creating pragmatic testing plans

How will I be assessed?

100% coursework

Coursework 1 - 50% - Produce a well researched report which is based on proven and theoretical principles on identifying testing strategies for detecting common and obscure system security issues within a given case study scenario.

Coursework 2 - 50% - Production of a case study focused report which identifies through experimental research the necessary actions which must be taken to harden a network system and protect it against previously identified attacks

How many credits is it worth?
15

What will I cover in this module?

This module explores the body of rules regulating the means by which facts may be proved in a court of law. The obtaining of evidence by the police, the court process and roles of judge, jury and witnesses will be examined. You will study both rules relating to the admissibility of evidence, and the extent to which exceptions to exclusionary rules exist. Assessment will take the form of coursework and related provision of witness evidence in the courtroom.

On successful completion of this module you'll be able to:

1. Demonstrate a critical understanding of court procedures and the roles of individuals involved, both in the obtaining of evidence and its introduction into the court process.
2. Consider and ascertain the reasoning behind the rules applicable in determining evidence which can be admissible in court and analyse the effectiveness of exclusionary rules.

You'll cover:

• The role of judge and jury in relation to court procedure
• Examination in chief, cross examination and re-examination
• Police conduct in obtaining evidence and role in the justice system
• Identification evidence
• Character evidence and similar fact evidence
• The hearsay rule, res gestae and other exceptions
• Opinion evidence.

How will I be assessed?
100% Coursework

How many credits is it worth?
15

What will I cover in this module?

The management of the security process is a crucial part of the successful implementation of any security process or technique. This module looks at the fundamental and core network and security management issues that affect businesses including the often conflicting organisational goals that can lead to difficult trade-offs between affordability and effective protection.

On successful completion of this module you'll be able to:

1. Analyse and discuss core business security policy issues that ensure the delivery of good and workable security policies
2. Critically evaluate and analyse the security requirements of an organisation.

You'll cover:

• The role of a CISO
• Security, techniques for infrastructure protection
• Security policy formulation
• Business continuity and disaster recovery planning. Backups, cold sites, 
• Access Control and Privilege Management. Biometrics
• Formal Risk Management strategies
• Personnel management, change Management, security training/awareness, administrative responsibilities
• Balancing internal and external threats and protection
• Physical security
• National critical infrastructure protection
• Network monitoring systems. User monitoring.
• Intrusion detection systems, Anomaly based detection systems, host vs network based IDS, honeypots
• Firewalls
• Malware, anti virus, spam filtering.

How much work will I need to do each week?

This module is offered in three modes of study in order to offer maximum flexibility for students on different programmes.

On Campus - Fully taught mode
Lectures / Seminars:    &nb
sp;  36 hours
Directed study:     
      
 114 hours
Total:      150 hours

On-campus - Blended Learning
On-campus Seminars:    &nb
sp;     &nb
sp;     &nb
sp;     &nb
sp; 12 hours
Directed Learning via e-presentation:  138 hours
Total:      150 hours

Distance Learning
Students will receive the whole module content on line to facilitate self-learning. Students will have access to the e-tutor via the system, as well as a facility to engage other students on the module.

e-tutor contact:    &nbs
p;     &nbs
p;     &nbs
p;     &nbs
p;     &nbs
p;   2.5 hours
Directed Learning via e-presentation:  147.5 hours
Total:      150 hours

How will I be assessed?

100% Coursework

Coursework 1 (100%), learning outcome to be assessed: all

A detailed research task and an application of the research to a given case study. The report will be approximately 5,000 words long.

You will be given opportunities, through both formative and summative assessments, to reflect on your learning to support professional and personal development.

Reading list

• Mitnick, K.D., Et Al., The Art of Deception: Controlling the Human Element of Security(2003), Hungry Minds Inc (US)
• Wallace, M.,  The Disaster Recovery Handbook: A Step-by-step plan to ensure business continuity and protect vital operations, facilities and assets(2004), Amacom
• Sherwood, J., Enterprise Security Architecture (2005), CMP Books

How many credits is it worth?
15

What will I cover in this module?

This module investigates core techniques used currently for the purpose of data retrieval and evidence preparation where the source of the evidence is a computer system, a network system or any other system attached thereof.

On successful completion of this module you'll be able to:

1. Identify, analyse and present core data and information crucial to the investigation of a computer or network system in a format that will aid further legal investigations.

You'll cover:

• Incident management. Preparation of networks and hosts so as to be conducive to good evidence collection
• Incident response. Incident response procedures, crime scene management, recording of evidence.
• Data collection from popular operating systems such as Windows, UNIX and LINUX. Obtaining system logs and other important configuration files. Recovering deleted files and data from 'lost' space. Zeroisation
• Handling volatile data
• Forensic duplication of hard disks
• Investigation of Network interfaces.
• Remote investigation
• Anti-forensic problems such as encryption. Key escrow mechanisms.
• Computer Forensic Reports
• Tracing network activity (emails, web usage etc). 
  

How will I be assessed?
100% Coursework

How many credits is it worth?
15

What will I cover in this module?

This module examines crimes which are specific to the use of information technology, but also crimes of a general nature and other unlawful behaviour in which use, or misuse, of information technology plays a part.  It aims to identify and explore the behaviour which those monitoring or examining IT for forensic or security purposes are attempting to discover. UK and EU law will be examined, but international legislation may also be relevant.

On successful completion of this module you'll:

1. Know and understand the nature of crimes and other unlawful activity which are the subject of security and forensic activity
2. Have a critical awareness of the constituent elements of such crimes and the technological means utilised in their commission.

You'll cover:

• Viruses, worms, trojan horses, hacking, spamming, phishing etc and their legal implications
• Fraud involving computer technology
• Use of Computer in: Terrorism; Grooming; Rape; Murder/Suicide; Drugs; Graffiti; Government/commercial espionage; Theft; Kidnap/missing persons; Corruption; Assault; Arson; Firearms; Illegal immigration/Human Trafficking; Perverting the Course of Duty
• Computer Misuse Act
• Pornographic and other obscenity offences
• Offences of a fraudulent nature; identity theft
• Harassment offences.

How will I be assessed?
100% Coursework

How many credits is it worth?
15

What will I cover in this module?

Module description

The module aims to develop the students' ability to study at Master's level and to develop, plan, execute a research project.

On successful completion of this module you'll be able to:

1. Research, review and critically evaluate current academic literature within a specific context in order to identify the key issues and gaps within current knowledge
2. Demonstrate a critical understanding of research design and methodological enquiry and to propose an appropriate research plan. Reflective evaluation of the impact of ethical values on academic research will be demonstrated
3. Systematically analyse and synthesise researched data and theories.

You'll cover:

• Studying at Masters Level (Literature Review, Critical evaluation concepts and practices, Sources, Search Strategies, Communication of ideas and results)
• Research Project Development (Principles of planning projects and project lifecycles, Identifying tasks and estimating timescales, Risk analysis. Ethical, social and professional issues)
• Analysis and Synthesis of Data and Information (Experiment design, Methodologies for quantitative and qualitative investigations, System modelling concepts and constraints)

How will I be assessed?

100% Coursework

Assessment will be by means of a portfolio of written work demonstrating the achievement of all learning outcomes totalling between 4000 and 5000 words. There will be a strong component of rapid, formative assessment during the delivery of that part of the module relating to learning outcome 1 which will be linked to summative assessment.

Reading list

These are the books you must have your own copies of, as they provides the majority of the input for you across several of the sections:-

• Cottrell S., Critical Thinking Skills; Developing Effective Analysis and Arguments, (2005), Palgrave Macmillan
• Lowes, R., Peters, H. and Turner, M., The International Student's Guide to Studying in English at University, (2004), Sage
• Oates, B., Researching Information Systems and Computing, (2006), Sage
• Walsham, G., Making a World of Difference; IT in a Global Context, (2001), Wiley. (Sections of this will be used for the exercises)

How many credits is it worth?
15