UoR: DF-25/26

Course : MSc Cyber Security

Module Name: Digital Forensics

Module Code: Spring 2026 Digital Forensics - (CMP-L020-0)

Credits: 20


UoR: DF-25/26

Module Team

Module Leader: Dr Ali Jaddoa


UoR: DF-25/26

Please, CALL ME Ali

Please, CALL ME Ali

Please, CALL ME Ali

Please, CALL ME Ali


UoR: DF-25/26

NOTE

  • To contact the teaching team, please send an email using the contact details above (Ali.Jaddoa@roehampton.ac.uk).
  • Make sure to include your student ID, the course, and the module you are enquiring about.

UoR: DF-25/26

Module Aims

To provide students with the knowledge and skills to acquire, analyse, and interpret digital evidence across multiple platforms, ensuring legal, ethical, and professional standards are maintained in forensic investigations.


UoR: DF-25/26

Module Learning Outcomes

  • LO1: Identify the contexts and characteristics of cyber-crime.
  • LO2: Describe the legal, ethical, and professional role of a digital forensic practitioner.
  • LO3: Apply appropriate practices, tools, and techniques in the context of a given investigative scenario.
  • LO4: Analyse and synthesise the outcomes of a digital forensic investigation as a report.

UoR: DF-25/26

Main Question:

How can digital forensic practitioners acquire, analyse, and present digital evidence in a way that is both technically rigorous and legally admissible?


UoR: DF-25/26

Weekly Sessions

Week(s) Date(s) Teaching Status
01 19 Jan 2026 Teaching
02 26 Jan 2026 Teaching
03 02 Feb 2026 Teaching
04 09 Feb 2026 Teaching
05 16 Feb 2026 Teaching
06 23 Feb 2026 Employability Week
07 02 Mar 2026 Teaching
08 09 Mar 2026 Teaching
09 16 Mar 2026 Teaching
10 23 Mar 2026 Teaching
30 Mar – 06 Apr 2026 Easter Break
11–12 13 Apr – 20 Apr 2026 Teaching
13-14 27 Apr – 04 May 2026 Revision and Exams

UoR: DF-25/26

Indicative Content
1. Introduction to Digital Forensics Definition; investigation types; forensic lifecycle
2. Legal and Ethical Context UK legal framework; ACPO principles; professional conduct
3. Digital Evidence Fundamentals Evidence types; volatility; evidential integrity
4. Evidence Handling and Preservation Chain of custody; documentation; write protection
5. Hashing and Integrity Verification Hash functions; verification; repeatability
6. Forensic Acquisition Live and dead acquisition; disk and memory imaging
7. File Systems and Storage Forensics File systems; metadata; deleted data
8. Disk Image Analysis User activity artefacts; application traces
9. Memory (RAM) Forensics Processes; network artefacts; volatile evidence
10. Operating System Artefacts Registry; event logs; device history
11. Email Forensics Email headers; message content; artefact analysis
12. Timeline Analysis Timeline construction; evidence correlation
13. Forensic Reporting Report structure; defensible conclusions
14. Professional Presentation Evidence presentation; expert witness principles

UoR: DF-25/26

Assessment Format

  1. Coursework Portfolio (60%)
    Set of tasks

  2. In-Class Test (40%)

    • Scenario-based questions and short technical analysis
    • Covers cyber-crime contexts, forensic methods, and applied case work

UoR: DF-25/26

Learning Format

  • Combination of labs, seminars, and lectures
  • Hands-on forensic tools: FTK Imager, Autopsy, Volatility, Registry Explorer, Wireshark, etc.
  • Weekly datasets and practical scenarios provided on Moodle
  • Lectures/Slides and Labs on GitHub

UoR: DF-25/26

Delivery Format

  • Sessions are held every Monday.

  • Each student is allocated to a specific group. Please ensure you attend your assigned group, as attending a different session will be recorded as an absence.

  • Allocations are final and cannot be changed due to resource limitation.

    G1 9:00 – 12:00 Location: LB.120

    G2:12.00 - 15.00 Location: LB.120


UoR: DF-25/26

Policies and Regulations

  • Full list available on Moodle

UoR: DF-25/26

Menti


UoR: DF-25/26

> Please don’t call me sir

[https://www.menti.com/al3rpzc5xo2h](https://www.menti.com/al3rpzc5xo2h)