F20FO Digital Forensics

Dr Mike Just

Course co-ordinator(s): Dr Mike Just (Edinburgh), Dr Ryad Soobany (Dubai).


Provide the student with in-depth understanding of digital forensics concepts and methodologies

Impart a deep understanding of common attack scenarios to students

Improve students' analysis skills and allow them to identify incidents artefacts in a systematic way

Give practical experience of finding clues and discovering attack scenarios in common operating systems and applications


Detailed Information

Course Description: Link to Official Course Descriptor.

Pre-requisites: none.

Location: Dubai.

Semester: 2.


Legal aspects: investigation limitations (territorial and jurisdictional)

Search and seizure: consent, warrant, evidence seizure

Analysis: things to consider, analysis Process, evidence guidelines, order of evidence importance

Forensic toolkits: hardware features, software features, common software tools

Windows OS artefacts: event log, registry, prefetch, volume shadow copies, shell bags, jumplists, boot,


Linux OS artefacts: "etc" folder, logs, home folder, nautilus, accounts and login history, grub, services

Malware persistence mechanisms: auto-startup, cron jobs

Malware analysis

Reverse Engineering

Storage Media: types overview, file Systems overview

Common applications' artefacts: web browsers, chat clients, servers (Apache, mysql), cross-platform applications


Learning Outcomes: Subject Mastery

At the end of this course, the students will be able to:

Understand the technical and legal aspects of the digital forensics process

Identify and explain the role of different types of digital artefacts

Review the security of Windows and Linux systems

Assess the security of an IT infrastructure

Identify suspicious activities and combine them into attack scenarios

Understand appropriateness and effectiveness of different techniques and research methodologies for digital forensics processes

Learning Outcomes: Personal Abilities

At the end of this course, the students will:

  • Develop a set of ethical and legal best practices needed for a digital forensics career
  • Be able to critically appraise the security of an IT infrastructure
  • Practice in ways that demonstrate a clear awareness of own and others' roles and responsibilities
  • Use a range of digital forensics software to support and enhance their analyses
  • Make formal presentations about digital forensics topics to informed audiences

SCQF Level: 10.

Credits: 15.