Course overview

Forensic information technology (FIT) is the scientific use or application of information technology (IT) in the generation and presentation of digital evidence to be used in courts, legal or other formal proceedings. The term formal proceedings also relates to the use of IT in internal corporate procedures that might later become the subject of formal legal proceedings; for example, downloading pornography onto a company computer or providing information that might lead to insider trading offences.

FIT (sometimes known as digital forensics or computer forensics) has been growing rapidly for a number of years and as information technology becomes as important a tool for illegal activities as for legal business, we see no sign of that growth slowing. Many police investigations or civil disputes involve investigation of computer systems, mobile phones or other information devices, and there are an increasing number of UK companies that undertake investigations as consultants, as well as opportunities in law enforcement and other services.

Our course is designed for those wanting to follow a career in forensic computing, investigation or those who wish to develop their understanding and application of security issues and cybercrime. It will also appeal to professionals in related areas such as law enforcement, system administration, corporate security, information security and IS auditing.

Skills learned on the programme will help prepare you to:

• present computer or IT evidence in judicial or administrative hearings
• investigate fraud and deception
• investigate unauthorised access to computer systems, hacking etc
• identify intruders' trails and scientifically, using IT means, gather evidence to prosecute
• recover and acquire data which may have been hidden or deleted
• investigate suspected inappropriate use of internet applications, such as email and instant messaging
• monitor and analyse network traffic, including wireless networks, mobile phone traffic and faxes
• practise cryptanalysis
• prepare and audit security policies and their implementation
• perform and evaluate a forensic examination of digital media
• evaluate the fitness for purpose of forensic tools

Excellent resources

A key strength of the course at Portsmouth is the close association between the School of Computing and the Institute of Criminal Justice Studies. This gives the courses a rounded approach to the subject, which places technical aspects of forensic investigation into a broader criminal justice context.

Our course has excellent resources that will enable you to develop the necessary skills in digital forensics. These include:

• a dedicated computer lab, with specialist hardware and software
• visiting speakers with practical experience in the industry
• staff trained in specialist software and investigation techniques by commercial organisations such as 7Safe Security and Access Data.

Members of the course team are also working with the British Computer Society in the formation of the Cybercrime Forensics Specialist Group.

Desirable attributes

Applicants will need to have an awareness of the nature of digital information processing machinery. Other desirable attributes include:

• hands-on experience of computer systems
• knowledge of IT systems, especially familiarity with PCs, networks, operating systems and systems security configuration
• awareness of security issues at various levels of system implementation

Course content

The full-time programme runs from October to September, consisting of a taught programme from October to June and a project which you will undertake in the summer period from June to September. The part-time programme runs over three years.

The course is made up of units to a total of 180 Credit Accumulation and Transfer (CATS) points. The taught element consists of 120 credits taught in units rated in multiples of 15 credits. The project unit is rated at 60 credits.

You will complete three compulsory taught units, and one optional unit from a menu of two units:

Computer Forensic Investigation and Cryptography: This unit covers the practical aspects of conducting a forensic investigation of digital evidence. In order for the students to develop a critical understanding of computer forensics, a holistic approach of the forensics investigation process is adopted, with a full investigation ‘life cycle’ from seizure of evidence through to giving evidence in court as an expert witness. We look at a range of tools, operating systems and devices. This unit also includes the main aspects of cryptography and steganalysis, that are relevant for the discovery and recovery of hidden information.

Computer Security (F/T only): The unit provides an introduction to computer security concepts and their practical application, in both closed and interconnected networks. Students are expected to both understand and be able to critically evaluate different approaches to securing complex computer systems.

Cybercrime Security and Risk Management (F/T only): This unit provides opportunities for participants to develop skills and knowledge in the understanding of corporate cyber threats. Drawing upon a range of practical examples, student will examine how rapid technological development and expansion in access to the internet has impacted upon crime (e.g. how anonymity and unfounded trust encourage deception), mapping out the terrain of information technology, and identifying the emerging areas of cyber crime. Areas explored will include the crossing of established boundaries into spaces over which control has already been established such as cyber-intrusion and cyber-theft, but also 'new cyber crimes' in the form of virtual trespass, Denial of Service attacks, and the development of opportunities for offending in the context of social networking websites. The final section of the unit will examine how education and organisational responses can prevent victimisation and mitigate IT risk.

Systems, Security and Data Analysis (option): The first part of the unit provides an overview of computer organisation, operating systems and network design, with a strong focus on security considerations and aspects relevant to computer and digital forensics. The early part of the unit will provide an introduction to relevant issues in system architecture and file system organisation. Threats to computer systems will be considered. The first half of the unit is concluded with studying in some depth current technologies for securing real computer networks. The second part of the unit deals with the important topic of data analytics. Many organisations are now rapidly accumulating large volumes of data that defy traditional methods of data analysis, and yet often have important relationships concealed within them. The emerging field of data mining combines techniques of machine learning, expert systems, databases and statistics to create a new generation of intelligent and automated tools, which are already being applied in many areas of business, science and government.

Advanced Programming Skills for the Web (F/T only) (option): This unit draws together a number of system development skills, focusing on how they can be applied to the development specifically of web applications. Topics covered include web programming, connecting databases to web applications, software tools, testing and security.

Master's Project (F/T only): You will undertake EITHER an engineering unit or a study project, during the summer period.

The project offers students the opportunity to apply the taught material in the solution of a real-world problem directly related to their course. The engineering project usually involves building a piece of software to solve a problem. An example of the sort of thing you might do would be building a tool to address a specific forensics requirement. The study project usually involves undertaking a study of an IT domain relevant to forensics. An example of the sort of thing you might do for a study project would be an evaluation of an anti-forensics technique, to understand the traces its use may leave on digital devices. To prepare for this, during the first part of the course, the project includes a number of preparatory sessions, which contribute to part of your final mark. This part of the project enables students to acquire essential skills in research methods and communication, and to consider the professional issues related to their work.

Teaching and assessment

You will be taught through a combination of practical exercises, simulations, lectures, guest lectures and formative assessments, and will be expected to use a wide range of on and offline learning tools.

Assessment varies depending on the content and nature of the unit. It will almost certainly include coursework, supervised work sessions (day-long assessments, generally comprising both a group element and an individual section), learning journals, examinations and at least one presentation.

Career prospects

Graduates with a Master's in Forensic IT will be equipped to seek employment in the following areas:

• IT auditing
• information security
• independent investigation
• Computer Emergency Response Teams (CERT)
• law enforcement agencies

Our graduates have gone on to work in high-tech crime units, commercial investigation, national security bodies and to further research study at PhD level.

Facilities and features

Our facilities include:

• a dedicated lab
• a range of target systems to investigate
• specialist software and hardware
• staff experienced in the use of a wide range of specialist software
• external speakers with a broad range of industrial experience

The University Library is at the centre of academic life and is only a short walk away. Open from 8am until midnight every day during term-time, it provides a variety of information to help with study and research. It has also invested heavily in the purchase of electronic resources. There are thousands of electronic journals and ebooks, which can be accessed across campus and from home, or wherever there is an internet connection.

Entry requirements

The entry requirements for MSc Forensic Information Technology are shown above, for more detailed information please contact:

Department: The School of Computing
Tel: +44 (0)23 9284 2555
Email: technology.admissions@port.ac.uk