Course overview

Forensic information technology (FIT) is the scientific use or application of information technology (IT) in the generation and presentation of digital evidence to be used in courts, legal or other formal proceedings. The term formal proceedings also relates to the use of IT in internal corporate procedures that might later become the subject of formal legal proceedings; for example, downloading pornography onto a company computer or providing information that might lead to insider trading offences.

FIT (sometimes known as digital forensics or computer forensics) has been growing rapidly for a number of years and as information technology becomes as important a tool for illegal activities as for legal business, we see no sign of that growth slowing. Many police investigations or civil disputes involve investigation of computer systems, mobile phones or other information devices, and there are an increasing number of UK companies that undertake investigations as consultants, as well as opportunities in law enforcement and other services.

Our course is designed for those wanting to follow a career in forensic computing, investigation or those who wish to develop their understanding and application of security issues and cybercrime. It will also appeal to professionals in related areas such as law enforcement, system administration, corporate security, information security and IS auditing.

Skills learned on the programme will help prepare you to:

• present computer or IT evidence in judicial or administrative hearings
• investigate fraud and deception
• investigate unauthorised access to computer systems, hacking etc
• identify intruders' trails and scientifically, using IT means, gather evidence to prosecute
• recover and acquire data which may have been hidden or deleted
• investigate suspected inappropriate use of internet applications, such as email and instant messaging
• monitor and analyse network traffic, including wireless networks, mobile phone traffic and faxes
• practise cryptanalysis
• prepare and audit security policies and their implementation
• perform and evaluate a forensic examination of digital media
• evaluate the fitness for purpose of forensic tools

Excellent resources

A key strength of the course at Portsmouth is the close association between the School of Computing and the Institute of Criminal Justice Studies. This gives the courses a rounded approach to the subject, which places technical aspects of forensic investigation into a broader criminal justice context.

Our course has excellent resources that will enable you to develop the necessary skills in digital forensics. These include:

• a dedicated computer lab, with specialist hardware and software
• visiting speakers with practical experience in the industry
• staff trained in specialist software and investigation techniques by commercial organisations such as 7Safe Security and Access Data.

Members of the course team are also working with the British Computer Society in the formation of the Cybercrime Forensics Specialist Group.

Desirable attributes

Applicants will need to have an awareness of the nature of digital information processing machinery. Other desirable attributes include:

• hands-on experience of computer systems
• knowledge of IT systems, especially familiarity with PCs, networks, operating systems and systems security configuration
• awareness of security issues at various levels of system implementation

Course content

The full-time programme runs from October to September, consisting of a taught programme from October to June and a project which you will undertake in the summer period from June to September. The part-time programme runs over three years.

The course is made up of units to a total of 180 Credit Accumulation and Transfer (CATS) points. The taught element consists of 120 credits taught in units rated in multiples of 15 credits. The project unit is rated at 60 credits.

You will complete six compulsory taught units:

• Digital Forensics: covering the practical aspects of conducting a forensic investigation, you will develop a critical understanding of computer forensics and a holistic approach to the forensics investigation process. You will acquire the core skills for forensic investigation using current widely used tools and also gain an understanding of their internal workings. You will investigate a range of simulated 'cases' on different types of computer and information system.
• Security Risk Management: this unit will introduce different risk management strategies and evaluate the different methods used to combat security risks. Some of the strengths and weaknesses in the current infrastructure at both a national, local and organisational level will be explored. It will also provide opportunities for you to develop a strategy to combat security risks and consider how to breach security.
• Cybercrime and Cyber Governance: covering the different forms of cybercrime and how states deal with them, this unit draws on a range of practical examples. Areas explored will include the crossing of established boundaries into spaces over which control has already been established such as cyber-intrusion and cyber-theft, but also 'new cybercrimes' in the form of virtual trespass, denial of service attacks and the development of opportunities for offending in the context of social networking websites.
• Cryptography: this unit covers the main aspects of cryptography and cryptanalysis. Cryptography aims to offer protection in a communication environment where there are adversaries present. Cryptanalysis encompasses all tools applied by the adversaries for waiving the protection offered by cryptography. Due to the nature of the course, you will assume the adversary role and will be taught how to apply cryptanalytic techniques, as part of the digital evidence extraction activity.
• Security and Systems Architecture for Forensics: this unit provides an overview of computer organisation, operating systems and network design, with a strong focus on security considerations and aspects relevant to computer and digital forensics. The early part of the unit will introduce you to relevant issues in system architecture and file system organisation. Threats to computer systems will be considered. During the latter part of the unit you will study in some depth current technologies for securing real computer networks.
• Professional Skills for Computing: this is a general professional and ethic skills unit, which you will study with other students on computing postgraduate courses. It addresses professional ethics and focuses on research reporting skills.

You will also be able to choose two from the following optional units:

• Data Mining: retrieving data from massive data stores using intelligent tools.
• Offender Profiling: the theory and practice of offender profiling.
• White-collar Crime: examines the range of white-collar crime and approaches to its control.

During the final part of your course, you will undertake a major project:

• The Project: this might be an engineering project, involving building and testing a system in the forensics domain or a study project, involving constructing and executing a piece of formal research. You will need to write a report for both types of project. You will be assigned a supervisor, who you will see regularly and who will guide you in the process of completing your selected project.

Teaching and assessment

You will be taught through a combination of practical exercises, simulations, lectures, guest lectures and formative assessments, and will be expected to use a wide range of on and offline learning tools.

Assessment varies depending on the content and nature of the unit. It will almost certainly include coursework, supervised work sessions (day-long assessments, generally comprising both a group element and an individual section), learning journals, examinations and at least one presentation.

Career prospects

Graduates with a Master's in Forensic IT will be equipped to seek employment in the following areas:

• IT auditing
• information security
• independent investigation
• Computer Emergency Response Teams (CERT)
• law enforcement agencies

It will also enable you to work towards obtaining relevant professional qualifications such as:

• Membership of the British Computer Society, Cybercrime Forensics Specialist Group
• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• GIAG Certified Forensic Analyst (GCFA)

Our graduates have gone on to work in high-tech crime units, commercial investigation, national security bodies and to further research study at PhD level.

Facilities and features

Our facilities include:

• a dedicated lab
• a range of target systems to investigate
• specialist software and hardware
• staff experienced in the use of a wide range of specialist software
• external speakers with a broad range of industrial experience

The University Library is at the centre of academic life and is only a short walk away. Open from 8am until midnight every day during term-time, it provides a variety of information to help with study and research. It has also invested heavily in the purchase of electronic resources. There are thousands of electronic journals and ebooks, which can be accessed across campus and from home, or wherever there is an internet connection.

Entry requirements

The entry requirements for MSc Forensic Information Technology are shown above, for more detailed information please contact:

Department: School of Computing
Tel: +44 (0)23 9284 2555
Email: technology.admissions@port.ac.uk

2013 Entry requirements

A second-class honours degree in a relevant subject, including computer sciences, legal or social sciences, or equivalent professional experience and/or qualifications.

2013 English language requirements

English language proficiency at a minimum of IELTS band 6.5 or equivalent.