University of Malta

Study-Unit Description
UOM Main Page
Apply - Admissions 2016
Campus Map button


TITLE Digital Forensics

LEVEL 03 - Years 2, 3, 4 in Modular Undergraduate Course


DEPARTMENT Computer Information Systems

DESCRIPTION Digital forensics is the science of identifying evidence from digital sources and which provides the forensic experts with robust tools and techniques to solve complicated digital-related crimes (Carrier, B, 2002).

The study-unit content includes:
- Covering of basic principles and characteristics of Digital Forensic investigations;
- Coverage of uses of Digital Forensics in different areas (e.g. criminal, and civil);
- Expected level of scientific method required in an investigation;
- Revise key technical areas (e.g. file systems, persistent devices, transient storage, emails, web-site);
- Evidence collection methods (e.g. cloning, hashing, revive a device, file curving);
- Setting up labs and configuring tools for an investigation;
- "Antiforensics" - (e.g. hiding data, password extraction, data destruction);
- Reporting requirements and structure.

Also throughout the study-unit common technologies (e.g. operating systems, logs, DBMS) are studied in terms of data collection and what type of investigations are run.

Furthermore a number of tools are becoming available for an investigator to run routine and exploratory analysis of an incident.

Study-unit Aims:

The basic aims of this study-unit is to explain to candidates the importance and requirements of digital data preservation and presentation during an investigation of unlawful or unacceptable events. A consequent aim is to make the candidate aware that his presentation of results are at the requested level of validity and with controlled contamination.

To supplement the basic aim of the study-unit one needs to present both solid principles but also indicate tools, practices, and case studies that are typical in the Digital Forensics industry.

Learning Outcomes:

1. Knowledge & Understanding:

By the end of the study-unit the student will be able to:
- Understand an investigation requirements (in terms of scope, timing and resources required);
- Formulate a plan for digital evidence acquisition, consolidation and authentication;
- Analyse and interpret the data collected;
- Present data and results to team (e.g. internal) and external users (e.g. law courts).

2. Skills:

By the end of the study-unit the student will be able to know a number of techniques for data collection during evidence gathering. These include:
- Discover data of interest (e.g. ad hoc, systematic);
- Attempt recovery of deleted, disordered (i.e. find the true sequence of events), encrypted, backed up and damaged data;
- Undertake "live" extraction of data;
- Detecting events which are out of normality.
- Use digital forensics software tools, for example:
    - ftk;
    - enCase.

Main Text/s and any supplementary readings:

- B. Nelson, A. Phillips, and C. Steuart, Guide to Computer Forensics and Investigations, 4th ed. Boston, USA: Cengage Technology, 2010.
- E. Casey, Digital evidence and computer crime: forensic science, computers, and the Internet: Academic Press, 2011.
- D. L. Watson, A. Jones, Digital Forensics Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements, Syngress, 2013.
- Digital Investigation: The International Journal of Digital Forensics & Incident Response.
- Application program's manuals and user guides as per necessity and usage.

STUDY-UNIT TYPE Lecture, Independent Study & Practicum

Assessment Component/s Resit Availability Weighting
Artefact Yes 20%
Examination (3 Hours) Yes 80%

Joseph Vella

The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints.
Units not attracting a sufficient number of registrations may be withdrawn without notice.
It should be noted that all the information in the study-unit description above applies to the academic year 2017/8, if study-unit is available during this academic year, and may be subject to change in subsequent years.
Study-unit Registration Forms 2017/8


For Undergraduate (Day) and Postgraduate students.


Academic Advisors 2017/8


Academic Advisors for ICT 1st year students (Intake 2017/8), NOW available

Faculty of ICT Timetables


ICT Timetables are available from Here.

Health and Safety Regulations for Labs Form

The Faculty of ICT Health and Safety Regulations for Laboratories form can be found here



Log In back to UoM Homepage