D2-1.1 State of the art report on EU FC programmes v2.0 · FORC D2-1.1 State of the art report on...

Project reference Number 574063-EPP-1-2016-1-IT-EPPKA2-CBHE-JP Grant Agreement 2016 – 2556 / 001 – 001

Deliverable Title D2-1.1 State of the art report on EU FC programmes

Deliverable Lead: Middlesex University Related Work package: WP2 Author(s): Georgios Dafoulas, David Neilson, Sukhvinder Hara –

Middlesex University Dissemination level: International Due submission date: 15/09/2017 Actual submission: Version V 0.1 Project Number 574063 Instrument: Specific Support Action (SSA) Start date of Project: 15/10/2016 Duration: 36 months

Abstract

This document reports on the state of the art report on EU FC pro-grammes.

FORC is funded by the European Commission.

FORC D2-1.1 State of the art report on EU FC programmes

574063 FORC Page 1

Versioning and Contribution History

Version Date Modification reason Modified by V 0.1 01/03/2017 Creation of document MU V 0.2 01/07/2017 Analysis of UK programmes MU


574063 FORC Page 2

Table of Contents 1. EXECUTIVE SUMMARY ............................................................................................... 32. INTRODUCTION ............................................................................................................. 33. PROCESS .......................................................................................................................... 34. LITERATURE REVIEW ................................................................................................. 35. UK PROVISION ............................................................................................................... 66. US PROVISION ................................................................................................................ 77. EU PROVISION ................................................................................................................ 88. PROGRAMME STRUCTURE ...................................................................................... 109. MODULES TAUGHT .................................................................................................... 1110. LEARNING OUTCOMES ........................................................................................... 1511. SOFTWARE USED ...................................................................................................... 1712. FACILITIES .................................................................................................................. 1913. ACCREDITATION/CERTIFICATION ..................................................................... 1914. ADMISSIONS ............................................................................................................... 1915. TEACHING STAFF ..................................................................................................... 2016. CONCLUSIONS ........................................................................................................... 2017. REFERENCES .............................................................................................................. 20APPENDICES ..................................................................................................................... 22

APPENDIX A: UK FORENSIC COMPUTING PROGRAMME CONTENT (MODULES) ........................... 22


574063 FORC Page 3

1. Executive Summary

FORC aims to address the challenges in information society development concerned Cyber Se-curity and privacy in a world oriented towards e-technologies. The project meets the regional needs by responding to the current and emerging cyber security threats by educating the IT and Legal professionals in area of e-crime, thus supporting development of e-based economics, life and society in partner countries. The second work package of the project (WP-2) aims to ‘Estab-lish a forensic computing pathway’ and the first task for this work package aims at ‘Defining Pathway Objectives, Learning Outcomes, and career perspective’. This report provides a ‘State of the art report on EU FC programmes’.

2. Introduction The aim of this report is to reflect in state of the art of current best practice in the field of Com-puter Forensics, mainly at an undergraduate level. The report will provide the basis for discus-sion on the design of the programme curriculum under the FORC project. Emphasis is given on programme structure, syllabus, learning outcomes, infrastructure and tools.

3. Process The report is based on the analysis of work carried out during the first few months of the project. The work focused on identifying programmes of study in the field of Computer Forensics in UK, US and EU and review the state of affairs in curriculum design and development in the field. The following steps were followed:

• A literature review of curriculum design and development practices.

• An investigation in Forensic Computing programmes in UK, EU and US.

• An analysis of the programme structure for Forensic Computing programmes.

• An analysis of modules taught in undergraduate programmes.

• A discussion on learning outcomes at programme and module level.

• A review of state of the art tools and techniques used in such programmes.

4. Literature review A brief literature review is provided early on in this report in order to assist partner institutions to become aware of the main issues in designing, delivering and supporting undergraduate pro-grammes in Computer Forensics. Anderson et al (2006) provide a brief comparison between the British and German models of programme structure with emphasis on teaching forensics at Uni-versity level. The BSc (Honours) Computer Forensics at Northumbria University is presented, demonstrating the combination of a range of modules with 10 and 20 UK credits (equivalent to 5 and 10 ECTS) in order to provide a combination of generic and specialised topics. Emphasis is given on project modules at level 6 (third year that is the final year of the programme) and a pos-sible placement at the end of the second year (level 5). The German case is based on the IT secu-rity curriculum at RWTH Aachen University, demonstrating how the specialised topics range in the number of credit points (from 6 to 20) with a variety of teaching methods including lectures, seminars and practical courses. The authors conclude that the British curriculum design approach appears to be the more mature of the two. This has affected this investigation as it focused more on UK provision of Computer Forensics programmes.


574063 FORC Page 4

Bashir and Campbell (2015) correctly identify that “digital forensics education curriculum needs to be developed by taking into consideration the need for students to be aware of the multiplicity of field specializations”. In their efforts to design a Computer Forensics curriculum for a US in-stitution they identified as major challenges providing students “with the greatest depth of knowledge of a particular aspect of a field that encompasses a wide range of technical topics” and given the need for including multiple modules to cover specific topics, “presenting a cohe-sive narrative for an introductory digital forensics course”. According to Conklin et al (2014) a shift to Knowledge Unit (KU) based cyber security education is beginning. In their paper they il-lustrate the relationship of training to education identifying two-year associates degrees prepar-ing technicians, network operators and system administrators, four-year bachelors degrees pro-ducing analysts and engineers, and masters degrees focusing on risk management and manage-ment specialists. They have identified the core KUs for two year degrees as follows (i) Basic Da-ta Analysis, (ii) Basic Scripting or Introductory Programming, (iii) Cyber Defense, (iv) Cyber Threats, (v) IA Fundamentals / Security First Principles, (vi) Intro to Cryptography, (vii) Intro-duction to Digital Logic, (viii) IT Systems Components, (ix) Networking Concepts, (x) Policy, Legal, Ethics, and Compliance, (xi) System Administration. Furthermore the core Knowledge Units for four Year degrees include (i) Database Management Systems (ii) Human Machine In-terface, (iii) Network Defense, (iv) Networking Technology and Protocols, (v) Operating Sys-tems Concepts, (vi) Probability and Statistics, (vii) Programming.

Cooper et al (2010) provide a series of illustrations that help visualising the relationship between digital forensics and other computing principles. They mention the ACM/IEEE Joint Task Force for Computing Curricula in their effort to map the domain. They conclude with a number of are-as where greater emphasis is needed for digital forensics as follows: (i) networking, (ii) infor-mation security, (iii) systems administration, (iv) electronics, (v) mathematics and statistics, (vi) ethics, (vii) criminology, (viii) forensics science and (ix) law and legal issues. As early as 2001, the DFRWS report (2001) identified a number of areas “ as valid candidates for applicable spe-cialization” in digital forensic science, including Data Mining, Languages/Linguistics, Logic, Statistics and Probability, Signal Processing, Image Analysis, Encryption, Evidence Preserva-tion, Network Engineering. According to Gorgone et al (2006) the suggested courses necessary for a career path in Computer Forensics should include Criminal Law (or Criminal Justice), In-formation Assurance & Security, Computer Forensics and Network Forensics.

Gottschalk and Liu (2005) in their preliminary survey of computer forensics programs in North America identified a number of factors for consideration before starting a program in Computer Forensics including curriculum design, existing, programs, faculty, students, facilities, and budg-et. They suggest “dedicated computer labs are essential for the study of computer forensics. Be-cause investigations may involved unbroken systems, corrupted systems, or physically damaged systems, computer labs must provide access to multiple computers as well as expensive equip-ment for recovering data from physically damaged or otherwise corrupted systems”. According to Hawthorne and Shumba (2014), who discussed their experiences with a “virtual lab for teach-ing digital forensics and cyber investigation online as well as feedback from distance education students enrolled in the master‘s degree program”, lab exercises “ appear to be a very effective method for teaching digital forensics”. Interestingly enough their students reported that the commercial digital forensic toolkit Encase from Guidance Software “is a very powerful with too many features, making it less user friendly”. The authors also investigated five open source toolkits and three remote virtual labs.

Similarly, Lang et al (2014) share their experiences with the development of an undergraduate programme in digital forensics, by identifying a number of key challenges, including:


574063 FORC Page 5

• Balancing training and education, this is why the proposed FORC programme considers practical sessions in the programme modules.

• Lack of an adequate textbook on digital forensics, this is why the FORC programme sug-gests the development of textbooks for each of the eight proposed modules.

• Finding qualified faculty, this is why the FORC project provides certain training visits for partner institution staff.

• Lab setup, this is why the FORC project will include on site visits for setting up appropri-ate infrastructure.

• Selecting appropriate prerequisites, this is why the current report investigates also admis-sion criteria to the programme.

• Lack of widely accepted curriculum standards, this is why the investigation on UK, EU and US programmes has taken place.

Liu (2006) provides yet another perspective on how a Computer Forensics programme should be structured. The proposed classification of topics includes four key areas, namely (i) operating systems and networks, (ii) computer security, (iii) procedures, standards and techniques and (iv) analysis and presentations. It is therefore proposed that four major areas of a Computer Forensics programme should consist of four major areas including (i) Computer Science and Foundations, (ii) Procedures, Methods and Practice, (iii) Legal System and Law, and (iv) Computer Forensics. Nickson and Venter (2014) provide an interesting perspective in the field as tin their paper they present “a novel contribution in the digital forensics domain by means of a guiding ontological model that indicates the placement of the different digital forensic disciplines and sub-disciplines within the domain. The ontology also allows for the addition of new digital forensic disciplines and sub-disciplines, including potential modifications in any one of the aforementioned catego-ries”. Sabeil et al (2011) analyse the Cyber Forensics training programmes in terms of Compe-tency-Based Framework, proving that “Cyber Forensics training or education has improper Competency-Based Framework”.

According to Rowe et al (2011) there is a shortage of “approximately 20,000-30,000 qualified cyber-security specialists in the US Public Sector alone despite being one of the best financially compensated technology-related domains”. They have suggested a framework for reviewing IT provision so cyber-security becomes part of an institution’s provision by encouraging IT pro-grammes to:

• Verify that they include a pervasive up-to-date security element throughout their curricu-lum.

• Familiarise students with the terminology of cyber security. • Evaluate their current advanced content in cyber security related topics and where possi-

ble, teach such content in a cyber-security context. • Where possible, introduce an advanced cyber-security emphasis based on the Prepare,

Defend, Act model.

The FORC project attempts to address these issues by introducing the Computer Forensics path-way in IT programme of partner institutions. Srinivasan (2013) shares a sample undergraduate curriculum, resources needed to develop an inexpensive digital forensics lab, and steps to inte-grate this course in the Information Security curriculum, an approach that is suitable for the scope of the FORC project. Tu et al (2012) claim “there is evidence to suggest that students can benefit professionally from information assurance skills and knowledge when undertaking net-work forensics incidents”. The authors also recommend integrating “a large portion of the busi-ness management and business information systems component into the digital forensics pro-gram design, since fraud and other whitecollar crimes are significant threats to businesses”.


574063 FORC Page 6

An illustration of the career path for digital forensics practitioners and a list of academic qualifi-cations, professional traits and technical skills are Technical Working Group for Education and Training in Digital Forensics (TWGETDF, 2007). These should be part of the FORC programme documentation and adapted to fit the needs of the local markets.

Woods et al (2011) describe in detail how to use realistic forensic datasets to support digital fo-rensics and security education. In particular they explain the use of a multi-modal corpus consist-ing of “hard drive images, RAM images, network captures, and images from other devices typi-cally found in forensics investigations such as USB drives and cellphones”. They conclude that such scenarios can be used for “multiple purposes at a variety of complexity and difficulty lev-els–in undergraduate classrooms and lab, for training exercises, and to support further research and development of digital forensics tools and techniques.

5. UK Provision The review focused primarily on UK institutions, as it appears nationwide there is a significant body of knowledge leading to the design of Computer Forensics curriculum. So far 31 institu-tions have been identified offering undergraduate programmes in Computer Forensics, with some of them having options for two or three similar programmes. This is primarily due to the exist-ence of specialisations in cyber security.

Appendix A provides a detailed breakdown of the modules taught in each year of the pro-grammes. All programmes but one, lead to BSc qualifications. The list of the 31 institutions and their programmes is as follows:

[1] Anglia Ruskin Cyber Security [2] Bedfordshire Computer Security and Forensics [3] Bournemouth Forensic Computing & Security [4] West of England Forensic Computing and Security [5] Canterbury Christchurch Computer Forensics and Security [6] Cardiff Computer Science with Security and Forensics [7] Central Lancashire Forensic Computing [8] Coventry Forensic Investigation

Ethical Hacking and Cyber security [9] De Montfort Forensic Computing [10] Derby Computer Forensic Investigation

Cyber Security [11] Edge Hill Computing (Networking, Security and Forensics) [12] Edinburgh Napier Computer Security and Forensics [13] Glasgow Caledonian Cyber Security and Networks

Digital Security, Forensics and Ethical Hacking (BEng) [14] Gloucestershire Computer and Cyber Forensics

Cyber and Computer Security [15] Greenwich Computer Security and Forensics [16] Kingston Cyber Security & Computer Forensics with Business [17] Leeds Beckett Computer Forensics

Computer Forensics and Security Computer Security [18] Liverpool John Moores Computer Forensics [19] London Metropolitan Digital Forensics and Cyber Security [20] Manchester Metropolitan Computer Forensic Security BSc [21] Middlesex Computer Forensics BSc [22] Northumbria Computer and Digital Forensics [23] Nottingham Trent Computer Systems (Forensic and Security) [24] Portsmouth Forensic Computing [25] Salford Computer Science with Cyber Security [26] Sheffield Hallam Computer Security with Forensics [27] South Wales, Computer Forensics


574063 FORC Page 7

[28] Staffordshire Forensic Computing [29] Sunderland Computer Forensics [30] Teesside Computer and Digital Forensics with Professional Experience [31] West London Cyber Security

Although the focus of the analysis was undergraduate provision, a review of the postgraduate programmes was also carried out at national level. The scope was to identify whether there is an alignment between undergraduate and postgraduate programmes in terms of university providers covering both levels of study and the curriculum covered. The list below is not exhaustive but indicative as it includes the vast majority of programmes in the UK. It appears that key institu-tions have invested in introducing specialised programmes at level 7 (post graduate) with empha-sis on security issues. All programmes lead to MSc awards. Postgraduate programme list as fol-lows:

[1] Bedfordshire Computer Security and Forensics Computer Security and Forensics (7Safe Cambridge)

[2] Bradford Forensic Computing [3] Coventry Forensic Computing [4] Cranfield Forensic Computing [5] De Montford Forensic Computing [6] Derby Forensic Computing and Security [7] East London Information Security and Computer Forensics [8] Glamorgan Computer Forensics [9] Glasgow Computer Forensics and E-Discovery [10] Greenwich Computer Forensics and Systems Security [11] Kings College London Computing and Security [12] Middlesex University Electronic Security and Digital Forensics [13] Queen Mary College Computer and Communications Law [14] Portsmouth Forensic Information Technology [15] Royal Holloway Information Security

Information Crime Smart Cards and RFID Security Systems Mathematics of Cryptography and Communication

[16] Strathclyde Forensic Informatics [17] Teesside Crime Scene & Forensic Science

Digital Forensics [18] Westminster Computer Forensics

6. US provision The US education system is based on a selection of major and minor for each programme. A re-view of available programmes in the field has identified a number of institutions that have simi-lar provisions. It appears that most programmes are based on an IT core with highly specialised modules in later years. Some representative programmes examined are listed below with key modules of the curriculum:

[1] Bloomsburg University of Pennsylvania Programme: Digital Forensics Modules: Python / Database Design / File Systems / Secure System Design and Admin / Intro to Computer Networks / Security Fundamentals / Forensic Analysis in Windows Environment / Small Devices / Unix and Linux for DF / Enterprise Network Investigations / Penetration Testing / Advanced Topics in DF / Malware Forensics

[2] Del Mar College Programme: Computer Information Systems – Information Systems Specialization – Digital Media Forensics Associate Emphasis


574063 FORC Page 8

Modules: Introduction to PC Operating Systems / Computer Programming / Fundamentals of Networking Technologies / Introduction to Digital Forensics / Fundamentals of Digital Data Storage / Digital Forensics Collection / Digital Forensics Tools / Digital Forensics Analysis

[3] Metropolitan State University Programme: Computer Forensics Modules: Digital Evidence Analysis / Computer Forensics Internship/Capstone / Computer Security / Under-standing and Using the Internet / Programming Fundamentals / Violent Crime Investigation / Crime Analysis / Criminal Procedure and Investigations / Introduction to Electronic Discovery / Computer Laws / Voice and Data Communications / Law and the Legal Process

[4] University of Michigan Dearborn Programme: Digital Forensics Modules: Digital Forensics / Introduction to Computer and Network Security / Multimedia Forensics / Digital Content Protection

[5] Solano Community College Programme: Criminal Justice – Computer Forensics Modules: Criminal Investigation / Legal Aspects of Evidence / Computer Hardware Technology / Computer Operating Systems Technology / Computer Network and Technology / Computer Security and Technology / Computer Forensics Evidence Recovery / Computer Forensics Investigations / Computer Forensics Operating Systems Internals

[6] University of Central Oklahoma Programme: Forensic Science – Digital Forensics Modules: Intro to Forensic Science / Digital Evidence / Crime Scene Processing / Criminal Procedure for Fo-rensic Science / Forensic Science Analysis / Digital Forensics / Digital Forensics Tools and Analysis / Mobile Device Forensics / IT Security and Risk Management / Cyber Crime / Practicum in Forensic Science (3 hours) OR Internship in Forensic Science

[7] University of Northwestern Ohio Programme: Information Technology – Digital Forensics Modules: Criminal Law for Non-Legal Majors / Introduction to Digital Forensics / White-Collar Crime / Anal-ysis of Digital Media / Intrusion Detection and Prevention / Cybercrime / Advanced Digital Forensics / Digital Forensics and Incident Response / Mobile Device Forensics / Search and Seizure of Digital Evidence / Ad-vanced Topics in Digital Forensics / Network Forensics / Digital Forensics Capstone / Ethics in Information Technology

[8] Utah Valley University Programme: Information Technology – Computer Forensics and Security Emphasis Modules: Criminal Investigations / Introduction to Forensic Science / Criminalistics / Expert Witness Profes-sional Practices / Computer Forensic Fundamentals / Advanced System Administration--Linux/UNIX

7. EU provision There are far fewer programmes across the EU in the field of Computer Forensics. Subsequent versions of this report will provide a detailed analysis of the EU programmes. One major obsta-cle is the lack of English documentation, making it difficult to acquire a full representation of each programme’s curriculum. The preliminary investigation has included the following instru-ments.

Initially a filter on cyber security programmes in EU from http://www.bachelorstudies.com pro-duced the following results:

[1] South Ural State University (Chelyabinsk, Russia) Programme: Baccalaureate - A Fundamental Computer Science And Information Technology

[2] Oulu University of Applied Sciences (OAMK) (Oulu, Finland) Programme: Bachelor of Engineering in Information Technology (BEng)

[3] Harbour.Space (Barcelona, Spain) Programme: Bachelor in Cyber Security

[4] Metropolia University of Applied Sciences (Helsinki, Finland) Programme: Bachelor of Engineering in Information Technology

[5] University for Information Science and Technology (Ohrid, FYROM) Programme: Bachelor of Engineering in Information Science and Technology in the field of Communication

Networks and Security


574063 FORC Page 9

[6] Northern (Arctic) Federal University (Arkhangelsk, Russia) Programme: Bachelor - Information Security

A second filter using Forensic Focus Computer Forensic education in Europe https://www.forensicfocus.com produced the following results:

[7] University of Erlangen, University of Munich, University of Applied Sciences Albstadt-Sigmaringen (joint program) (Germany) Programme: Digitale Forensik (Master)/Masters in Digital Forensics

[8] Blanchardstown Institute of Technology (Ireland) Programme: Bachelor of Science (Honours) in Computing in Digital Forensics and Cyber Security Programme: Master of Science in Computing in Applied Cyber Security (Information Security & Digital Fo-rensics stream)

[9] University College Dublin (Ireland) Programme: Forensic Computing and Cybercrime Investigation (FCCI) Programme Programme: MSc Digital Investigation and Forensic Computing

[10] Dublin City University (Ireland) Programme: M.Sc. in Security and Forensic Computing

[11] Letterkenny Institute of Technology (Ireland) Programme: Bachelor of Science in Computing with Computer Security and Digital Forensics Programme: Bachelor of Science (Hons.) in Computer Security and Digital Forensics Programme: MSc in Systems and Software Security

[12] Waterford Institute of Technology (Ireland) Programme: BSc (Hons) in Computer Forensics

[13] University of Bologna (Italy) Programme: Forensic Computer Science

[14] University of Milan (Italy) Programme: Computer Forensics

[15] University of Piemonte Orientale (Italy) Programme: Corso di Informatica Forense

[16] Hogeschool Leiden (Netherlands) Programme: Forensisch ICT Programme: Digital Forensics & E-Discovery

[17] Hogeschool van Amsterdam (Netherlands) Programme: Digital Forensic Investigations

[18] Högskolan Dalarna (Sweden) Programme: Digitalbrott och eSäkerhet

[19] Högskolan i Halmstad (Sweden) Programme: IT-forensik och informationssäkerhet

The third and final filter using the European Union Agency for Network and Information Securi-ty https://www.enisa.europa.eu produced the following results:

[20] Vienna University of Technology (Austria) Programme: Internet Security

[21] HOWEST University of Applied Sciences (Belgium) Programme: Computer & Cyber Crime Professional

[22] Ledra College (Cyprus) Programme: BSc Cyber Security

[23] Technical University Brno (Czech Republic) Programme: Information Security

[24] Estonian IT College (Estonia) Programme: Cyber Security Engineering

[25] Tallinn University of Technology at Tartu (Estonia) Programme: Cyber-Physical Systems Engineering

[26] University of Catania (Italy) Programme: Internet Security


574063 FORC Page 10

There are several postgraduate programmes listed in the above repositories that are not relevant for this investigation. Furthermore, the vast majority of available courses seem to be focused on security rather than Computer Forensics.

8. Programme structure Following the analysis of several programmes from the UK, US and EU, it appears that the struc-ture of the FORC programme will require a careful decision to ensure that if offers a challenging programme that is aligned to the current gap in the sector across the region. The programme structure will be decided based on:

• Analysis of current practices and curricula of European academic programs in Forensic computing.

• Analysis of internationally recognized recommendations dealing with the needed levels of knowledge and skills of the emerging areas of Forensic Computing.

• Definition of the pathway mission, objectives, and learning outcomes.

• Determined pathway structure and courses' specification including their content and learning outcomes.

• Inclusion of eight courses in the following themes

o (i) Digital Investigation

o (ii) Issues in Criminal Justice

o (iii) Digital Forensics

o (iv) Ethical Hacking

o (v) Digital Evidence.

The following sections discuss the findings from the analysis of several programmes in relation to modules and topics covered in a typical Computer Forensics curriculum. As the leading FORC partner in Work Package 2, Middlesex University recommends the use of a number of optional modules as a Forensic Computing pathway to existing programmes in partner institutions. The pathway should provide a clear differentiation from the existing programme and should span across the different years (levels) of the existing programme. The programme design should be such so it allows the pathway to be part of a three or four year study.


574063 FORC Page 11

Figure 1: Recommended programme structure

The programme should cover the five themes identified in the FORC project while being harmo-nised to the following programme aims that reflect the disciplines focus:

• Knowledge of the five stages of a Digital Investigation: Seizure; Acquisition; Preservation; Analysis; and Reporting.

• Knowledge and skills relating to a Digital Investigation e.g. handling of evidence and pro-fessional practices.

• Knowledge of professional practices that form the foundations of Computer Forensics.

• Knowledge of the English legal system, legal processes, relevant laws and the regulatory environment related to the handling of digital evidence and forensic investigations.

• Generic knowledge of computer and IT e.g. data storage, operating systems, file systems and Computer Networks.

9. Modules taught Following the analysis of most programmes this section provides the findings for the modules taught. The initial discussion is focused on the Computer Forensics provision of UK universi-ties. Figure 1 shows an overview of the available programmes and in particular whether the pro-grammes are solely focused on computer forensics, the number of modules per year (this varies as institutions have 15, 20 and 30 credit modules), the opportunity for students to select optional modules, the programme accreditation gained, entry requirements (UCAS tariff points), lab facil-ities and the ranking of the institution according to the Times Higher.


574063 FORC Page 12

Figure 2: Programme Design

The analysis presented in these findings covers up to 29 Higher Education providers in the UK, which offer undergraduate programmes for Computer Forensics. Of these, sixteen were found to offer it as a programme focused solely as Computer Forensics (also called Forensic Computing) and the remaining fourteen combined the subject with Security. While they are both interrelated and both deal with criminal activity, it is important to be aware of the differences between the two. Computer security is primarily concerned with the prevention of attacks and protection of devices and systems, whereas Forensics deals with the investigation after an attack has taken place.

Of these institutions, there were variances between structures of the programmes in terms of the number of modules the students were required to learn. Eight of these consisted of four 30-credit modules, fifteen of these had six 20-credit modules, and two of them had eight 15-credit mod-ules. A few of these had a mixed system such as Northumbria and Plymouth. It was not possible to find more details both in terms of number or content for Coventry University.

The programmes covered a wide variety of different topics and used a variety of different titles to describe them. This makes it difficult to provide a full quantitative analysis. To overcome this difficulty the various modules offered have been categorised into generic areas of study, to make comparisons between them easier. A good example of this was those modules that covered com-puter hardware or architectures. It should also be said that some of the defined topics that seemed to be omissions from certain programmes, might well have been covered as part of a different topic area, for example Media and Storage, which may well be covered by other providers in a hardware or architecture module.


574063 FORC Page 13

Figure 3: First year (level 4) modules

Common to almost all of the programmes, was the type of module offered at Level 4. These were often quite generic in nature and sought to provide a general introduction and background to dif-ferent major areas in computing. It is important for students to have a basic understanding of the major components of the computing environment such as computer hardware, networks, pro-gramming and web technologies. Many of these modules had the term “foundations” or “funda-mentals” in the title and allow for students with little previous understanding the ability to learn the subject, before moving onto more specialized topics at levels 5 and 6. Eleven institutions also included a module that gave an introduction to computer forensics within the first year.

While not always covered at Level 4 these type of modules, represented the most common topics across all providers with programming and networking being the most popular (26 institutions), followed by Computer hardware/architecture (24), Professional issues and development (19) and Databases (19). This would suggest that they represent the core topics of knowledge for anyone seeking to become a practitioner in this field.


574063 FORC Page 14

Figure 4: First year (level 4) common topics

The topics that were taught at levels 5 and 6 covered a wide range of subjects and it was possible to see a difference between the two types of programme described in point 1 above. The majority of providers who offered modules in Digital evidence and Legal/Regulatory issues came from those programmes that focused on Computer Forensics. The majority of those who offered mod-ules in Internet security and Penetration Testing came from those programmes, which covered Security alongside Forensics. However, there were many more where it was not possible to see such a clear distinction.

It was surprising to see that only eleven of the providers offered a module that covered legal and regulatory issues given the subjects under consideration. It was highlighted above that the major-ity modules looking at Law were from Computer forensics programmes, only half of these (7 of 14) did. Given that knowledge of the law could help to determine whether certain artefacts or other evidence was relevant it seems to be quite an omission.

Some institutions seem to be unique in offering modules which appear to be highly relevant to the profession but for no apparent reason are the only ones providing the topic e.g. Middlesex - E-Discovery and E-disclosure, Portsmouth – Virtualisation. These both represent relatively new topics in the domain and students of these topics may well be able offer employer’s unique skills, potentially increasing the student’s employability prospects.

Figure 5: Second (level 5) and third (level 6) year modules


574063 FORC Page 15

Computer Forensics is a domain, which has in recent years seen a move towards specialisation, in large part due to the diversification and development of new technologies and threats. This can be seen in a number of different modules that are offered, such as cloud forensics, ethical hack-ing and virtualisation.

While both networking and mobile devices were covered as general topics (see point 4 above), far fewer had these as specialised topics with forensics in the title. They were 12th and 13th most popular topics, but they were only offered as modules in 9 of the institutions. More surprisingly Mobile forensics in particular was offered less in Computer forensics modules than those with a security element.

Figure 6: Third (level 6) year modules

One high-ranking module subject was one that covers professional development and issues. This is important for a field that has been largely driven by practitioner knowledge (Nance et al, 2010), and provides a bridge between academic study and real world experience.

One thing that was consistent throughout all of the programmes was the presence of a final year project, and this is a common component in all computing degrees offered within the UK.

Sixteen of the providers offered a choice of options for some of the module choices, and of these approximately half of them only offered this in the final year. This provides the student with an opportunity to focus and specialise in areas that they are most interested in. This flexibility could be important in attracting more students to attend these institutions, although it should be noted that the institutions that do not might be limited in resources to do so.

10. Learning outcomes Reviewing programme-level learning outcomes of existing programmes was difficult as this in-formation was not publically available from the majority of the providers. Therefore rather than providing a quantitative analysis of programme learning outcomes, the report has compiled a list of most prominent outcomes at programme level as presented by UK, EU and US institutions. Examples were drawn from the following undergraduate programmes: (i) Applied Computer Fo-


574063 FORC Page 16

rensics and Crime Investigation from the University of South Wales, (ii) Cyber Security & Com-puter Forensics from Peninsula College, (iii) Computer Forensics & Digital Investigations from Champlain College, (iv) Computer & Digital Forensics Champlain College and (v) Forensic Computing from Staffordshire University.

Programme Learning Outcomes (examples) • Demonstrating detailed technical knowledge of the advanced techniques associated with evidence collection and

investigative analysis. (i) • Utilising various sources of digital evidence available to the Investigator. (i) • Applying computer forensics best practice principles to a range of technological issues. (i) • Exhibiting a critical understanding of the legal issues relating to IT in international law, and apply the issues to

practical situations. (i) • Manifesting their ability in the following areas: analytic investigations, research, evaluation skills, presentation

skills. (i) • Demonstrating an understanding of the core concepts, tools, and methods used to secure computer systems. (ii) • Identify and present indicators that a cyber security incident has occurred. (ii) • Applying criminal justice methods to cyber security and computer forensic investigations. (ii) • Planning, implementing, and evaluating penetration testing and ethical hacking of computer systems. (ii) • Identifying, analysing, and mitigating threats to internal computer systems. (ii) • Collecting, processing, analysing, and presenting computer forensic evidence. (ii) • Working in teams to analyse and resolve cyber security issues. (ii) • Applying critical thinking skills to risk analysis of computer systems. (ii) • Interpreting and appropriately applying the laws and procedures associated with identifying, acquiring, examining

and presenting digital evidence. (iii) • Creating a method for gathering, assessing and applying new and existing legislation and industry trends specific to

the practice of digital forensics. (iii) • Employing fundamental computer theory in the context of computer forensics practices. (iii) • Adhering to the ethical standards of the profession and apply those standards to all aspects of the study and practice

of digital forensics. (iii) • Using the scientific process, apply the principles of effective digital forensics investigation techniques. (iii) • Identify the culture of white-collar crime and the methods used by white-collar criminals and employ this

knowledge to guide economic crime investigations. (iii) • Evaluating the effectiveness of available digital forensics tools and use them in a way that optimizes the efficiency

and quality of digital forensics investigations. (iii) • Explaining the role of digital forensics in the field of information assurance and cyber security and recognize the

opportunities to benefit from and support the goals of those fields. (iii) • Conducting digital investigations that conform to accepted professional standards and are based on the investigative

process: identification, preservation, examination, analysis and reporting. (iv) • Citing and adhering to the highest professional and ethical standards of conduct, including impartiality and the pro-

tection of personal privacy. (iv) • Identifying and documenting potential security breaches of computer data that suggest violations of legal, ethical,

moral, policy and/or societal standards. (iv) • Applying a solid foundational grounding in computer networks, operating systems, file systems, hardware and mo-

bile devices to digital investigations and to the protection of computer network resources from unauthorized activi-ty. (iv)

• Working collaboratively with clients, management and/or law enforcement to advance digital investigations or pro-tect the security of digital resources. (iv)

• Accessing and critically evaluate relevant technical and legal information and emerging industry trends. (iv) • Communicating effectively the results of a computer, network and/or data forensic analysis verbally, in writing,

and in presentations to both technical and lay audiences. (iv) • Demonstrating an understanding of forensic principles within a computing environment. (v) • Demonstrating the skills to evaluate, apply and implement forensic techniques and technologies. (v) • Demonstrating knowledge and understanding of the principles underpinning relevant current forensic techniques

and technologies, and their evolution. (v) • Demonstrating the ability to develop the skills and gain the experience necessary to become an expert witness. (v) • Demonstrating an understanding of the legal framework within which forensic techniques and technologies are

used. (v) • Demonstrating an understanding of the ethical issues relevant to the use of forensic techniques and technologies.

(v)


574063 FORC Page 17

• Demonstrating awareness of leading edge knowledge within the Forensic Computing field. (v)

It is strongly recommended that the programme learning outcomes are distinguished in the fol-lowing four categories:

• Knowledge and understanding • Cognitive (thinking) skills • Practical skills • Graduate skills

These programme level learning outcomes should be aligned to module-level learning outcomes that would describe in more detail the achievement of a student who successfully completes each module, ideally demonstrating the full experiential learning cycle as described by Kolb’s learn-ing style model. The learning, teaching and assessment strategy of the FORC programme should be in line with Bloom’s taxonomy and make full use of the learning pyramid as suggested by the National Training Laboratories, Bethel, Maine.

Sources: http://nonprofit.davenport.edu/explearning/graphics/kolbmodel-larger.jpg https://tips.uark.edu/wp-content/uploads/2013/09/Blooms_Taxonomy_pyramid_cake-style-use-with-permission.jpg http://www.acpet.edu.au/uploads/files/Learning%20pyramid(1).jpg

11. Software used In terms of Desktop software both Encase (Guidance software), and Forensic Toolkit (FTK by AccessData) are viewed as the industry standards. While a number of providers have listed these in their programme descriptions not all those who use them do. Middlesex University for exam-ple makes use of FTK for the delivery of a couple of modules and yet is not found on their web-site. What does seem to be apparent is that these are the main tools employed by higher educa-tion providers, and should perhaps be viewed as essential in the delivery of a new programme.

That is not to say that there are not open source alternatives. The Sleuthkit (Autopsy – GUI Ver-sion) developed by Brian Carrier (a renowned expert in the field), allows for much of the func-tionality that the commercial applications provide but without the heavy costs involved with such a purchase. Another issue to raise here is that of training in the use of these software packages, and also the support that is provided with them.

The relative merits of each type of software have been assessed in a few papers. For example in Manson et al (2007), the relative merits of Encase, FTK, and The Sleuthkit are compared, finding advantages and disadvantages between them all. The main distinction to be made is that Encase and FTK are commercial applications whereas The Sleuthkit is open source and freely available. Some of the key points of the paper are as follows:


574063 FORC Page 18

a. Both the commercial applications provide manuals and a number of online tutorials. In addition to this they also provide training programs and certifications. Open source tools are not as easy to learn in a short time without previous Linux experi-ence and so instructors would need to develop their own tutorials, and would in a sense need to become the technical support for their use.

b. Training – Encase requires a greater amount of time in training before a user can be effective in using the software, relying on scripts to enable much of its functionality. FTK requires substantially less time and provides a much more intuitive interface. Sleuthkit is suited to those who have a background in Linux, as it works well with other Linux tools

c. Ease of Use – authors conclude that this is dependent upon the user concerned but for our purposes they did say that FTK is the most easy for those users who have basic knowledge of forensic theory and a computing background, and this seems most fitting for potential students of the subject.

d. Scope of use – the authors make a very valid point that these pieces of software should not be used to compete with each other and that the results that they ultimate-ly produce should be the same conclusions. This allows for the results they produce to verify each other.

e. Cost – this is not a point from the paper but the authors of this report. Encase appears to be the most expensive of the packages and although (as mentioned in scope of use) institutions should aim to support parallel use of different applications, this may not be viable based on the available finances of the FORC project for each partner institution. Therefore cost limitations of the FORC project may require partners to focus on one commercial application. Based on the findings in this report that would be FTK (Forensic Toolkit).

There is further literature discussing forensic software (Raghavan and Raghavan, 2013) provid-ing judgments on the usefulness of each option. Any decisions on the use of software for lab in-frastructure will have to take under consideration also the sustainability in terms of licensing and training costs.

The programme information listed on the various university websites allows potential students a method of quickly ascertaining whether the course would be suitable for their study interests. However, it should be stated that the amount of detailed information that is provided varies from one institution to another especially in terms of facilities and learning resources. This is very ap-parent in terms of the software that is mentioned.

Only a few universities mentioned of the software that was used for analysis of mobile devices. In all cases XRY was mentioned as their choice of product. One provider (London Metropolitan University) uses FTK MPE and another (Middlesex – not mentioned on website) uses the soft-ware provided by Cellebrite. These pieces of software provide the functionality and hardware (large array of different cables, sim readers) that enables extraction from a wide range and varie-ty of different mobile devices, and if this area was to be included in a new programme then it would be essential to have one of these packages available. Given the prevalence of their use and that the majority of digital evidence is now garnered from them, then covering mobile devices within a new programme should probably be viewed as non-negotiable.


574063 FORC Page 19

12. Facilities It is understandable that institutions do not provide a full description of the programme details on their websites, as they prefer to demonstrate resources and infrastructure during open day events. Highly specialised programmes, as the ones analysed in this report require the support of well-equipped laboratories and highly trained teaching staff. Subsequent versions of the report will focus on lab facilities and perhaps a more detailed discussion of the software used, following up from the previous section. Some of the most supported programmes have the following:

• Dedicated lab facilities

• Dedicated network infrastructure

• CISCO training and certification

• Forensic crime scene training facilities

Again, the number of providers who listed this information is incomplete, but a number of them did advertise the use of dedicated labs (and in one case a dedicated network). Nottingham Trent made mention of a Forensic crime scene training environment, but this is also used by their other forensic science departments. Others made mention of a more generic setup that would be used by students of other computing subjects. Due the nature of work that is carried out, it would seem most appropriate where possible to have dedicated hardware for the teaching of this subject.

13. Accreditation/Certification An important issue affecting study choices is the existence of programme recognition from pro-fessional bodies and external accreditation. The vast majority of the UK programmes have the recognition of the British Computer Society (BCS), while most security programmes attempt to follow the CCNA syllabus and possibly lead to the alignment of the programme with CCNA cer-tification for their graduates. Other accreditations include the Chartered Society of Forensic Sci-entists (CSOFS), Chartered IT Professional (CITP) from BCS, Chartered Scientist (CSci) from the Science Council, the Institution of Engineering and Technology (IET) and specific XRY and FTK certifications.

14. Admissions Programme admission requirements seem to be an important concern as well. Although there are no specific pre-requisites in terms of modules, most programmes require a good background in Mathematics. Most of the programmes focus on UCAS tariff points with the vast majority requir-ing 112 or 120 UCAS points for entry. The highest entry point requirement has been recorded at 128 and the lowest at 80. Two more patterns of acceptable ranges are 104-120 and 112-120 UCAS points.

As mentioned above, in terms of entry requirements, the number of UCAS points needed range from 80-128 points, although the vast majority site between 112-120. However there appears to be no correlation when a comparison is made with their ranking in the list of UK universities. An institution with a ranking of 121 (Leeds Beckett) has the same requirement as the university that is ranked 52 (Nottingham Trent) in the same list. I think it is fair to say that for the majority of institutions, the requirement of 112 points would be at the upper end of the scale for these uni-versities

It is also of note that there are no universities from within the top 50, which given the importance that the UK government has given to this area (enter reference) is somewhat surprising. It is sur-


574063 FORC Page 20

prising that institutions UCL having in place specialist digital crime centres offering PhD pro-gramme do not offer undergraduate programmes. An appropriate assumption might be that they focus on undergraduate provision that is based on better grounding in Computer Science, then followed by more specialised postgraduate programmes.

15. Teaching staff Finally further analysis is required for teaching staff but it is not possible to provide sufficient findings at this stage, as most universities do not have sufficient information about the individu-als teaching in these programmes. It would be interesting to identify the proportion of staff teach-ing in these programmes with sufficient industrial experience due to the nature of the studies of-fered. Unit 2016-17 the subject area did not have specific regulatory or ISO standards in relation to teaching staff. Recent developments included the introduction of Forensic Science Regulator, which may lead to more detailed staffing records.

16. Conclusions There seems to be a plethora of programmes worldwide that cover the fields of cyber-security and digital forensics. However, there seems to be a niche market outside the UK, as only a few programmes exist in each of the EU countries reviewed. Similarly the US provision is not as ex-tensive allowing scope for more undergraduate programmes. The FORC partners must ensure that the pathway is developed in line with international standards, offering a challenging curricu-lum in a very specialised field.

17. References Anderson, P., Dornseif, M., Freiling, F.C., Holz, T., Irons, A., Laing, C., & Mink, M. 2006. A Comparative Study of Teaching Forensics at a University Degree Level. IMF, 116-127.

Bashir, M., & Campbell, R. (2015). Developing a Standardized and Multidisciplinary Curricu-lum for Digital Forensics Education.

Conklin, W.A., Cline, R.E., & Roosa, T. 2014. Re-engineering Cybersecurity Education in the US: An Analysis of the Critical Factors. HICSS.

Cooper, P., Finley, G.T., & Kaskenpalo, P. 2010. Towards standards in digital forensics educa-tion. ITiCSE-WGR '10.

DFRWS. 2001. A Road Map for Digital Forensic Research: Collective work of all DFRWS at-tendees, Proceedings of, The Digital Forensic Research Conference DFRWS 2001 USA, Utica, NY (Aug 7th - 8th).

Gorgone, J.T., Gray, P., Stohr, E.A., Valacich, J.S., & Wigand, R.T. 2006. MSIS 2006: Model Curriculum and Guidelines for Graduate Degree Programs in Information Systems. SIGCSE Bulletin, 38, 121-196.

Dathan, B., Fitzgerald, S., Gottschalk, L., Liu, J., & Stein, M. 2005. Computer forensics pro-grams in higher education: a preliminary study. SIGCSE.

Hawthorne, E.K., Shumba, R.K. 2014. Teaching Digital Forensics and Cyber Investigations Online: Our Experiences. European Scientific Journal September 2014 /SPECIAL/ edition Vol.2 ISSN: 1857 – 7881.

Bashir, M., Campbell, R., DeStefano, L., & Lang, A. 2014. Developing a new digital forensics curriculum. Digital Investigation, 11, S76-S84.


574063 FORC Page 21

Liu, J. 2016. Developing an Innovative Baccalaureate Program in Computer Forensics. 36th ASEE/IEEE Frontiers in Education Conference S1H-1.

Manson, D., Carlin, A., Ramos, S., Gyger, A., Kaufman, M. and Treichelt, J., 2007, January. Is the open way a better way? Digital forensics using open source tools. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on (pp. 266b-266b). IEEE.

Nance, K., Armstrong, H., and Armstrong, C. 2010. Digital Forensics: Defining an Education Agenda. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on (pp. 1-10). IEEE.

Karie, N.M., & Venter, H.S. 2014. Toward a general ontology for digital forensic disciplines. Journal of forensic sciences, 59 5, 1231-41.

Raghavan, S. and Raghavan, S.V., 2013, November. A study of forensic & analysis tools. In Sys-tematic Approaches to Digital Forensic Engineering (SADFE), 2013 Eighth International Work-shop on (pp. 1-5). IEEE.

Ekstrom, J.J., Lunt, B.M., & Rowe, D.C. 2011. The role of cyber-security in information tech-nology education. SIGITE Conference.

Sabeil, E. Manaf, A.B.A., Ismail, Z. and Abas, M. 2011. Cyber Forensics Competency-Based Framework – Areview. International Journal on New Computer Architectures and Their Applica-tions (IJNCAA) 1(3): 991-1000. The Society of Digital Information and Wireless Communica-tions, 2011 (ISSN: 2220-9085).

Srinivasan, S. 2013. Digital Forensics Curriculum in Security Education. Journal of Information Technology Education: Innovations In Practice. Volume 12, 2013.

Tu, M., Dianxiang, X., Wira, S., Balan, C., and Cronin, K. 2012. On the Development of a Digi-tal Forensics Curriculum. Journal of Digital Forensics, Security and Law, Vol. 7(3). 13-32.

TWGETDF. 2007. Technical Working Group for Education and Training in Digital Forensics. West Virginia University Forensic Science Initiative

Dittrich, D., Garfinkel, S., Kearton, K., Lee, C.A., LANT, N., Russell, A., & Woods, K. (2011). Creating Realistic Corpora for Security and Forensic Education. ADFSL Conference on Digital Forensics, Security and Law, 2011. 123-134.


574063 FORC Page 22

Appendices

Appendix A: UK Forensic Computing programme content (modules)

The national provision of undergraduate Forensic Computing programmes is described in this ap-pendix. More specifically the vast majority of programmes available are included with a detailed outline of all compulsory and optional modules. University Programme Modules Anglia Ruskin University Cyber Security (BSc) • Web Development

• Learning and Skills Development for HE and Work • SW principles • Networked systems • Operating Systems • Routing and Switching Essentials • Data Security • Project Management and Quality Assurance • Object Oriented Programming • Undergraduate major project • Managing information • Information Security • Smart Systems and Internet of Things

Bedfordshire University Computer Security and Forensics (BSc)

• Introduction to Software Development • Principles of Programming • Computer Systems Structure • Fundamentals of Computer Studies • Networking • Security Testing and Forensic Investigation • Computer Security and Countermeasures • Wireless Communications and Networking • Incident Response • Social and Professional Project Management • Research Methodologies and Emerging Technologies • Undergraduate Project

Bournemouth University Forensic Computing & Security (BSc)

• Business and Professional Issues • Computers & Networks • Programming • Relational Databases • Systems Analysis & Design • User-Centred Web Development • Digital Forensics • Ethical Hacking and Countermeasures • Infrastructure Strategy • Project Management & Team Working • Systems Design • Application Programming (o) • Data Management (o) • Web Programming (o) • Web Technology Integration (o) • Information Assurance • Security by Design • Individual Project • Advanced Development (o) • Advanced Networks (o) • Business Development & Enterprise (o) • Business Process & Requirements (o) • Data mining (o)


574063 FORC Page 23

• Human Factors in Computing Systems (o) • Machine Intelligence for Business Decision Making (o) • Management in Computing (o) • Network Configuration Management (o) • Software Quality and Testing (o) • Software Systems Modelling (o) • Ubiquitous & Pervasive Computing Systems (o) • Web Information Systems (o)

West of England, Universi-ty of

Forensic Computing and Security (BSc)

• Introduction to OO Systems Development • Computer and Network Systems • Web Programming • Computer Crime and Digital Evidence • Mobile and Embedded Devices • Secure Computer Networks • Security and Forensic Tools • Law, Experts and Justice • Computing Project • Forensic Computing Practice • Security Management in Practice • Requirements Engineering (o) • Advanced Databases (o) • Cryptography (o) • Entrepreneurial Skills (o) • Professional Experience (o) • Integrated Case Studies (o)

Canterbury Christchurch University

Computer Forensics and Security (BSc)

• Computer forensics & Cybersecurity • Computer Systems • The Computing Professional • Introduction to Programming • Principles of Software Development • Computer Security • Computer Law and Ethics • Data Recovery and Analysis • Developing Database Systems with SQL • Research Methods • Individual Study • Digital forensic and ethical hacking • Ethical and Professional Computing • Recent Advance in Computer Network • Advanced Database Development with Oracle (o) • Cryptology (o) • Forensic Intelligence Modelling (o) • Operating Systems (o)

Cardiff University Computer Science with Security and Forensics (BSc)

• Computational Thinking • Web Applications • Problem Solving with Python • Professional Skills • Developing Quality Software • Architecture and OS • Maths for Computer Science • OO Java Programming • HCI • Database Systems • OO Applications • Communication Networks • Algorithms and Data Structures • Group Project • Large Scale Databases


574063 FORC Page 24

• Security • Forensics • Emerging Technologies • Individual Project

Central Lancashire, Uni-versity of

Forensic Computing (BSc)

• Introduction to Programming. • Programming • Introduction to Networking • Computing Skills • Systems Analysis & Database Design • Interactive Applications • Practitioner Skills • Professional Skills • Computer Security • Investigating Hardware & OS • Digital Forensic Experimentation • Network Management • Advanced Programming (o) • Database Systems (o) • Digital Forensic Investigation • Computers, Society and Law • Double Project • Wireless and Mobile Networks (o) • Network-Based Forensic Investigation (o) • Network Design (o) • Wireless and Mobile Networks (o) • Advanced Database Systems (o) • Database Driven Websites (o) • Advanced Programming (o) • Database Systems (o) • Penetration Testing (o)

Coventry University Forensic Investigation (BSc)

• N/A – tbc • N/A – tbc • N/A – tbc

Coventry University Ethical Hacking and Cy-bersecurity (BSc)

• N/A – tbc • N/A – tbc • N/A – tbc

De Montford University Forensic Computing (BSc)

• Programming in C • Computer Ethics, Law and Portfolio • Elements of Computing • Computational Modelling • Organisations, Project management and research • Forensics and Security • Multi-tier Web Applications • Issues in Criminal Justice • Digital Evidence • Professionalism in Forensics and Security • Individual project • Secure Web Application Development (o) • Web Application Penetration Testing (o) • Telematics (o) • Functional Software Development (o) • Front-End Web Development (o) • Database Management and Programming (o) • Fuzzy logic and knowledge based systems (o) • Privacy and Data Protection (o)

Derby, University of Computer Forensic Inves-tigation (BSc)

• Introduction to Computer Science • Computational Mathematics • Programming I


574063 FORC Page 25

• Networking Fundamentals • Foundations of Computer Science • Programming II • Digital Forensic Investigation • Networks and Security • Databases • Network Investigation • The Problem of Proof • Team Project • Independent Studies - double module • Advanced Digital Forensic Investigation • Server Infrastructure • Cryptography and Coding • Information Security and Assurance

Derby, University of Cyber Security (BSc) • Introduction to Computer Science • Foundations in Computer Science • Computational Mathematics • Programming 1 • Foundations of Cyber Security and Digital Forensics • Programming 2 • Databases • Ethical Hacking • Digital Forensic Investigation • The Problem of Proof • Communication and Security Protocols • Team project • Systems and Reverse Engineering • Independent Studies • Security Management • Risk and Vulnerability Management • Security Architecture and Future Trends

Edge Hill University Computing (Networking, Security and Forensics) (BSc)

• Foundations of Computer Science • Digital World – information systems and design • Digital World – Computer architecture and networks • Web Design and Development • Programming1 • Programming 2 (also can be substituted with language mod-

ules!) • Databases • Computer Networks • Introduction to Security • Computer Systems Architecture • Employability • Options: Wireless and Mobile Networks / Introduction to Digi-

tal Forensics • Research and Development project • Operating Systems • Research and Development Methods • Options • Forensic Computing • IT Management • Internet Security • System Penetration Testing • Advanced Databases

Edinburgh Napier Univer-sity

Computer Security and Forensics (BSc) CCNA syllabus / BCS

• Software development 1 • Computer systems 1 • Practical networks 1 • Introduction to the information profession • Introduction to human-computer interaction


574063 FORC Page 26

• Option • Software development 2 • Digital forensics • Database systems • Systems and services • Applied Cisco networking (security /wireless) • Option • Networked services • Security and forensic computing • Applications development • Group project • Core options • Information • Society and security • Mobile computing • Advanced security and digital forensics • XML web services • Honours project

Glasgow Caledonian Uni-versity

Cyber Security and Net-works (BSc)

• Not listed • Not listed • IT Project Management • Network Penetration Testing • Designing Secure Networks • Advance Routing • Integrated Design • Cloud System Security • Regulating the Information • Simulating Multimedia • Professionalism • Honours Project

Glasgow Caledonian Uni-versity

Digital Security, Foren-sics and Ethical Hacking (BEng)

• Programming • Introduction to Computer Forensics • Platform Development • Mathematics for Computing • Operating Systems • Routing Fundamentals • Digital Forensic Essentials • Integrated Desgin • Database Development • Designing Secure Networks • Quantitative Modelling • Digital Forensic Analysis • Network Penetration • Project • Honours Research and Project Methods • Malware Analysis and Reverse Engineering • Cloud Systems Security • Mobile Device Security, Forensics & Penetration Testing • Professionalism in Practice • Honours Project

Gloucestershire, The Uni-versity of

Computer and Cyber Forensics (BSc)

• Introduction to Web Development • Computers and Security • Introduction to programming fundamentals • Principles of cyber forensics • Managing the security of information • Digital Crime Scene Investigation • Cyber Crime Forensics • Options 60 credits:


574063 FORC Page 27

• Data Analytics • Ethical Hacking and Security • Professional Issues • Cryptography and Forensics • Operating Systems • Advanced Group Project • Advanced Concepts in Networking and Security • Advanced Topics in Technology and Innovation • Cyber Forensic Certification • Information Technology Law

Gloucestershire, The Uni-versity of

Cyber and Computer Security (BSc)

• Introduction to Web Development • Computers and Security • Introduction to programming fundamentals • Principles of cyber forensics • Operating Systems • Cryptography and Security • Network Design and Configuration • Cyber Security Fundamentals • Ethical Hacking & Security • 30 credit option from: • Data Analytics • Professional Issues • Managing the security of information • Digital Crime Scene Investigation • CT6007: Individual Research Project • Advanced Networking & Security • Advanced Group Project • Advanced Concepts in Networking & Security • Advanced Topics in Technology and Innovation • Penetration Testing Certification • Cyber Security Management

Greenwich University Computer Security and Forensics BSc

• Communication Systems • Computer Systems Architectures • System Development • Scholarly and Academic Practice • Object Oriented Programming • Programming Foundations • Logical Foundations • Analytical Methods for Computing • Computer Forensics 2 • Network Theory & Technologies • Network Security • Operating Systems • Systems Development Project • Professionalism in the IT Industry • Introduction to Smart Systems • Computer Forensics 3 • Project (CIS) • Students are required to choose 30 credits from this list of op-

tions. • Smart Systems Development • Network Technology • Network Design and Implementation • Penetration Testing and Ethical Vulnerability Scanning • Web Application Development • Programming Distributed Components • Enterprise Server Management and Security • Computing Education Placement

Kingston University Cyber Security & Com- • Programming 1


574063 FORC Page 28

puter Forensics with Business BSc

• IT Toolbox • Digital Forensics: Principles and Practices • Business Management • Computer Forensics and Ethical Hacking • Networking Concepts • Database and UML Modelling • Managing Resources • Optional sandwich year • Individual Project • Internet Security • Live and Network Forensics • Management Strategy and Operations

Leeds Beckett University Computer Forensics BSc • Fundamentals of Computer Programming • Computer Communications • Forensics & Security • Object Oriented Programming • Fundamentals of Databases • Website Development • Web & Network Security • Team Project • Digital Security Landscapes • Digital Forensic Analysis • Computer Forensic Processing • Software Systems Development (o) • Web Application Technologies (o) • Database Systems (o) • Forensic Investigative Techniques • Networked Forensic Investigations • Production Project • Advanced Database Systems (o) • Advanced Web Engineering (o) • Advanced Software Engineering (o) • Developing Mobile Applications (o) • Human Computer Applications (o) • Green Computing Technologies (o) • Intelligent Systems (o)

Leeds Beckett University Computer Forensics and Security BSc

• Fundamentals of Computer Programming • Object Oriented Programming • Forensics & Security • Fundamentals of Databases • Website Development • Computer Communications • Computer Forensic Processing • Web & Network Security • Digital Security Landscapes • Digital Forensic Analysis • Team Project • Software Systems Development (o) • Web Application Technologies (o) • Database Systems (o) • Advanced Digital Security • Networked Forensic Investigations • Production Project • Forensic Investigative Techniques (o) • Incident Response & Investigation (o) • Advanced Database Systems (o) • Advanced Web Engineering (o) • Advanced Software Engineering (o)


574063 FORC Page 29

Leeds Beckett University Computer Security BSc • Forensics & Security • Fundamentals of Computer Programming • Website Development • Object Oriented Programming • Fundamentals of Databases • Computer Communications • Computer Forensic Processing • Digital Security Landscapes • Digital Forensic Analysis • Web & Network Security • Team Project • Database Systems (o) • Web Application Technologies (o) • Software Systems Development (o) • Incident Response & Investigation • Advanced Digital Security • Production Project • Advanced Database Systems (o) • Advanced Web Engineering (o) • Advanced Software Engineering (o) • Developing Mobile Applications (o) • Intelligent Systems (o) • Green Computing (o)

Liverpool John Moores University

Computer Forensics BSc • Programming • Computer Systems • Computer Forensics and Security • Problem Solving for Computer Forensics • Internet and Web Technologies • Personal and Professional Development • Data Modelling • Digital Forensics • Database Development • Operating Systems • Computer Law • Object Oriented Systems Development • Research Skills • Professional Issues • Sandwich degree • Year-long placement • Project • Computer Security • Network Forensics • Forensics Investigatory Practice • Cloud and Mobile Forensics

London Metropolitan Uni-versity

Digital Forensics and Cyber Security (BSc)

• Computer Hardware and Software Architectures • Information Systems • Logic and Problem Solving • Programming • Computer Forensics • Networks and Operating Systems • Professional Issues, Ethics and Computer Law • Risk, Crisis and Security Management • Security in Computing • Digital Crime Investigation • Ethical Hacking • Network and Cloud Security • Project • Work Related Learning II


574063 FORC Page 30

Manchester Metropolitan University

Computer Forensic Secu-rity BSc

• Computer Forensics and Security Fundamentals • Computer Systems Fundamentals • Information Systems • Programming (Java) • Advanced Programming • Computer Networks and Operating Systems • File Systems Forensics and Analysis • Professional Development • Information and Network Security • Network and Internet Forensics • Project • Option units (indicative and may be subject to change year on

year): • Enterprise Programming • Mobile Application Development • Software Agents and Optimisation

Middlesex University Computer Forensics BSc • Computer Networks (30 Credits) - Compulsory • Information in Organisations (30 Credits) - Compulsory • Introduction to Computer Forensics: Professional, Technical and

Regulatory (30 Credits) - Compulsory • Introduction to Programming (30 Credits) - Compulsory • Digital Investigation • File Systems Analysis • IT Infrastructure • Remote Hosts and Webservers • Mobile Forensics • e-Discovery, e-Disclosure and Evidence Management • Computer Forensics Project • Data Warehousing and Business Intelligence (o) • Social Network Analysis and Visual Analytics (o)

Northumbria University Computer and Digital Forensics (BSc)

• PC Technology 1 • Programming 1 (JAVA) • Introduction to Computer Crime Investigation • Programming 2 • Web Technologies • Relational Databases • Dynamic Internet Technologies • Operating Systems in Practice • Principles of Evidence and Procedure • Reflective Practice for Computer Forensic Professionals • Digital Forensics: Principles and Practices • Legal and Evidentiary Aspects of Computer Forensics • Advanced Digital Forensics • Corporate Digital Forensic Investigations • Individual Project • Mobile Computing, Communications and Security

Nottingham Trent Univer-sity

Computer Systems (Fo-rensic and Security) (BSc)

• Foundation in Computing and Technology • Systems Programming • Systems Technology • Systems Analysis and Design with Professional Development • Network Design and Administration • Computer Security Management • Communications Technology • Distributed Network Architecture and Operating Systems • Information and Database Engineering • Practical Project Management and Professional Development • Project • Security Technologies • Computer Crime and Forensics Wireless and Mobile Communi-


574063 FORC Page 31

cation • Mobile Platform Development Service-Centric and Cloud Com-

puting Business Analysis (o) • Information Systems Management (o) • Communicating Science and Technology (o)

Portsmouth, University of Forensic Computing (BSc)

• Digital Forensics: Art of Science? • Computer Architecture • Introduction to Programming • Network Fundamentals • Web Foundations • Forensic Fundamentals • Forensic Investigations • Business Information Security • Computer Operating Systems and Intermediate Networks • Network Services Administration and Virtualisation • Malware Forensics • Security and Cryptography • System Security • Final year project

Salford, University of Computer Science with Cyber Security (BSc)

• Database Systems • Computer System Internals and Linux • Programming 1 • Programming 2 • Professional Development and Practices • Web Development and HCI • AI and Data Mining • Client Server Systems • Software Projects with Agile Techniques • Data Structures and Algorithms • Network Penetration Testing • Networking and Security • Project • Cyber Investigation • Malware and Exploit Analysis • Information Security Management • Mobile Development (o) • Business Management (o) • Virtual Reality and 3D Games (o)

Sheffield Hallam Universi-ty

Computer Security with Forensics (BSc)

• Introduction to computer and information security • Networking fundamental, CCNA1 • Programming fundamentals • mathematics and cryptography • Computer systems and architecture • Professionalism and communication skills • Digital forensics • Secure networking technologies • Network intrusion detection • Database administration and security • Network services and administration • Project-based learning • Investigative forensic • Computer forensics expert witness • Information security management • Enterprise applications management • Project • Network management (o) • Management of IT services (o) • Web security (o)

South Wales, University of Computer Forensics (BSc)

• Computer Systems and Network Technologies • Computer Programming


574063 FORC Page 32

• Information Engineering • Cyber Tools and Processes • Professionalism and Governance in Cyber Security • Mathematical Tools for Computer Forensics and Security • Operating System Theory and Implementation • Project Management and Professional Practice • Supervised Work Experience (Computing) - Optional • Study Overseas (Computing) - Optional • Forensic Digital Evidence • Team Project Evidential Practice • Computer Systems Security • Cryptography • Individual Project • System Security & Administration • Advanced Digital Investigation Techniques • Big Data and Cloud Forensics • The Computing Professional in Practice

Staffordshire University Forensic Computing (BSc)

• Introduction to Digital Investigation • Fundamentals of Computing and Maths • Data Storage and Software Development • Networks for Forensic Computing • Introduction to Security Technologies • Digital Forensic Tools • Digital Forensic Systems • Biometrics in a Security Environment • Option • Ethical Hacking • Advanced Programming • Final Year Project • Research Methods • International Aspects of Digital Forensic • Professional Forensic Computing

Sunderland University Computer Forensics (BSc)

• Fundamentals of Computing • Foundations of Computer Forensics & Ethical Hacking • Software Engineering Enterprise and Innovation • Software Development • Theoretical principles of Computer Forensics & Ethical Hacking • Practical aspects of Computer Forensics • Network Fundamentals • Project • Advanced Digital Forensics • Advanced Cyber Security • Professional Issues in Computer Forensics & Ethical Hacking • Options • Ethical Hacking • Telecommunications • Advanced Routing • Software Enterprise

Teesside University Computer and Digital Forensics with Profes-sional Experience (BSc)

• Computer Technologies • Data Analysis • Intelligence and Digital Investigation • Introduction to Forensic Scripting • Legal Foundations for Investigative Sciences • Principles of Forensic Computing • Professional Skills for Digital Forensics • Database Driven Information Systems • Digital Forensics Practical Investigations • Media and Storage


574063 FORC Page 33

• Mobile Forensic Investigations • Science Research Methods and Proposal • Scripting and Problem Solving • Complex and Organised Crime • Employment Skills • Internet, Network and Server Investigations • Science Research Project • Analysis and Interpretation of Intelligence (o) • Cryptography and Steganography (o) • Scripting and Searching (o)

West London, The Univer-sity of

Cyber Security (BSc) • Computer Architecture • Mathematics for Computing • Programming for Security • Cyber Security in Society • Algorithms and Data Types • Information Systems and Databases • Applied Cryptography • Distributed Computing • Mobile Application Development • Network and Security • Web and Mobile Application Security • Cyber Security Team Project • Enterprise Security Management • Advanced Topics in Cyber Security • Cyber Crime • Cyber Security Project

@@@ @@@ • @ • @ • @

D2-1.1 State of the art report on EU FC programmes v2.0 · FORC D2-1.1 State of the art report on...

Documents

Transcript of D2-1.1 State of the art report on EU FC programmes v2.0 · FORC D2-1.1 State of the art report on...