1. MSc Programme in Digital Investigation and Forensic Computing (MSc DIFC)

MSc DIFC is a world-leading MSc programme producing forensic specialists for the corporate and law enforcement sectors. Our graduates are employed as forensic specialists in all of the Big-Four consultancy companies as well as in major financial and Hi-Tech corporations in Ireland and abroad.

Unlike many other digital forensic programmes, MSc DIFC aims to produce forensic specialists who have deep understanding of the underlying principles of digital forensics and are able to conduct independent forensic research and develop their own forensic tools for the problem at hand. For a brief description of the taught modules comprising the programme see Section 2 below.

The teaching and student support on the programme is provided by the members of DigitalFIRE and our industrial collaborators (Grant Thornton, KPMG, Bank of Ireland, Deutsche Bank). Although the programme is delivered on UCD campus, all lectures are broadcast on the Internet and recorded. There is also an option to study MSc DIFC completely online, visiting Dublin only twice for practical workshops and exams.

MSc DIFC is delivered at UCD School of Computer Science and Informatics in collaboration with UCD Centre for Cybersecurity and Cybercrime Investigation who provide student recruitment for the programme.

Please refer to the MSc DIFC web page for more information about the application process.

2. Individual Taught Graduate Modules in Digital Forensics

Apart from enrolling into MSc DIFC, almost all of MSc DIFC taught modules (with the exception of the final project) can also be taken as part of UCD’s MSc programme in Computer Science (by Negotiated Learning), where they form a major part of the Information Security and Computer Forensics Stream. Given below is the list of these modules with a brief description.

COMP 40800: Computer Forensics Foundations

This module covers fundamental knowledge and techniques of computer forensics. Starting from an overview of the profession of digital investigator, followed by principles of interpretation of evidence, ways of writing forensic reports, and techniques for manual interpretation of raw binary data; the course participants will learn technqiues for performing basic Internet investigations and basic forensic analysis of a stand-alone computer (including the use of write blocking, disk imaging, keyword searching, hash libraries of known good & known bad files, file carving, systematic exploration of the file system & Windows registry, exploration of internet usage history and some other well known forensic artifacts in Windows operating systems). The ideas and techniques of this module are illustrated using a simulated crime case.

COMP 40790 Application / Advanced Forensics

New application programs appear frequently and it is not possible to develop and teach forensic techniques covering examination of ALL existing and future applications. This module teaches forensic experimental design, statistical reasoning, and reverse engineering (using IDA Pro disassembler, OllyDbg, and case-specific experimentation) in order to equip students with the ability and knowledge to perform their own forensic research of unknown software applications and to use the results of the performed forensic research to draw credible conclusions from the available evidence.

COMP 40750: Corporate Investigations

This module is a follow on from COMP 40790 and COMP 40800. It covers a selection of advanced digital forensic topics which infrequently but consistently arise in the context of corporate investigations, such as

  • file system forensics & data recovery
  • e-discovery process and tools
  • introduction to mobile device forensics
  • introduction to server forensics

Additional topic(s) may be covered by the lecturers, depenging on the recent developments in the discipline.

LAW 40860: Law for IT Investigators

This module deals with the legal framework governing the activities of persons involved in Information Technology security and forensics. Topics covered will include:

  • Legal issues associated with securing networks (including penetration testing, legal obligations to store data / keep data secure);
  • Legal issues raised in the conduct of investigations (including the legality of network monitoring and employee surveillance, duties to report certain findings to the police, interaction with police investigations);
  • The role of digital evidence in litigation (including the use of discovery, Anton Piller orders and other court procedures, reliability and admissibility of digital evidence, implications of illegally and unconstitutionally obtained evidence).

This course will primarily reflect Irish and European law but, where relevant, comparison will be made with practice in other jurisdictions.

COMP 40760: Investigative techniques

This module covers the principles and practice of detective work in the context of corporate investigaions. The following topics are covered:

  • Crime scene search techniques and evidence handling,
  • Interviewing suspects and witnesses,
  • Developing hypotheses and keeping investigation log,
  • Preparing for court testimony.

The module includes practical hands-on workshops on crime scene processing and presentation of evidence in court that has to be attended by the students at UCD Campus in Dublin in person.

COMP 40770: Information Security

This module is aimed at familiarising students with how to investigate crimes directed against computer systems and how to take advantage of information security mechanisms and policies during corporate investigations. The following areas are covered:

  • introduction to information security management standards & information security policies,
  • introduction to incident response,
  • Introduction to offensive security & penetration testing

By the end of this module the students should be able to use information security management standards, policies, and incident response techniques as well as offensive security techniques and penetration testing tools introduced in the module.