Skip to main content

CS355 Digital Forensics

CS355 15 CATS (7.5 ECTS) Term 2


Option - CS, CSE, DM


CS131 Mathematics for Computer Scientists II, CS137 Discrete Mathematics II, ES193 Engineering Mathematics or equivalent.

Academic Aims

The aim is for students to become familiar with the principles and practice of digital forensics. The module focuses on identifying source devices of digital content, content integrity verification, copyright protection, steganography, steganalysis, and content authentication. It is intended for the students to acquire the state-of-the-art multimedia-based digital forensic skills that are in acute demand in law enforcement, cyber-security and national security.

Learning Outcomes

By the end of the module, students should:

  • Understand the context for the application of methodologies and standards for entity acquisition and processing in digital forensics.
  • Understanding various modalities of device fingerprints and ways for extracting and enhancing device fingerprints from digital content.
  • Understanding forensic applications of device fingerprints in source device identification, content/device linking, source-oriented image clustering and content integrity verification.
  • Understanding data hiding techniques and their applications in copyright protection and content authentication.
  • Understanding data hiding techniques and their applications in steganography and steganalysis.
  • Understanding theoretical and practical challenges, including counter-forensics and counter-counter-forensics.


The module will deal with core concepts and enabling methodologies in multimedia-based digital forensics. It will also examine current applications, and address theoretical and practical challenges. More specifically the syllabus will cover:

• Methodologies and standards for acquisition and processing in digital forensics
• Modalities of device fingerprints
• Extraction and representation of device fingerprints
• Enhancement of device fingerprints
• Source device identification based on device fingerprints
• Content/device linking based on device fingerprints
• Content integrity verification based on device fingerprints
• Source-oriented image/video clustering based on device fingerprints
• Digital content hashing
• Data hiding
• Digital watermarking for copyright protection
• Digital watermarking for content authentication
• Steganography
• Steganalysis
• Counter-forensics and counter-counter-forensics


  • Altheide, C., Carvey, H., Digital Forensics with Open Source Tools, 2011, Syngress.
  • Casey, E., Handbook of Digital Forensics and Investigation, 2009, Academic Press.

  • Sammons, J., The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics, 2014, Syngress.

  • Watson, D., Digital Forensics Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements, 2013, Syngress


Two-hour examination (70%), Coursework (30%)


20 one-hour lectures plus 10 one-hour lab sessions

Jalote P, Fault Tolerance in Distributed Systems, Prentice Hall, 1994.
Lynch N, Distributed Algorithms, Morgan Kauffman, 1996.
Gouda M, Elements of Network Protocol Design, John Wiley, 1998.

  • Background: development and scope of social informatics; practical goals.
  • Understanding individual behaviour: perception, memory and action.
  • Modelling human interaction with digital systems.
  • Design methodologies and notations.
  • Techniques and technologies: dialogue styles, information visualisation.
  • Designer-user relations: iteration, prototyping.
  • Evaluation: formative and summative; performance and learnability.
  • Mobile computing and devices: novel interfaces; ubiquitous computing.
  • Organisational factors: understanding the workplace; resistance; dependability.

Innovation processes at scale: social shaping of IT, actor-network theory, co-production.