Cyber security teams are routinely called on to investigate incidents ranging from the downtime of critical resources
such as servers and networks, to complex cyber-attacks which lead to loss of resource, reputational damage and
potential fines. Digital investigation is the process of identifying and analysing the causes of incidents and providing a
robust and comprehensive response and explanation to stakeholders on the cause of an incident and the steps that
can be taken to mitigate against it occurring again in the future. The endpoint of a digital investigation is often a report
which must clearly, cogently and convincingly attribute the root cause of the incident, whilst at the same time be easily
understood by lay audiences which range from members of a court to chief executives in an organisation. This ability
to organise important information and present it professionally and clearly is a key skill within the cyber security
Principal Learning Outcomes
By the end of module students will be able to:
- Demonstrate the ability to apply digital forensic tools and techniques to solve given problems.
- Investigate digital artefacts against a realistic brief, preserving, analysing and interpreting the evidence.
- Evaluate, the capability to perform incident management and incident response.
- Understand the complexities of jurisdiction in the cyber domain.