Skip to main content Skip to navigation

Digital Forensics

This is a course module is on both MSc Cyber Security and Management and MSc Cyber Security Engineering.

This module is one of the eight modules required for the GCHQ Master's certification.


At its core this module is concerned with doing science well. It is about drawing the correct inference from the digital data which pervades modern society. There are a number of challenges with drawing inference from modern digital data: it is fragile, its quantity may be overwhelming, it may be transient or volatile, it may not be legally accessible, it may not be technically accessible, its structure may be unclear. And it is not merely that drawing inference from the data is complicated; attributing inference back to an individual or organisation is especially vexed. Set against these significant challenges is the reality that the digital footprint left by a member of modern society may have been left as a consequence of some wrongdoing.

Digital forensics seeks to overcome the substantial challenges of drawing correct inference from digital data, so that decisions about the identity of the wrongdoer, and the sanctions that follow, may be made with greater confidence from a better informed perspective.

There are a number of principles that have been established by the digital forensics community. From these a range of tools and techniques have been developed for doing standard things in typical circumstances. Analysing the capabilities and limitations of these tools and techniques is an important part of the module. Representing what has been inferred to a non-specialist audience is also a critical part of any investigation and is practised in the module.

Ultimately, this module exposes the student to the entire investigative lifecycle of a case.

Principal Learning Outcomes

  • investigate digital artefacts against a realistic brief, preserving, analysing and interpreting the evidence.
  • report digital forensic findings to a non-specialist audience.
  • critically evaluate digital forensic tools and techniques.
  • critically analyse the complexities of jurisdiction in the cyber domain.
  • apply scientific techniques and use scientific terminology appropriately in the context of digital forensic analysis.

Other useful information

This module is delivered in an intensive one-week block of directed tuition (nominally 40 hours). Students will be based in the WMG Cyber Security Centre, with most taught sessions taking place in our specialist cyber security and forensics laboratory / classrooms.

Formal assessment for this module typically comprises:

  • a small group lab-based assessment, taking place during taught sessions (20%)
  • a practical assignment with report, to be submitted after the taught module period (80%)

There are no pre-requisites for this module. Students who are choosing this module as part of a course other than MSc Cyber Security and Management are welcome to seek preparatory advice.

The MSc Cyber Security and Management course team regularly reviews the content provided here for currency and accuracy. Please do get in touch with any queries.Contact:

Please note: the details of this module are correct for the current year of study and may be subject to change for future years.