Module Code: H9FRED
Long Title Forensics and eDiscovery
Title Forensics and eDiscovery
Module Level: LEVEL 9
EQF Level: 7
EHEA Level: Second Cycle
Credits: 5
Module Coordinator: Vikas Sahni
Module Author: Vikas Sahni
Departments: School of Computing
Specifications of the qualifications and experience required of staff  
Learning Outcomes
On successful completion of this module the learner will be able to:
# Learning Outcome Description
LO1 Demonstrate comprehensive knowledge and understanding of legal situation, compliance requirements, methods and procedures used in forensics investigations.
LO2 Carry out a forensic investigation of operating systems, mobile devices and networks, critically analysing evidence retrieved and writing reports on the findings of an investigation.
LO3 Compare, evaluate and use forensic tools to forensically analyse mobile devices.
LO4 Carry out an eDiscovery engagement across multiple platforms making use of various electronic discovery tools.
LO5 Critically analyse the results of an eDiscovery review, prepare production sets and prepare affidavits for expert testimony.
Module Recommendations

This is prior learning (or a practical skill) that is required before enrolment on this module. While the prior learning is expressed as named NCI module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).

No recommendations listed
Co-requisite Modules
No Co-requisite modules listed
Entry requirements  

Module Content & Assessment

Indicative Content
Introduction to forensic investigation methodology and procedures of mobile devices, networks, device vulnerabilities, types of cybercrime, legislation and IT compliance.
Windows Forensics
History of the various platforms, File system analysis, communication and networks, threats and security; Anti-forensic techniques.
Network Forensics
Network technology protocols, communication applications like email, sms, web services, internet messaging, cloud forensics, and so on. Threats vulnerabilities, logging and forensics of attacks.
Mobile Forensics
History of devices, physical v logical imaging, Communication networks and technology, mobile devices operating systems, mobile applications and threats and security.
Linux Forensics
History of the various platforms, File system analysis, communication and networks, threats and security.
Forensic Tools
Review of forensic tools for digital devices and networks, mastery of commercial and open-source forensic tools, virtual images, comparison of tools, sources of data on tools, NIST review documents, and forensic organisations, log analysis, scripts.
Electronic Discovery Rules
Introduction to the Electronic Discovery Reference Model, reviewing all elements of the EDRM process. Look at the Good Practice Guide in Ireland.
Electronic Discovery processes and Platforms
Review of predictive coding, Technology assisted review; review of electronic discovery platforms; Preparation of discovery for court.
Investigative Procedures and Law
Forensic investigative procedures and the law, guidelines and standards (e.g. ACPO, FBI handbook), evidence collection and reporting, preparing for prosecution and testifying in court. Affidavit preparation, expert testimony.
Assessment Breakdown%
End of Module Assessment60.00%


Full Time

Assessment Type: Continuous Assessment % of total: 40
Assessment Date: n/a Outcome addressed: 2,3,4,5
Non-Marked: No
Assessment Description:
Practical work will be conducted throughout the semester to assess the learner’s knowledge on forensic procedures, acquisition methods, analysis of computer data and eDiscovery processes making use of various forensic and eDiscovery tools.
End of Module Assessment
Assessment Type: Terminal Exam % of total: 60
Assessment Date: End-of-Semester Outcome addressed: 1,3,5
Non-Marked: No
Assessment Description:
Learners are required to complete a formal end-of-semester examination.
No Workplace Assessment
Reassessment Requirement
Repeat examination
Reassessment of this module will consist of a repeat examination. It is possible that there will also be a requirement to be reassessed in a coursework element.

NCIRL reserves the right to alter the nature and timings of assessment


Module Workload

Module Target Workload Hours 0 Hours
Workload: Full Time
Workload Type Workload Description Hours Frequency Average Weekly Learner Workload
Lecture No Description 1 Every Week 1.00
Tutorial No Description 1 Every Week 1.00
Independent Learning No Description 8.5 Every Week 8.50
Total Weekly Contact Hours 2.00

Module Resources

Recommended Book Resources
  • K. Jones, R. Betjlich. (2012), Real Digital Forensics, Volume 2, Addison-Wesley.
  • T.J. O’Connor. (2012), Violent Phython: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers, Syngress publisher.
Supplementary Book Resources
  • H. Carvey. (2011), Windows Registry Forensics, Syngress.
  • E. Casey. (2011), Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet,, 3rd Edition. Academic Press.
  • J. Seitz. (2009), Phython Programming for Hakers and Reverse Engineers,.
  • S. Anson, S. Bunting. (2007), Mastering Windows network forensic investigation, Wiley, Indianapolis, Ind..
  • B. Nelson, A. Phillips, C. Steuart. (2009), Guide to Computer Forensics and Investigations.
This module does not have any article/paper resources
Other Resources
Discussion Note: