Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)

DECEMBER 26, 2024

FP
Ethiopia Addis Ababa

December 26, 2024

 Contents
1. Program Title ............................................................................................................................................. 1
2. Target Audience ......................................................................................................................................... 1
3. Program Duration ...................................................................................................................................... 1
4. Program Objectives ................................................................................................................................... 1
5. Program Structure ......................................................................................................................................1
6. Modules Overview: ................................................................................................................................... 2
6.1. Fundamental Digital Forensics (BDFPCP_001) ................................................................................ 2
6.2. Digital Forensic Law (BDFPCP_002) ................................................................................................5
6.3. Computer Forensics (BDFPCP_003) ................................................................................................. 9
6.4. Mobile Forensics (BDFPCP_004) ....................................................................................................13
6.5. Network Forensics (BDFPCP_005) ................................................................................................. 17
6.6. Multimedia Forensics (BDFPCP_006) .............................................................................................20
6.7. Social Media Forensics (BDFPCP_007) .......................................................................................... 23
6.8. Malware Analysis (BDFPCP_008) ...................................................................................................26
6.9. Database Forensics (BDFPCP_009) .................................................................................................29
6.10. Emerging Technologies in Digital Forensics (BDFPCP_010) ....................................................... 32
6.11. Critical Thinking and Problem-Solving Skills in Digital Forensic Science (BDFPCP_011) .........36
7. Program Features .................................................................................................................................39
7.1. Practical Hands-on Training: ............................................................................................................ 39
7.2. Expert Instruction: ............................................................................................................................ 39
7.3. Flexible Delivery Format: ................................................................................................................ 39
7.4. Case-Based Learning: .......................................................................................................................39
7.5. Tools and Resources: ........................................................................................................................ 39
8. Learning Outcomes: ............................................................................................................................ 39
9. Program Benefits for the Ethiopian Security .......................................................................................40
10. Additional Program Information ....................................................................................................... 40

December 26, 2024 i

1. Program Title
1.1. Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
2. Target Audience
2.1. Law enforcement personnel
2.2. Cybercrime investigators
2.3. Digital forensic analysts
2.4. IT security professionals within the Ethiopian Security Agency
3. Program Duration
3.1. Six (6) months (Part-time, including evening and weekend classes)
3.2. Nine (9) months with others supportive course
4. Program Objectives
4.1. Provide participants with a strong foundational understanding of digital forensics across
multiple platforms and devices.
4.2. Develop the practical skills needed to handle and analyze digital evidence effectively
using industry-standard tools and techniques.
4.3. Equip participants with knowledge of Ethiopian and international legal frameworks
governing digital forensics and cybercrime investigations.
4.4. Foster critical thinking and problem-solving skills for digital forensic science.
4.5. Enhance the Ethiopian Security Agency’s capacity to investigate and prosecute
cybercrimes, ensure security, and support national defense efforts.
5. Program Structure

The program consists of 11 modules, totaling 30 ECTS (European Credit Transfer and
Accumulation System), combining theoretical lessons, practical sessions, and assessments. The
program is divided into core topics covering the fundamentals of digital forensics and specialized
areas.

December 26, 2024 1

6. Modules Overview:
6.1. Fundamental Digital Forensics (BDFPCP_001)
6.1.1. ECTS
o 3 credits
6.1.2. Description
o Introduction to digital forensics, including evidence handling, cybercrimes,
and forensic processes.
6.1.3. Key Topics
o Overview of digital forensics
o Digital evidence and types of cybercrimes
o Forensic process and methodology

Module Title Fundamental Digital Forensics

Module Code BDFPCP_001

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 3
Module Total Workload: 81 hours
Workload  Lectures: 30 hours
 Practical Sessions: 18 hours
 Self-Study: 24 hours
Assessment and Assignments: 9 hours

Prerequisite Fundamentals of Information Technology (or equivalent)

Module
Module This module provides a comprehensive introduction to the field of digital
Description forensics. It covers the fundamental principles, methodologies, and tools
used to identify, collect, preserve, analyze, and present digital evidence.
The course emphasizes best practices in digital forensics, ensuring the
integrity and admissibility of evidence in legal proceedings.
Course After completing this module, students will be capable of:
Objectives  Understand the basic principles of digital forensics.
 Identify common types of digital evidence and their sources.
 Gain proficiency in using digital forensic tools and techniques.
 Learn how to document and present forensic findings effectively.
 Understand the importance of maintaining the integrity of digital
evidence.

December 26, 2024 2

Course Outline 1. Introduction to Digital Forensics (4 hours):
 Definition, purpose, and scope of digital forensics
 Digital evidence: types, sources, and challenges
 Role of digital forensics in cybersecurity and law enforcement
2. The Digital Forensic Process (6 hours):
 Identification and acquisition of digital evidence
 Preservation and chain of custody
 Analysis and interpretation of digital data
 Reporting and presentation of findings
3. Digital Storage Media (6 hours):
 Types of storage devices: hard drives, SSDs, USBs, and cloud
storage
 Data recovery from damaged or formatted devices
 File systems and their forensic implications
4. Forensic Tools and Techniques (8 hours):
 Overview of popular digital forensic tools (e.g., EnCase, FTK,
Autopsy)
 Data carving and file analysis techniques
 Imaging and cloning of storage devices
5. Legal and Ethical Considerations (2 hours):
 Importance of maintaining evidence integrity
 Legal frameworks governing digital forensics in Ethiopia
 Ethical dilemmas in forensic investigations
6. Emerging Trends in Digital Forensics (4 hours):
 Mobile device forensics
 Cloud forensics and virtual environments
 Challenges in dealing with encrypted and obfuscated data.

Practical Sessions  Imaging and cloning a digital device for forensic analysis.
(4 hours)
 File recovery and analysis using forensic tools (e.g., FTK,
Autopsy). (5 hours)
 Simulated investigation of a case involving deleted or hidden files.
(4 hours)
 Chain of custody documentation for evidence integrity. (3 hours)
 Reporting and presenting forensic findings in a mock trial setting.
(2 hours)

Assessment and  Continuous Assessment (40%):

Evaluation o Participation in class discussions and practical sessions
(20%)
o Short assignments and quizzes on forensic concepts (20%)
 Final Examination (60%):
o Written exam on theoretical concepts (30%)
o Practical exam based on a case study (30%)

December 26, 2024 3

Learning Upon completing this module, students will:
Outcomes  Upon successful completion of this module, students will:
 Understand the digital forensic process and its practical application.
 Handle and analyze digital evidence while maintaining integrity.
 Use forensic tools effectively for data recovery and analysis.
 Document and present findings in accordance with legal standards.

Additional  Textbooks:
Resources o Guide to Computer Forensics and Investigations by Nelson,
Phillips, and Steuart
o Computer Forensics: Principles and Practices by Linda
Volonino
 Software:
o Access to forensic tools such as EnCase, FTK, and Autopsy
 Supplementary Materials:
o Online tutorials and case studies on digital forensic
investigations

December 26, 2024 4

 6.2. Digital Forensic Law (BDFPCP_002)
6.2.1. ECTS
o 3 credits
6.2.2. Description
o Understanding of Ethiopian and international cybercrime laws, evidence
admissibility, and privacy rights.
6.2.3. Key Topics
o Ethiopian Cybercrime Proclamation
o International frameworks (e.g., Budapest Convention)
o Chain of custody, privacy rights, and ethical considerations in digital forensics

Module Title 1.1. Digital Forensic Law

Module Code BDFPCP_002

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 3
Module Total Workload: 81 hours
Workload  Lectures: 32 hours
 Practical Sessions: 21 hours
 Self-Study: 24 hours
 Assessment and Assignments: 4 hours

Prerequisite Fundamental Digital Forensics (BDFPCP_001)

Module
Module This module introduces students to the legal aspects of digital forensics,
Description focusing on both Ethiopian laws (e.g., Computer Crime Proclamation,
Telecom Fraud Law) and international frameworks that govern cybercrime,
such as the Budapest Convention. The module emphasizes how these laws
interact with digital forensic practices, particularly in the context of
privacy, data protection, and international cooperation in cross-border
cybercrime cases.

December 26, 2024 5

Course After completing this module, students will be capable of:
Objectives  Understand the basic principles of Ethiopian computer crime and
telecom fraud laws.
 Identify key international cybercrime laws and treaties that affect
forensic investigations.
 Apply legal principles to forensic cases, taking into account both
national and international law.
 Recognize the importance of international cooperation in cross-
border digital forensic investigations.

Course Outline 1. Introduction to Digital Forensic Law in Ethiopia (5 hours)

 Key Topics:
o Overview of digital forensics
o Legal significance of digital evidence
o Role of forensic experts in Ethiopian criminal investigations

2. Ethiopian Computer Crime Law (6 hours)

 Key Topics:
o Proclamation No. 958/2016 (Computer Crime Law)
o Types of cybercrimes: hacking, data breaches, identity theft
o Legal procedures for digital evidence collection, storage,
and preservation

3. Telecom Fraud Law and Regulations in Ethiopia (6 hours)

 Key Topics:
o Proclamation No. 847/2014 (Telecom Fraud Law)
o Investigating telecom fraud: methods and challenges
o Legal requirements for digital forensics in telecom fraud

4. Other Relevant Laws and Legislation (7 hours)

 Key Topics:
o Data protection and privacy laws in Ethiopia
o Electronic transaction laws and digital evidence
admissibility
o International conventions on cybercrime and digital
forensics
o Financial fraud,

December 26, 2024 6

 5. Legal and Ethical Considerations in Digital Forensics (4 hours,)
 Key Topics:
o Chain of custody and integrity of digital evidence
o Ethical handling of data and respect for privacy
o Legal rights of suspects in digital investigations

6. Digital Forensics in Ethiopian Courts (4 hours)

 Key Topics:
o The admissibility of digital evidence in court
o Legal procedures for presenting forensic findings
o Role of forensic experts in legal proceedings

Practical Sessions Session 1: Introduction to Ethiopian Digital Forensic Laws and Ethical
Considerations (2 hour)
 Case study review of Ethiopian digital forensics laws
 Ethical considerations in data handling and privacy during
investigations
Session 2: Case Study Analysis of Computer Crime Investigations (3
hours)
 Analyze real-world computer crime cases in Ethiopia
 Application of Proclamation No. 958/2016 to these cases

Session 3: Practical Exercises on Collecting and Preserving Digital

Evidence (3 hours)
 Hands-on training with evidence collection tools
 Preservation techniques for digital evidence following Ethiopian
law
Session 4: Simulated Telecom Fraud Investigation (3 hours)
 Content:
o Simulated telecom fraud investigation using Ethiopian legal
protocols
o Techniques for identifying telecom fraud and documenting
evidence
Session 5: Workshop on Preparing Digital Evidence Reports for Court (3
hours)
 Writing forensic reports and presenting findings in line with
Ethiopian court requirements

December 26, 2024 7

Assessment and  Continuous Assessment (50% of total grade):
Evaluation o Quizzes and Assignments: 20%
 Assessing knowledge of Ethiopian legislation on
digital forensics
o Practical Session Performance: 30%
 Evaluating practical skills in evidence handling, case
study analysis, and ethical considerations
 Final Examination (50% of total grade):
o Written Exam: 30%
 Covering Ethiopian digital forensic laws, telecom
fraud regulations, and other relevant legislation
o Practical Exam: 20%
 Simulated evidence collection and legal reporting in
a digital forensics’ scenario.
Learning  Comprehend the Ethiopian legal framework for digital forensics.
Outcomes  Effectively apply laws related to computer crime, telecom fraud, and
privacy to forensic investigations.
 Handle digital evidence ethically and in compliance with Ethiopian
law.
 Present and report forensic findings professionally in legal contexts
Additional  Full text of the Computer Crime Proclamation and Telecom Fraud
Resources Laws of Ethiopia.
 Access to international cybercrime laws, including the Budapest
Convention and relevant international agreements.
 Supplementary reading on cross-border digital forensics and the role of
international cooperation.

December 26, 2024 8

 6.3. Computer Forensics (BDFPCP_003)
6.3.1. ECTS
o 3 credits
6.3.2. Description
o Techniques for analyzing personal computers, file systems, and recovering
evidence from various operating systems.
6.3.3. Key Topics:
o Windows, Linux and MacOS file system analysis
o Evidence recovery and forensic tools (EnCase, FTK)
o Data acquisition and analysis

Module Title Computer Forensics

Module Code BDFPCP_003

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 3
Module Total Workload: 81 hours
Workload  Lectures: 32 hours
 Practical Sessions: 21 hours
 Self-Study: 24 hours
 Assessment and Assignments: 4 hours

Prerequisite Digital Forensic Law (BDFPCP_002) or equivalent foundational

Module
Module knowledge
This moduleinintroduces
digital forensic principles.
students to core principles and techniques of
Description computer forensics, focusing on file system analysis, data acquisition,
evidence recovery, and using forensic tools. It emphasizes practical
approaches to investigate and analyze digital evidence from various
Course operating systems,
 Understand the including
theoreticalWindows, Linux,
and practical and MacOS,
aspects whileforensics.
of computer ensuring
Objectives  Analyze file systems across different operating systems (Windows,
Linux, and MacOS).
 Apply forensic tools such as EnCase and FTK to recover and analyze
evidence.
 Conduct data acquisition and forensic imaging with industry standards.
 Present forensic findings in compliance with legal and ethical
guidelines

December 26, 2024 9

Course Outline 1. Introduction to Computer Forensics (4 hours)
 Key Topics:
o Definition and scope of computer forensics
o Importance of file systems in forensic investigations
o Overview of forensic methodologies

2. File System Analysis (Windows, Linux, and MacOS) (6 hours)

 Key Topics:
o Understanding file system structures (FAT, NTFS, EXT,
APFS)
o Metadata analysis and recovering deleted files
o Comparing forensic approaches across different operating
systems

3. Evidence Recovery and Forensic Tools (6 hours)

 Key Topics:
o Introduction to forensic tools: EnCase, FTK, Autopsy
o Recovering and analyzing hidden or encrypted data
o Advanced techniques in file carving and hashing

4. Data Acquisition and Analysis (6 hours)

 Key Topics:
o Imaging tools and techniques (bitstream copies, write
blockers)
o Methods of volatile and non-volatile memory acquisition
o Timeline analysis and reconstruction of digital events

5. Legal and Ethical Considerations in Computer Forensics (3 hours)

 Key Topics:
o Handling and preserving digital evidence with chain-of-
custody principles
o Ethical challenges in accessing and analyzing personal data
o Compliance with legal frameworks

7. Quantum Computing and Post-Quantum Forensics (2 hours)

 Key Topics:
o Impact of quantum computing on cryptographic security and
forensic processes.
o Developing forensic methods for post-quantum environments.

December 26, 2024 10

 6. Reporting and Presenting Forensic Findings (5 hours)
 Key Topics:
o Documenting analysis processes and findings
o Writing forensic reports
o Techniques for presenting evidence in a courtroom setting

Practical Sessions Practical Sessions Breakdown:

 Session 1: Introduction to Forensic Tools (FTK and EnCase) (4 hour)
o Familiarization with the interface and features of EnCase and
FTK.
 Session 2: File System Analysis Workshop (Windows) ( 5 hours)
o Analyzing NTFS and FAT file systems, recovering deleted files.
 Session 3: Linux and MacOS File System Forensics ( 5 hours)
o Investigating EXT and APFS file systems, analyzing logs.
 Session 4: Evidence Recovery and Imaging (5 hours)
o Using writes blockers and imaging tools to create forensic
copies.
 Session 5: Forensic Reporting and Presentation (2 hours)
o Preparing forensic reports and presenting findings for legal
purposes.
Assessment and  Continuous Assessment (50% of total grade):
Evaluation o Quizzes and Assignments: 20%
 Covering concepts of file system analysis, evidence
recovery, and forensic tools.
o Practical Session Performance: 30%
 Assessing hands-on skills in using tools and techniques.
 Final Examination (50% of total grade):
o Written Exam: 30%
 Testing theoretical knowledge of computer forensics
and key concepts.
o Practical Exam: 20%
 Performing a simulated forensic investigation using
provided tools.

Learning  Master file system analysis for forensic investigations.

Outcomes  Competently use forensic tools to recover and analyze evidence.
 Conduct data acquisition in a legally defensible manner.
 Create professional forensic reports for legal and organizational use.

December 26, 2024 11

Additional  Textbooks:
Resources o "File System Forensic Analysis" by Brian Carrier
o "Guide to Computer Forensics and Investigations" by Nelson,
Phillips, and Steuart
 Online Tools and Resources:
o FTK Imager (free version)
o Autopsy (open-source forensic tool)
 Hardware and Software Requirements:
o Access to forensic lab equipment (write blockers, imaging
tools).
o Computers pre-installed with Windows, Linux, and MacOS
virtual machines for practice.

December 26, 2024 12

6.4. Mobile Forensics (BDFPCP_004)
6.4.1. ECTS:
o 3 credits
6.4.2. Description:
o Methods for extracting and analyzing digital evidence from mobile devices
such as smartphones and tablets.
6.4.3. Key Topics:
o Mobile device data extraction
o Operating systems analysis (Android, iOS, etc.)
o Mobile forensics tools and techniques (Cellebrite, XRY, Magnetic, Oxygen,
etc.)

Module Title Mobile Forensics

Module Code BDFPCP_004

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 3
Module Total Workload: 81 hours
Workload  Lectures: 32 hours
 Practical Sessions: 21 hours
 Self-Study: 24 hours
 Assessment and Assignments: 4 hours

Prerequisite Computer Forensics (BDFPCP_003) or equivalent foundational knowledge

Module
Module in digital
The Mobileforensics.
Forensics module provides students with an in-depth
Description understanding of forensic methodologies for mobile devices. The course
explores techniques for extracting, analyzing, and preserving evidence
from mobile devices, focusing on Android and iOS platforms. Students
will gain hands-on experience with industry-standard tools such as
Cellebrite, XRY, and Oxygen, ensuring they are equipped to handle real-
world mobile forensic investigations effectively.
Course  Explain the fundamentals of mobile forensics, including unique
Objectives challenges and techniques.
 Extract and preserve data from mobile devices while maintaining
chain-of-custody.
 Analyze mobile operating systems (Android, iOS) for forensic
purposes.
 Utilize industry-standard tools (Cellebrite, XRY, etc.) to perform
mobile device investigations.
 Present findings in a professional manner suitable for legal
proceedings.

December 26, 2024 13

Course Outline 1. Introduction to Mobile Forensics (4 hours)
 Key Topics:
o Importance and scope of mobile forensics
o Overview of mobile device architecture
o Challenges in mobile device investigations

2. Mobile Device Data Extraction (6 hours)

 Key Topics:
o Logical, physical, and advanced data extraction techniques
o Handling damaged or encrypted devices
o Best practices in data preservation

3. Mobile Operating Systems Analysis (Android and iOS) (7 hours)

 Key Topics:
o Android file system and data structures
o iOS architecture and forensic analysis approaches
o Examining app data, logs, and artifacts

4. Tools and Techniques in Mobile Forensics (7 hours)

 Key Topics:
o Overview of tools (Cellebrite, XRY, Magnetic Forensics,
Oxygen Forensics)
o Tool selection based on case requirements
o Validation and cross-verification of extracted data

5. Legal and Ethical Considerations in Mobile Forensics (3 hours)

 Key Topics:
o Chain-of-custody procedures for mobile evidence
o Privacy concerns and ethical dilemmas
o Compliance with international and local legislation

6. 5G Network and Mobile Edge Computing Forensics (2 hours)

 Key Topics:
o Massive Data Volume and High Speed
o Distributed Data Storage and Processing
o Real-Time Evidence Acquisition
o Encrypted Communications

December 26, 2024 14

 7. Reporting and Presenting Mobile Forensic Findings (3 hours)
 Key Topics:
o Documenting mobile forensic analysis
o Creating comprehensive forensic reports
o Techniques for courtroom testimony

Practical Sessions  Session 1: Introduction to Mobile Forensic Tools (3 hour)

o Familiarization with Cellebrite, XRY, and Oxygen interfaces.
 Session 2: Logical and Physical Data Extraction (Android Devices) (6
hours)
o Extracting data from Android phones, handling encrypted
devices.
 Session 3: iOS Data Extraction and Analysis (5 hours)
o Using advanced tools to analyze iOS backups and file systems.
 Session 4: App Data Analysis and Artifacts Recovery (4 hours)
o Recovering chat histories, call logs, and multimedia files.
 Session 5: Forensic Reporting and Presentation (2 hours)
o Preparing reports and presenting findings for legal purposes.

Assessment and  Continuous Assessment (50% of total grade):

Evaluation o Quizzes and Assignments: 20%
 Covering mobile OS analysis, extraction techniques,
and tools.
o Practical Session Performance: 30%
 Evaluating hands-on proficiency with forensic tools and
techniques.
 Final Examination (50% of total grade):
o Written Exam: 30%
 Assessing theoretical knowledge and problem-solving
abilities.
o Practical Exam: 20%
 Performing a complete mobile forensic investigation.

Learning  Demonstrate proficiency in using tools like Cellebrite and XRY for
Outcomes mobile forensics.
 Analyze Android and iOS systems to extract critical evidence.
 Apply appropriate techniques for preserving and analyzing mobile
data.
 Produce professional reports aligned with forensic and legal
standards.

December 26, 2024 15

Additional  Textbooks:
Resources o "Learning Mobile Forensics" by Rohit Tamma and Heather
Mahalik
o "Mobile Forensics – Advanced Investigative Strategies" by
Mattia Epifani
 Online Tools and Resources:
o Cellebrite Learning Center
o Digital Forensics Investigation Toolkit
 Hardware and Software Requirements:
o Mobile forensic hardware kits (cables, adapters, write
blockers).
o Access to forensic lab tools (Cellebrite, XRY, Magnetic
Forensics).

December 26, 2024 16

6.5.Network Forensics (BDFPCP_005)
6.5.1. ECTS
o 3 credits
6.5.2. Description
o Methods for analyzing network traffic, detecting intrusions, and investigating
network-based cybercrimes.
6.5.3. Key Topics
o Packet capture and analysis
o Intrusion detection systems (IDS)
o Network forensic tools (Wireshark, tcpdump, etc)

Module Title Network Forensics

Module Code BDFPCP_005

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 3
Module Total Workload: 81 hours
Workload  Lectures: 32 hours
 Practical Sessions: 21 hours
 Self-Study: 24 hours
 Assessment and Assignments: 4 hours

Prerequisite Fundamentals of Digital Forensics (BDFPCP_001) or equivalent

Module
Module knowledge.
The Network Forensics module introduces students to techniques and tools
Description used to investigate network-based incidents. Students will learn how to
capture, analyze, and preserve network traffic evidence for forensic
purposes. The course covers key concepts like intrusion detection systems
(IDS), packet analysis, and the use of industry-standard tools like
Wireshark and tcpdump. Practical sessions emphasize real-world
applications in network traffic monitoring and intrusion response.

Course  Understand the principles and practices of network forensics.

Objectives  Capture and analyze network traffic for investigative purposes.
 Utilize tools such as Wireshark and tcpdump to identify and
document network anomalies.
 Investigate and respond to network intrusions effectively.
 Apply network forensic techniques in compliance with legal and
ethical standards.

December 26, 2024 17

Course Outline 1. Introduction to Network Forensics (4 hours)
 Key Topics:
o Importance of network forensics in cybersecurity
o Overview of network protocols (TCP/IP, UDP)
o Challenges in network forensic investigations

2. Packet Capture and Analysis (6 hours)

 Key Topics:
o Capturing network traffic using tools like tcpdump and
Wireshark
o Understanding network packets and payloads
o Detecting malicious activities

3. Intrusion Detection Systems (IDS) (6 hours)

 Key Topics:
o Overview of IDS and their role in forensics
o Analyzing IDS logs for evidence (Snort, Suricata)
o Incident response strategies

4. Network Forensic Tools and Techniques (6 hours)

 Key Topics:
o Using Wireshark for in-depth network analysis
o Leveraging tcpdump for real-time traffic capture
o Correlating network events with digital evidence

5. Legal and Ethical Considerations in Network Forensics (5 hours)

 Key Topics:
o Chain-of-custody for network traffic evidence
o Privacy concerns in network monitoring
o Adherence to local and international laws

6. Reporting and Presenting Network Forensic Findings (5 hours)

 Key Topics:
o Documenting network forensic investigations
o Creating actionable reports for stakeholders
o Techniques for presenting evidence in court

December 26, 2024 18

Practical Sessions Session 1: Introduction to Packet Capture Tools (4 hour)
o Basics of Wireshark and tcpdump interface.
Session 2: Analyzing Captured Traffic (5 hours)
o Identifying suspicious packets and anomalies.
Session 3: Working with IDS Logs (6 hours)
o Using Snort and Suricata for log analysis.
Session 4: Correlation of Network Events (4 hours)
o Tracing attacks and generating timelines.
Session 5: Forensic Reporting (2 hours)
o Content: Generating a comprehensive report for legal use.

Assessment and  Continuous Assessment (50% of total grade):

Evaluation o Quizzes and Assignments: 20%
 Covering packet analysis, IDS, and tools.
 Practical Session Performance: 30%
o Evaluating hands-on proficiency with tools like Wireshark.
 Final Examination (50% of total grade):
 Written Exam: 30%
o Testing theoretical understanding and problem-solving.
 Practical Exam: 20%
o Analyzing a network intrusion scenario.

Learning  Demonstrate proficiency in capturing and analyzing network traffic.

Outcomes  Investigate network intrusions using tools like Wireshark and tcpdump.
 Identify and document anomalies in network behavior.
 Apply network forensic techniques while adhering to legal standards.

Additional  Textbooks:
Resources o "Network Forensics: Tracking Hackers through Cyberspace" by
Sherri Davidoff and Jonathan Ham
o "Practical Packet Analysis" by Chris Sanders
 Online Tools and Resources:
o Wireshark University
o tcpdump manual pages
 Hardware and Software Requirements:
o Network analyzers and forensic kits.
o Access to IDS environments like Snort or Suricata.

December 26, 2024 19

6.6.Multimedia Forensics (BDFPCP_006)
6.6.1. ECTS
o 2 credits
6.6.2. Description
o Investigating multimedia files (images, videos, audio) for evidence, including
metadata extraction and file authentication.
6.6.3. Key Topics
o Metadata extraction and analysis
o Image, audio and video file analysis
o Multimedia forensic tools (, Amped, X1 Social Discovery, PhotoDNA, etc.)

Module Title Multimedia Forensics

Module Code BDFPCP_006

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 2
Module Total Workload: 54 hours
Workload  Lectures: 22 hours
 Practical Sessions: 13 hours
 Self-Study: 16 hours
 Assessment and Assignments: 3 hours

Prerequisite Fundamentals of Digital Forensics (BDFPCP_001) or equivalent

Module
Module knowledge.
The Multimedia Forensics module focuses on the techniques and tools
Description used to analyze multimedia files (images, audio, and video) for
investigative purposes. Students will learn how to extract and interpret
metadata, detect tampering, and use specialized forensic tools such as
Amped, X1 Social Discovery, and PhotoDNA. Practical sessions
emphasize the hands-on application of these tools and methods to real-
world forensic scenarios involving multimedia evidence.

December 26, 2024 20

Course  Understand the fundamentals of multimedia forensics and its
Objectives applications.
 Extract and analyze metadata from multimedia files to gather forensic
evidence.
 Analyze images, audio, and video files for manipulation or
authenticity.
 Use multimedia forensic tools like Amped and PhotoDNA effectively.
 Apply multimedia forensic techniques in compliance with legal and
ethical guidelines.
Course Outline 1. Introduction to Multimedia Forensics (4 hours)
 Key Topics:
o Importance of multimedia forensics in investigations
o Overview of image, audio, and video file formats
o Challenges in analyzing multimedia evidence

2. Metadata Extraction and Analysis (5 hours)

 Key Topics:
o Metadata types and sources
o Tools for metadata extraction and interpretation
o Use cases in forensic investigations

3. Image, Audio, and Video File Analysis (6 hours)

 Key Topics:
o Detecting tampering and manipulation
o Authenticating multimedia content
o Identifying content origins

4. Multimedia Forensic Tools (4 hours)

 Key Topics:
o Overview of tools like Amped, X1 Social Discovery, and
PhotoDNA
o Practical application of tools for case studies
o Tool limitations and advancements

5. Legal and Ethical Considerations in Multimedia Forensics (3 hours)

 Key Topics:
o Privacy and data protection
o Chain-of-custody for multimedia evidence
o Legal admissibility of multimedia evidence

December 26, 2024 21

Practical Sessions Practical Sessions Breakdown:
 Session 1: Metadata Extraction (3 hours)
o Using tools to extract metadata from multimedia files.
 Session 2: Detecting Image Manipulation (3 hours)
o Analyzing images for evidence of tampering.
 Session 3: Audio and Video File Authentication (2 hours)
o Identifying manipulations in audio and video evidence.
 Session 4: Using Multimedia Forensic Tools (3 hours)
o Hands-on training with tools like Amped and X1 Social
Discovery.
 Session 5: Case Study Analysis (2 hours)
o Analyzing a multimedia forensic case from start to finish.

Assessment and  Continuous Assessment (50% of total grade):

Evaluation o Quizzes and Assignments: 20%
 Covering multimedia forensic concepts and tools.
o Practical Session Performance: 30%
 Evaluating proficiency with multimedia forensic tools.
 Final Examination (50% of total grade):
o Written Exam: 30%
 Testing theoretical understanding of multimedia
forensics.
o Practical Exam: 20%
 Solving a multimedia forensic investigation scenario.

Learning  Demonstrate expertise in extracting and analyzing metadata from

Outcomes multimedia files.
 Identify manipulations in images, audio, and video evidence.
 Use multimedia forensic tools effectively to analyze and document
findings.
 Apply legal and ethical guidelines in handling multimedia evidence.

Additional  Textbooks:
Resources o "Multimedia Forensics and Security" by Aboul Ella Hassanien and
Ahmad Taher Azar
o "Forensic Image Analysis" by Marcos H. C. F. dos Santos
 Online Tools and Resources:
o Tutorials on Amped and PhotoDNA
o Case studies on multimedia forensics
 Hardware and Software Requirements:
o Forensic software (Amped, X1 Social Discovery, PhotoDNA)
o Multimedia analysis workstations

December 26, 2024 22

6.7.Social Media Forensics (BDFPCP_007)
6.7.1. ECTS
o 2 credits
6.7.2. Description:
o Techniques for recovering and analyzing evidence from social media
platforms and networks.
6.7.3. Key Topics:
o Social media platforms (Facebook, Twitter, Instagram, LinkedIn)
o Social media data extraction and analysis
o Investigating cyberstalking, harassment, and data breaches

Module Title Social Media Forensics

Module Code BDFPCP_007

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 2
Module Total Workload: 54 hours
Workload  Lectures: 22 hours
 Practical Sessions: 16 hours
 Self-Study: 12 hours
 Assessments and Assignments: 4 hours

Prerequisite Fundamentals of Digital Forensics (BDFPCP_001)

Module
Module The Social Media Forensics module equips students with the knowledge
Description and tools to investigate and analyze social media activities for forensic
purposes. It covers the extraction and analysis of data from platforms such
as Facebook, Twitter, Instagram, and LinkedIn, addressing challenges like
privacy concerns and legal implications. Emphasis is placed on
investigating cases involving cyberstalking, harassment, and data breaches
using forensic tools and techniques.
Course  Understand the structure and functionalities of major social media
Objectives platforms.
 Extract and analyze social media data for forensic investigations.
 Investigate cases of cybercrimes like stalking, harassment, and data
breaches on social media.
 Utilize forensic tools specific to social media analysis.
 Adhere to ethical and legal guidelines when handling social media
evidence.

December 26, 2024 23

Course Outline 1. Introduction to Social Media Forensics (4 hours)
 Key Topics:
o Overview of social media platforms
o Role of social media in digital forensics
o Ethical and legal considerations

2. Social Media Platforms Analysis (6 hours)

 Key Topics:
o Understanding Facebook, Twitter, Instagram, and LinkedIn
architecture
o Metadata and user behavior analysis

3. Social Media Data Extraction and Analysis ( 6 hours)

 Key Topics:
o Methods for extracting data from social media
o Analysis techniques using forensic tools
o Addressing privacy concerns

4. Investigating Cybercrimes on social media (4 hours)

 Key Topics:
o Cyberstalking and harassment investigations
o Identifying and tracing fake accounts
o Investigating data breaches involving social media

5. Case Studies and Legal Implications (2 hours)

 Key Topics:
o Real-world case analysis of social media crimes
o Legal considerations for evidence from social media

Practical Sessions Practical Sessions Breakdown:

 Session 1: Introduction to Social Media Platforms (3 hours)
o Exploring forensic aspects of Facebook and Twitter metadata.
 Session 2: Data Extraction and Analysis (6 hours)
o Extracting data using tools like X1 Social Discovery and
Magnet Axiom.
 Session 3: Investigating Cyberstalking and Harassment (4 hours)
o Simulating case studies involving cyberstalking and tracing
online activity.
 Session 4: Comprehensive Investigation Case Study (3 hours)
o Solving a real-world scenario using data from multiple
platforms.

December 26, 2024 24

Assessment and  Continuous Assessment (50% of total grade):
Evaluation o Assignments and Quizzes: 20%
 Covering key concepts and forensic tools.
o Practical Lab Performance: 30%
 Evaluating hands-on skills in social media forensic
techniques.
 Final Examination (50% of total grade):
o Written Exam: 30%
 Testing theoretical knowledge of social media forensics.
o Practical Exam: 20%
 Solving a comprehensive forensic investigation
involving social media platforms.
Learning  Analyze and recover forensic evidence from social media platforms.
Outcomes  Investigate cybercrimes on social media using appropriate tools and
techniques.
 Demonstrate an understanding of the legal and ethical issues in
handling social media evidence.
 Apply advanced tools for analyzing metadata and user activity.

Additional  Textbooks:
Resources o "Social Media Investigation for Law Enforcement" by Joshua
Brunty and Katherine Helenek.
o "Digital Forensics for Social Media: The New Frontier in
Digital Evidence" by Gregory Kipper.
 Online Resources:
o Tutorials for forensic tools like Magnet Axiom, X1 Social
Discovery, and Oxygen Forensic Suite.
o Case studies on social media crimes and forensic investigations.
 Software and Tools:
o X1 Social Discovery
o Magnet Axiom Social Media
o Netlytic
 Hardware Requirements:
o Forensic workstations with high-speed internet for social media
analysis.

December 26, 2024 25

6.8.Malware Analysis (BDFPCP_008)
6.8.1. ECTS
o 3 credits
6.8.2. Description
o Techniques for analyzing malicious software (malware), reverse engineering,
and extracting evidence from infected systems.
6.8.3. Key Topics:
o Malware types and behavior
o Static and dynamic malware analysis
o Reverse engineering techniques and forensic tools (OllyDbg, IDA Pro)

Module Title Malware Analysis

Module Code BDFPCP_008

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 3
Module Total Workload: 81 hours
Workload  Lectures: 32 hours
 Practical Sessions: 21 hours
 Self-Study: 24 hours
 Assessments and Assignments: 4 hours

Prerequisite Fundamentals of Digital Forensics (BDFPCP_001)

Module
Module The Malware Analysis module provides students with the knowledge and
Description skills to analyze and dissect malicious software to understand its
functionality and impact. Students will explore different malware types
and their behaviors, employ static and dynamic analysis techniques, and
utilize reverse engineering tools like OllyDbg and IDA Pro. The course
emphasizes understanding how malware operates and the methods to
detect, analyze, and mitigate its effects.
Course  Identify and classify various types of malwares and their behaviors.
Objectives  Conduct static and dynamic malware analysis to uncover malicious
intent and functionality.
 Apply reverse engineering techniques using industry-standard tools.
 Assess and document the impact of malware on digital systems.
 Implement best practices and strategies to mitigate malware threats.

December 26, 2024 26

Course Outline 1. Introduction to Malware Analysis (6 hours)
 Key Topics:
o Overview of malware types and evolution
o Importance of malware analysis in digital forensics
o Ethical and legal considerations

2. Malware Types and Behavior (6 hours)

 Key Topics:
o Types: Viruses, worms, Trojans, ransomware, rootkits
o Behavior analysis: Persistence mechanisms, privilege
escalation

3. Static Malware Analysis (8 hours)

 Key Topics:
o Analyzing malware without execution
o File analysis: Headers, metadata, and hashing
o Tools: PEiD, Strings

4. Dynamic Malware Analysis (6 hours)

 Key Topics:
o Executing malware in a controlled environment
o Behavioral analysis: File, process, and network activity
o Tools: Cuckoo Sandbox, Process Monitor

5. Reverse Engineering Techniques (4 hours)

 Key Topics:
o Disassemblers and debuggers: OllyDbg, IDA Pro
o Understanding assembly language basics
o Extracting intelligence from malware

6. Malware Reporting and Mitigation (2 hours)

 Key Topics:
o Documenting analysis findings
o Techniques for malware removal and prevention

December 26, 2024 27

Practical Sessions  Session 1: Introduction to Malware Analysis Tools (3 hours)
o Exploring tools like PEiD, Strings, and HashMyFiles.
 Session 2: Behavioral Analysis of Malware (6 hours)
o Observing malware activity in a sandbox environment.
 Session 3: Static and Dynamic Analysis (6 hours)
o Analyzing malware files and execution behaviors.
 Session 4: Reverse Engineering (4 hours)
o Using IDA Pro and OllyDbg for disassembly and debugging.
 Session 5: Reporting and Mitigation Strategies (2 hours)
o Writing reports and developing mitigation plans.

Assessment and  Continuous Assessment (50% of total grade):

Evaluation o Assignments and Quizzes: 20%
 Covering malware types and analysis techniques.
o Practical Lab Performance: 30%
 Evaluating hands-on skills in static and dynamic analysis.
 Final Examination (50% of total grade):
o Written Exam: 30%
 Testing theoretical understanding of malware analysis.
o Practical Exam: 20%
 Conducting a comprehensive malware investigation.

Learning  Differentiate between malware types and understand their

Outcomes behaviors.
 Analyze malware using static and dynamic techniques.
 Reverse-engineer malware using professional tools.
 Document findings and propose effective mitigation strategies.
 Apply legal and ethical principles in malware analysis.
Additional  Textbooks:
Resources o "Practical Malware Analysis" by Michael Sikorski and Andrew
Honig.
o "Malware Analyst's Cookbook and DVD" by Michael Ligh et
al.
 Online Resources:
o Tutorials for OllyDbg and IDA Pro.
o Malware analysis labs and exercises.
 Software and Tools:
o Static Analysis: PEiD, HashMyFiles
o Dynamic Analysis: Process Monitor, Cuckoo Sandbox
o Reverse Engineering: OllyDbg, IDA Pro
 Hardware Requirements:
o Isolated virtual environments with necessary tools installed.

December 26, 2024 28

6.9.Database Forensics (BDFPCP_009)
6.9.1. ECTS
o 2 credits
6.9.2. Description
o Techniques for investigating and analyzing relational and NoSQL databases to
uncover evidence.
6.9.3. Key Topics
o Relational and NoSQL database analysis (SQL, MongoDB)
o Database file system analysis
o Log analysis and recovery of deleted records

Module Title Database Forensics

Module Code BDFPCP_009

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 2
Module Total Workload: 54 hours
Workload  Lectures: 22 hours
 Practical Sessions: 16 hours
 Self-Study: 12 hours
 Assessments and Assignments: 4 hours
Prerequisite Fundamentals of Digital Forensics (BDFPCP_001)
Module
Module The Database Forensics module introduces students to the forensic analysis
Description of databases, focusing on both relational and NoSQL databases. Students
will learn to analyze database structures, recover deleted records, and
extract forensic evidence from database logs and file systems. The course
emphasizes understanding database technologies and applying forensic
techniques to identify, extract, and preserve critical evidence in database
systems.
Course  Understand the fundamental concepts of relational and NoSQL
Objectives databases.
 Analyze and interpret database structures and files for forensic
purposes.
 Recover deleted records and investigate database logs.
 Use specialized tools for database forensic investigations.
 Apply database forensic techniques in compliance with legal and
ethical standards.

December 26, 2024 29

Course Outline 1. Introduction to Database Forensics (3 hours)
 Key Topics:
o Overview of database forensics
o Database Management Systems (DBMS)
o Relevance of database forensics in digital investigations

2. Database File System Analysis (5 hours)

 Key Topics:
o Analyzing database storage structures
o Tools for database file system analysis
Microsoft SQL and Oracle database analysis (4 hours)
 Key Topics:
o Data Integrity and Recovery
o User Activity and Privilege Abuse
o Malicious Query and Injection Detection
o Backup and Export File Analysis

3. Relational and NoSQL Database Analysis (4 hours)

 Key Topics:
o Relational databases (SQL): Schema, tables, queries
o NoSQL databases (MongoDB): Documents, collections,
queries
4. Log Analysis and Recovery of Deleted Records (4 hours)
 Key Topics:
o Investigating database logs
o Techniques for recovering deleted records

5. Reporting and Documentation in Database Forensics (2 hours)

 Key Topics:
o Preparing forensic reports for database investigations
o Documentation standards and best practices

Practical Sessions  Session 1: Introduction to Database Forensics Tools (3 hour)

o Exploring tools like SQL Server Management Studio and
MongoDB Compass.
 Session 2: Relational and NoSQL Database Analysis (4 hours)
o Examining database schemas, tables, and queries.
 Session 3: File System Analysis (4 hours)
o Investigating database storage structures and recovery.
 Session 4: Log Analysis and Record Recovery (3 hours)
o Using tools to analyze logs and recover deleted records.
 Session 5: Reporting Findings (2 hours)
o Content: Preparing a forensic report from a database
investigation.

December 26, 2024 30

Assessment and  Continuous Assessment (50% of total grade):
Evaluation o Assignments and Quizzes: 20%
 Covering database analysis techniques and concepts.
o Practical Lab Performance: 30%
 Hands-on evaluations of database forensic skills.
 Final Examination (50% of total grade):
o Written Exam: 30%
 Testing theoretical understanding of database forensics.
o Practical Exam: 20%
 Conducting a complete database forensic investigation.

Learning  Demonstrate a clear understanding of relational and NoSQL database

Outcomes structures.
 Apply forensic techniques to extract and analyze database evidence.
 Recover deleted records and investigate database logs effectively.
 Prepare comprehensive forensic reports for database investigations.
 Adhere to ethical and legal principles in database forensic practices.

Additional  Textbooks:
Resources o "SQL Server Forensics Analysis" by Kevvie Fowler.
o "MongoDB Applied Design Patterns" by Rick Copeland.
 Online Resources:
o Tutorials on SQL and MongoDB for forensic analysis.
o Practice labs for database recovery and investigation.
 Software and Tools:
o SQL Server Management Studio (SSMS)
o MongoDB Compass
o ApexSQL Log, DB Browser for SQLite
 Hardware Requirements:
o Access to virtual environments with database servers pre-
installed.

December 26, 2024 31

6.10. Emerging Technologies in Digital Forensics (BDFPCP_010)
6.10.1. ECTS
o 3 credits
6.10.2. Description
o Techniques for investigating virtualized environments, including virtual
machines (VMs), cloud storage, and containerized applications.
6.10.3. Key Topics:
o Virtual machine analysis
o Cloud forensics (Amazon Web Services, Google Cloud)
o Docker and containerized forensic techniques
o IOT forensic
o Blockchain and cryptocurrency
o Artificial Intelligence and Machine Learning Forensics
o Artificial Reality (AR) and Virtual Reality (VR) Forensics

Module Title Emerging Technologies in Digital Forensics

Module Code BDFPCP_0010

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 3
Module Total Workload: 81 hours
Workload  Lectures: 32 hours
 Practical Sessions: 21 hours
 Self-Study: 24 hours
 Assessments and Assignments: 4 hours

Prerequisite  Fundamentals of Digital Forensics (BDFPCP_001)

Module  Computer Forensics (BDFPCP_003)

Module The Virtual Environment Forensics module explores advanced forensic

Description investigation techniques in virtualized and cloud-based environments.
Students will learn how to analyze virtual machines, investigate cloud
environments such as AWS and Google Cloud, and utilize forensic
methods for containerized applications like Docker. Practical sessions
focus on using specialized tools and techniques for collecting, analyzing,
and preserving digital evidence in virtualized and cloud contexts while
addressing unique challenges and legal implications.

December 26, 2024 32

Course  Understand the fundamentals of virtual environments and their
Objectives implications for digital forensics.
 Analyze and recover evidence from virtual machines and containerized
applications.
 Conduct forensic investigations in cloud environments, including AWS
and Google Cloud.
 Apply advanced tools and techniques for virtual environment forensics.
 Adhere to legal and ethical guidelines in handling evidence from
virtual environments.
Course Outline 1. Introduction to Virtual Environment Forensics (3 hours)
 Key Topics:3
o Overview of virtualization and cloud computing
o Challenges in virtual environment forensics
o Legal considerations and ethical concerns

2. Virtual Machine Analysis (6 hours)

 Key Topics:
o Anatomy of virtual machines (VMs)
o Evidence recovery in VMs
o Tools for VM analysis

3. Cloud Forensics (8 hours)

 Key Topics:
o Cloud architecture and forensic challenges
o Data acquisition in cloud environments (AWS, Google
Cloud)
o Tools and techniques for cloud forensics

4. Docker and Containerized Forensic Techniques (6 hours)

 Key Topics:
o Basics of Docker and containerization
o Evidence extraction from Docker environments
o Forensic tools for containerized applications
6. Emerging Trend (Lecture: 6 hours)
 Key Topics:
o IOT
o Blockchain and cryptocurrency
o Artificial Intelligence and Machine Learning Forensics
o Artificial Reality (AR) and Virtual Reality (VR) Forensics

December 26, 2024 33

 5. Case Studies and Legal Aspects (Lecture: 3 hours)
 Key Topics:
o Real-world forensic investigations in virtual environments
o Chain of custody and evidence admissibility

Practical Sessions  Session 1: Virtual Machine Analysis (4 hours)

o Analyze virtual disk images and recover evidence using tools
like FTK or Autopsy.
 Session 2: Cloud Forensics Tools (6 hours)
o Conduct forensic analysis on AWS or Google Cloud
environments using tools like Magnet Axiom and X1 Social
Discovery.
 Session 3: Docker Forensic Techniques (5 hours)
o Investigate Docker containers and extract artifacts using
specialized tools.
 Session 4: Real-World Case Study Analysis (6 hours)
o Comprehensive forensic analysis of a scenario involving virtual
machines, cloud data, and Docker containers.

Assessment and  Continuous Assessment (50% of total grade):

Evaluation o Assignments and Quizzes: 20%
 Covering key concepts and tools.
o Practical Lab Performance: 30%
 Evaluating hands-on skills in virtual environment
forensic techniques.
 Final Examination (50% of total grade):
o Written Exam: 30%
 Testing theoretical knowledge of virtual environment
forensics.
o Practical Exam: 20%
 Solving a comprehensive forensic investigation
scenario.
Learning  Analyze and recover forensic evidence from virtual environments,
Outcomes including VMs and containers.
 Conduct cloud-based investigations using appropriate tools and
techniques.
 Navigate the legal and technical challenges associated with virtual and
cloud environments.
 Demonstrate the ability to handle complex forensic cases involving
virtual environments.

December 26, 2024 34

Additional  Textbooks:
Resources o "Virtualization and Forensics: A Digital Forensic Investigator’s
Guide to Virtual Environments" by Diane Barrett and Greg Kipper.
o "Cloud Computing Security and Forensics" by Nelson Ruest and
Danielle Ruest.
 Online Resources:
o Tutorials on forensic tools for cloud and virtualization.
o AWS and Google Cloud forensic case studies.
 Software and Tools:
o Virtual machine forensic tools (FTK, EnCase, Autopsy)
o Cloud forensic platforms (Magnet Axiom Cloud, AWS CLI tools)
o Docker forensic tools
 Hardware Requirements:
o High-performance workstations for VM and container analysis.
o Access to cloud environments (AWS, Google Cloud).

December 26, 2024 35

6.11. Critical Thinking and Problem-Solving Skills in Digital Forensic Science
(BDFPCP_011)
6.11.1. ECTS
o 3 credits
6.11.2. Description
o Developing critical thinking, logical reasoning, and problem-solving abilities
in the context of digital forensic investigations.
6.11.3. Key Topics
o Analyzing complex digital forensic problems
o Decision-making processes in forensic investigations
o Case study discussions and simulations

Module Title Critical Thinking and Problem-Solving Skills in Digital Forensic Science

Module Code BDFPCP_011

Program Basic Digital Forensic Postgraduate Certificate Program (BDFPCP)
ECTS 2
Module Total Workload: 54 hours
Workload  Lectures: 22 hours
 Practical Sessions: 16 hours
 Self-Study: 12 hours
 Assessments and Assignments: 4 hours

Prerequisite Fundamentals of Digital Forensics (BDFPCP_001)

Module
Module This module equips students with critical thinking and advanced problem-
Description solving skills tailored for the challenges in digital forensic investigations.
It emphasizes logical reasoning, structured decision-making processes, and
the application of these skills to analyze complex forensic cases. By
integrating theoretical knowledge with practical case studies and
simulations, students will learn to approach digital forensic investigations
systematically and develop solutions under varied scenarios.

Course  Identify and analyze complex problems in digital forensic

Objectives investigations.
 Develop structured and logical approaches to decision-making.
 Evaluate forensic evidence critically and construct comprehensive
solutions.
 Apply critical thinking frameworks in case studies and simulations.
 Communicate investigative findings effectively in written and oral
formats.

December 26, 2024 36

Course Outline 1. Introduction to Critical Thinking in Digital Forensics (3 hours)
 Key Topics:
o Definition and importance of critical thinking in digital
forensics
o Characteristics of critical thinkers

2. Problem-Solving Frameworks (5 hours)

 Key Topics:
o Problem identification and hypothesis generation
o Decision-making models

3. Analyzing Complex Digital Forensic Problems (5 hours)

 Key Topics:
o Breaking down complex cases
o Identifying key evidence and relationships

4. Decision-Making Processes in Forensic Investigations (5 hours)

 Key Topics:
o Evaluating alternative approaches
o Risk assessment and prioritization

5. Case Study Discussions and Simulations (4 hours)

 Key Topics:
o Real-world forensic cases
o Hands-on simulations and group discussions

Practical Sessions  Session 1: Applying Critical Thinking to Evidence Analysis (2 hours)

o Hands-on exercise identifying flaws in forensic evidence
reports.
 Session 2: Problem-Solving Framework Application (3 hours)
o Developing hypotheses for hypothetical cases.
 Session 3: Simulation: Digital Evidence Triangulation (4 hours)
o Correlating evidence from multiple sources to solve a case.
 Session 4: Decision-Making in Live Scenarios (4 hours)
o Case-based role-playing to simulate investigative decision-
making.
 Session 5: Team Case Study Presentation (3 hours)
o Group presentations and feedback on forensic case solutions.

December 26, 2024 37

Assessment and  Continuous Assessment (50% of total grade):
Evaluation o Assignments and Quizzes: 20%
 Focused on problem-solving exercises and decision-
making scenarios.
o Practical Lab Performance: 30%
 Based on participation in simulations and case study
discussions.
 Final Examination (50% of total grade):
o Written Exam: 30%
 Testing knowledge of frameworks and critical thinking
strategies.
o Practical Exam: 20%
 Solving a complex forensic case scenario.

Learning  Exhibit enhanced critical thinking skills tailored for digital forensic
Outcomes challenges.
 Apply structured problem-solving frameworks to investigations.
 Make informed decisions in complex forensic scenarios.
 Collaborate effectively during case discussions and simulations.
 Present findings in a professional and concise manner

Additional  Textbooks:
Resources o "Critical Thinking and Problem Solving for Digital Forensics"
by Michael Workman.
o "Practical Decision-Making in Digital Investigations" by
Gregory Kipper.
 Online Resources:
o Case studies from digital forensic investigations.
o Interactive simulation platforms for decision-making.
 Software and Tools:
o CaseMap for evidence organization.
o Analytical tools for decision modeling.
 Hardware Requirements:
o Systems with simulated digital forensic labs for hands-on
learning.

December 26, 2024 38

7. Program Features
7.1. Practical Hands-on Training:
 Participants will use industry-standard forensic tools, such as EnCase, FTK, and Autopsy,
during practical sessions.
 Practical labs focused on real-world case studies, from mobile and computer forensics to
network and malware analysis.
7.2. Expert Instruction:
 Instructors are experienced professionals in the fields of law enforcement, digital forensics,
and cybersecurity.
 Guest lectures from industry experts and legal professionals to enrich the learning
experience.
7.3. Flexible Delivery Format:
 Evening and weekend classes to accommodate working professionals.
 Blended learning with a combination of online modules and in-person sessions.
7.4. Case-Based Learning:
 Case studies of recent high-profile cybercrime investigations and their forensic analysis.
 Participants work through realistic scenarios, solving forensic problems in simulated
environments.
7.5. Tools and Resources:
 Access to a range of forensic tools for practical exercises, such as FTK, X1 Social
Discovery, and Kali Linux.
 Database and cloud-based forensic analysis platforms for practical training.

8. Learning Outcomes:

 Have a solid understanding of the various branches of digital forensics, including computer, mobile,
network, and cloud forensics.

 Be capable of conducting digital forensic investigations on multiple platforms and devices.

 Understand the legal implications of digital evidence handling, privacy, and cybercrime laws in
Ethiopia.
 Demonstrate proficiency in using forensic tools to extract and analyze evidence.
 Possess critical thinking skills necessary for solving complex digital forensic problems.

December 26, 2024 39

9. Program Benefits for the Ethiopian Security
 Improved Cybercrime Investigation Capacity:
 Participants will be able to contribute effectively to national cybercrime investigations,
enhancing Ethiopia’s capability to tackle cybercrimes such as hacking, fraud, and identity
theft.
 Increased Expertise in Forensic Science:
 The program will build a pool of skilled forensic analysts within the Ethiopian Security
Agency, reducing reliance on external expertise.
 Compliance with National and International Standards:
 By integrating Ethiopian laws and international frameworks (like the Budapest
Convention), the program ensures that forensic investigations meet legal standards.
 Enhanced National Security:
 With expertise in digital forensics, participants can investigate threats to national security,
including terrorism, cyber espionage, and digital warfare.
 Improved Public Trust:
 Strengthening the Ethiopian Security Agency’s ability to investigate and prosecute
cybercrimes will enhance public trust in the agency's effectiveness in protecting citizens
from cyber threats.

10. Additional Program Information

 Admission Requirements
 Bachelor’s degree in a relevant field (e.g., computer science, information security, law
enforcement) or equivalent work experience.
 Experience or familiarity with basic IT concepts and law enforcement processes.
 Assessment Methods
 Continuous assessment through assignments, quizzes, practical sessions, and case studies.
 Final written exam and practical examination to test overall comprehension and skills.

December 26, 2024 40