Overview
This advanced unit provides you with a broad understanding of electronic crime and digital forensics in investigations of electronic criminal activities. In this unit, you will learn digital forensics procedures and tools, methods of using digital evidence in justice and legal issues in digital forensics. You will use industry leading software tools to conduct your own forensics investigation on realistic case studies. Completion of this unit enables you to pursue careers within an electronic crime investigation unit of law enforcement agencies, government departments, and businesses.
Details
Pre-requisites or Co-requisites
Pre-requisite: COIT11238 Networked Infrastructure Foundations and COIT12206 TCP/IP Principles and Protocols.
Important note: Students enrolled in a subsequent unit who failed their pre-requisite unit, should drop the subsequent unit before the census date or within 10 working days of Fail grade notification. Students who do not drop the unit in this timeframe cannot later drop the unit without academic and financial liability. See details in the Assessment Policy and Procedure (Higher Education Coursework).
Offerings For Term 2 - 2026
Attendance Requirements
All on-campus students are expected to attend scheduled classes - in some units, these classes are identified as a mandatory (pass/fail) component and attendance is compulsory. International students, on a student visa, must maintain a full time study load and meet both attendance and academic progress requirements in each study period (satisfactory attendance for International students is defined as maintaining at least an 80% attendance record).
Recommended Student Time Commitment
Each 6-credit Undergraduate unit at CQUniversity requires an overall time commitment of an average of 12.5 hours of study per week, making a total of 150 hours for the unit.
Class Timetable
Assessment Overview
Assessment Grading
This is a graded unit: your overall grade will be calculated from the marks or grades for each assessment task, based on the relative weightings shown in the table above. You must obtain an overall mark for the unit of at least 50%, or an overall grade of 'pass' in order to pass the unit. If any 'pass/fail' tasks are shown in the table above they must also be completed successfully ('pass' grade). You must also meet any minimum mark requirements specified for a particular assessment task, as detailed in the 'assessment task' section (note that in some instances, the minimum mark for a task may be greater than 50%). Consult the University's Grades and Results Policy for more details of interim results and final grades.
All University policies are available on the CQUniversity Policy site.
You may wish to view these policies:
- Grades and Results Policy
- Assessment Policy and Procedure (Higher Education Coursework)
- Review of Grade Procedure
- Student Academic Integrity Policy and Procedure
- Monitoring Academic Progress (MAP) Policy and Procedure - Domestic Students
- Monitoring Academic Progress (MAP) Policy and Procedure - International Students
- Student Refund and Credit Balance Policy and Procedure
- Student Feedback - Compliments and Complaints Policy and Procedure
- Information and Communications Technology Acceptable Use Policy and Procedure
This list is not an exhaustive list of all University policies. The full list of University policies are available on the CQUniversity Policy site.
Feedback, Recommendations and Responses
Every unit is reviewed for enhancement each year. At the most recent review, the following staff and student feedback items were identified and recommendations were made.
Feedback from Unit Coordinator reflection
There is a need for greater emphasis on network forensics skills that reflect contemporary cybersecurity practice and student expectations within the Network and Cyber Security major.
Rebalance the unit content to strengthen coverage of network forensics, aligned with the Network and Cyber Security major, without changes to the assessment structure.
- Define electronic crime and digital forensics
- Describe the role of digital forensic professionals in investigation and prevention of electronic crime in business environments
- Apply a systematic approach to the capture, recording, and analysis of events in a digital forensic investigation
- Discuss the legal issues involved in a forensic investigation and in current professional forensic practice
- Prepare a design and report for a digital forensic investigation.
The Australian Computer Society (ACS), the professional association for Australia's ICT sector, recognises the Skills Framework for the Information Age (SFIA). SFIA is adopted by organisations, governments, and individuals in many countries and provides a widely used and consistent definition of ICT skills. SFIA is increasingly being used when developing job descriptions and role profiles. ACS members can use the tool MySFIA to build a skills profile.
This unit contributes to the following workplace skills as defined by SFIA 9 (the SFIA code is included):
- Digital forensics (DGFS)
- Network Support (NTAS)
- Problem Management (PBMG)
- Incident Management (USUP)
- Information security ( SCTY)
The National Initiative for Cybersecurity Education (NICE) Framework defines knowledge, skills and tasks needed to perform various cyber security roles. Developed by the National Institute of Standards and Technology (NIST), the NICE Framework is used by organisations to plan their workforce, including recruit into cyber security positions.
This unit helps prepare you for roles within electronic crime investigation unit of law enforcement agencies, government departments, and businesses, contributing to the following knowledge and skills:
- K0003 Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0117 Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).
- K0622 Knowledge of controls related to the use, processing, storage, and transmission of data.
Alignment of Assessment Tasks to Learning Outcomes
| Assessment Tasks | Learning Outcomes | ||||
|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | |
| 1 - Portfolio - 30% | |||||
| 2 - In-class Test(s) - 25% | |||||
| 3 - Written Assessment - 45% | |||||
Alignment of Graduate Attributes to Learning Outcomes
| Graduate Attributes | Learning Outcomes | ||||
|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | |
| 1 - Communication | |||||
| 2 - Problem Solving | |||||
| 3 - Critical Thinking | |||||
| 4 - Information Literacy | |||||
| 5 - Team Work | |||||
| 6 - Information Technology Competence | |||||
| 7 - Cross Cultural Competence | |||||
| 8 - Ethical practice | |||||
| 9 - Social Innovation | |||||
| 10 - First Nations Knowledges | |||||
| 11 - Aboriginal and Torres Strait Islander Cultures | |||||
Textbooks
Guide to Computer Forensics and Investigations
- 7th Edition (2025)
- Authors: Bill Nelson, Amelia Phillips, Christopher Steuart
- Cengage Learning
- Mason Mason , OH , USA
- ISBN: ISBN-10: 0357672887 ; ISBN-13: 9780357672884
If you have issues accessing the eBook at the Library, both paper and eBook can be purchased at the CQUni Bookshop here: http://bookshop.cqu.edu.au (search on the Unit code).
- Binding: Paperback
Additional Textbook Information
The textbook is available online via CQU library.
IT Resources
- CQUniversity Student Email
- Internet
- Unit Website (Moodle)
- Computer forensic software and data files (included in MindTap- a cloud-based virtual lab integrated into Moodle unit website)
All submissions for this unit must use the referencing style: Harvard (author-date)
For further information, see the Assessment Tasks.
j.hassan@cqu.edu.au
Week 1
Begin Date: 13 Jul 2026Module/Topic
Understanding the Digital Forensics Profession and Investigations
Chapter
Module 1
Events and Submissions/Topic
Week 2
Begin Date: 20 Jul 2026Module/Topic
The Investigator's Laboratory and Digital Forensics tools
Chapter
Module 3
Events and Submissions/Topic
Week 3
Begin Date: 27 Jul 2026Module/Topic
Data Acquisition
Chapter
Module 4
Events and Submissions/Topic
Week 4
Begin Date: 03 Aug 2026Module/Topic
Processing Crime and Incident Scenes
Chapter
Module 5
Events and Submissions/Topic
Portfolio Part 1 (15%) covering tutorial work from Weeks 2, 3, and 4 is due on Friday of Week 4.
Week 5
Begin Date: 10 Aug 2026Module/Topic
Understanding Windows and Linux Systems
Chapter
Module 6 and Module 7 (excludes Macintosh file systems)
Events and Submissions/Topic
Week 6
Begin Date: 17 Aug 2026Module/Topic
Media Files and Digital Forensics
Chapter
Module 8
Events and Submissions/Topic
Vacation Week
Begin Date: 24 Aug 2026Module/Topic
Vacation Week
Chapter
Events and Submissions/Topic
Week 7
Begin Date: 31 Aug 2026Module/Topic
Virtual Machine Forensics and Live Acquisition Forensics
Chapter
Module 9
Events and Submissions/Topic
Portfolio Part 2 (15%) covering tutorial work from Weeks 5, 6, and 7 is due on Friday of Week 7.
Week 8
Begin Date: 07 Sep 2026Module/Topic
Network Forensics, E-mail and Social Media Investigations
Chapter
Module 10 and Module 13
Events and Submissions/Topic
Week 9
Begin Date: 14 Sep 2026Module/Topic
Mobile Device Forensics
Chapter
Module 12
Events and Submissions/Topic
Week 10
Begin Date: 21 Sep 2026Module/Topic
Cloud Forensics and the Internet of Anything
Chapter
Module 11
Events and Submissions/Topic
Assessment 2 (In-class Test): Conducted during your Week 10 tutorial class (for campus-based students) or your Week 10 Zoom session (for online students).
Week 11
Begin Date: 28 Sep 2026Module/Topic
e-Discovery
Chapter
Module 14
Events and Submissions/Topic
Week 12
Begin Date: 05 Oct 2026Module/Topic
Digital Forensic Report for the Expert Witness, Ethics and Professional Responsibilities
Chapter
Module 2 and Module 15
Events and Submissions/Topic
Assessment 3: Written Assessment (45%) is due on Friday of Week 12.
Assessment 3 Due: Week 12 Friday (9 Oct 2026) 11:55 pm AEST
Exam Week
Begin Date: 12 Oct 2026Module/Topic
Chapter
Events and Submissions/Topic
Vacation/Exam Week
Begin Date: 19 Oct 2026Module/Topic
Chapter
Events and Submissions/Topic
Unit Coordinator: Associate Professor Jahan Hassan; j.hassan@cqu.edu.au
Unit Scope: For desktop and server forensics, this unit covers Windows and Linux operating systems only. Macintosh (macOS) desktop platforms are strictly out of scope and will not be assessed (the relevant textbook sections are excluded and lecture slides have been removed). However, interested students are welcome to read these sections directly from the e-book for their own professional development.
Note: Apple iOS mobile device forensics remains in scope and will be covered in the unit.
1 Portfolio
The Portfolio assessment requires students to document selected weekly tutorial activities completed using the Live Virtual Machine Lab, accessed via Moodle. This includes key screenshots, investigation results, and short reflections on key digital forensics concepts explored during the tutorials. Submitted in two parts, the portfolio highlights students’ hands-on engagement with forensic tools and their ability to document and reflect on evidence-based tasks. The portfolio is submitted in two parts:
Portfolio Part 1 (15%): Covers tutorial work from Weeks 2, 3, and 4. This part must be submitted by Friday of Week 4.
Portfolio Part 2 (15%): Covers tutorial work from Weeks 5, 6, and 7. This part is due by Friday of Week 7.
AI ASSESSMENT SCALE - NO AI: You must not use Al at any point during the assessment. You must demonstrate your core skills and knowledge.
Portfolio Part 1 is due on Friday of Week 4; Portfolio Part 2 is due on Friday of Week 7. Check Moodle submission links for exact due dates and times.
Feedback will be returned through Moodle within two weeks after the due date.
Each portfolio submission will be evaluated based on the following:
- Clarity and Organisation: Work is clearly presented, well-structured, and easy to follow. Screenshots and outputs are relevant and appropriately labelled.
- Technical Accuracy and Application: Demonstrates correct use of digital forensics tools and techniques, with evidence of effective task completion using the MindTap virtual lab.
- Reflection and Insight: Provides thoughtful reflection on key concepts, tools, and techniques explored—highlighting how these contribute to practical understanding in digital forensics.
The detailed marking criteria will be available on the unit Moodle site.
- Define electronic crime and digital forensics
- Apply a systematic approach to the capture, recording, and analysis of events in a digital forensic investigation
- Prepare a design and report for a digital forensic investigation.
2 In-class Test(s)
This 1-hour invigilated test will be conducted under tutor supervision during your scheduled Week 10 tutorial session (on-campus or online). It will assess key concepts and practical skills covered throughout the unit, up to and including Week 9.
- The test will be delivered as an online Moodle Quiz comprising both multiple-choice and short-answer questions.
- On-campus students: Complete the test on lab computers during your allocated tutorial.
- Online students: Sit the test in a Zoom session with live tutor supervision (webcam, audio, and screen sharing required).
The test is open-book, but answers must be your own. No collaboration or use of AI tools, forums, or unauthorised websites is allowed. Late arrivals will not receive extra time.
Do not rely on a reattempt due to technical issues unless formally approved. If problems outside your control occur during the test, inform your tutor immediately. They may offer additional time or arrange a reattempt (subject to Unit Coordinator approval).
The test guidelines will be made available on the Moodle unit site from Week 6.
AI ASSESSMENT SCALE - NO AI: You must not use Al at any point during the assessment. You must demonstrate your core skills and knowledge.
This assessment is exempt from the standard 72-hour submission grace period.
Week 10 tutorial class (campus based students) or Week 10 Zoom session (online students)
Feedback will be returned through Moodle within two weeks after the due date.
For multiple-choice questions, your answers will be evaluated based on selecting the correct choice from a set of options. For short-answer questions, assessment will consider technical correctness, completeness, clarity, originality, and relevance. Originality indicates that your response is your own, expressed in your own words. Answers mainly comprising quoted materials from other sources will result in zero marks. Furthermore, answers presented solely as bulleted lists without accompanying explanations may also be considered unacceptable.
- Define electronic crime and digital forensics
- Describe the role of digital forensic professionals in investigation and prevention of electronic crime in business environments
- Discuss the legal issues involved in a forensic investigation and in current professional forensic practice
3 Written Assessment
This is a group task that comprises two separate parts:
Part A (30% - individual mark): In this part, each student will independently perform and report on a practical investigation. They will be responsible for completing this part individually, recording their findings in the group report.
Part B (15% - group mark): The second part of the task entails a comprehensive written analysis that incorporates the individual investigations conducted by each group member. This analysis also integrates collaborative group discussions, with a focus on exploring the individual investigations within the broader context of the group's discussion.
Together, this assessment combines the practical investigation, collaborative group discussion, and derived findings to generate a comprehensive written report.
AI ASSESSMENT SCALE - AI PLANNING: You may use Al for planning, idea development, and research. Your final submission should show how you have developed and refined these ideas.
Week 12 Friday (9 Oct 2026) 11:55 pm AEST
One report per group, to be submitted via Moodle Assessment 3 submission link.
Overall results will be available on Certification Date (see Academic Calendar).
You will be assessed against your abilities to:
- Apply suitable digital forensics methodologies to investigate the given case
- Use appropriate tools and techniques, and provide relevant screenshots as evidence of work completed
- Identify and discuss legal and ethical considerations associated with the case
- Conduct the investigation following a formal and structured process
- Report findings clearly, cohesively, and in an evidence-based manner
More details of the marking criteria will be available through the Moodle unit website.
- Describe the role of digital forensic professionals in investigation and prevention of electronic crime in business environments
- Apply a systematic approach to the capture, recording, and analysis of events in a digital forensic investigation
- Discuss the legal issues involved in a forensic investigation and in current professional forensic practice
- Prepare a design and report for a digital forensic investigation.
As a CQUniversity student you are expected to act honestly in all aspects of your academic work.
Any assessable work undertaken or submitted for review or assessment must be your own work. Assessable work is any type of work you do to meet the assessment requirements in the unit, including draft work submitted for review and feedback and final work to be assessed.
When you use the ideas, words or data of others in your assessment, you must thoroughly and clearly acknowledge the source of this information by using the correct referencing style for your unit. Using others’ work without proper acknowledgement may be considered a form of intellectual dishonesty.
Participating honestly, respectfully, responsibly, and fairly in your university study ensures the CQUniversity qualification you earn will be valued as a true indication of your individual academic achievement and will continue to receive the respect and recognition it deserves.
As a student, you are responsible for reading and following CQUniversity’s policies, including the Student Academic Integrity Policy and Procedure. This policy sets out CQUniversity’s expectations of you to act with integrity, examples of academic integrity breaches to avoid, the processes used to address alleged breaches of academic integrity, and potential penalties.
What is a breach of academic integrity?
A breach of academic integrity includes but is not limited to plagiarism, self-plagiarism, collusion, cheating, contract cheating, and academic misconduct. The Student Academic Integrity Policy and Procedure defines what these terms mean and gives examples.
Why is academic integrity important?
A breach of academic integrity may result in one or more penalties, including suspension or even expulsion from the University. It can also have negative implications for student visas and future enrolment at CQUniversity or elsewhere. Students who engage in contract cheating also risk being blackmailed by contract cheating services.
Where can I get assistance?
For academic advice and guidance, the Academic Learning Centre (ALC) can support you in becoming confident in completing assessments with integrity and of high standard.
What can you do to act with integrity?