COMP7903A - Digital investigation and forensics

Summer Semester, 2017-18

Dr. K.P. Chow
Teaching assistant
Mr. Raymond C.B. Chan
Syllabus This course introduces the fundamental principles of digital investigation and forensics. The course starts with a brief introduction to common computer crimes and digital evidence, and then moves on to the computer basics and network basics pertaining to digital forensics, and finally comes to the techniques for digital investigation and forensic examination.
Introduction by Instructor Digital forensics encompasses the recovery and investigation of material found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data.

Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil proceedings. Digital forensics may also use in the private sector, such as internal corporate investigations or intrusion investigation.

The technical aspect of digital forensics and investigation is divided into several areas, relating to the type of digital devices involved, namely computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process includes the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report.
Learning Outcomes
Course Learning Outcomes Relevant Programme Learning Outcomes
CLO1. Able to master the basic techniques being used in today’s crime where computer or digital devices are being used. PLO.6, 7, 8, 9, 10, 11, 12, 13
CLO2. Able to master the key technologies about digital investigation and be able to contrast similar technologies. PLO.3, 6, 7, 8, 9, 10, 11, 12, 13
CLO3. Able to master the key technologies about digital forensics and be able to contrast similar technologies. PLO.4, 5, 6, 7, 8, 9, 10, 11, 12
View Programme Learning Outcomes
Pre-requisites Knowledge of computer network and operating systems
Compatibility Students who have taken "ECOM6032 E-discovery and digital forensics" or "ICOM7125 Digital forensics" should not be allowed to take COMP7903.
Topics covered
Course Content No. of Hours Course Learning Outcomes
1. Introduction to computer crime and digital evidence 6 CLO1
2. Digital investigation 6 CLO2
3. Computer and file systems forensics 9 CLO3
4. Network and applications forensics 9 CLO3
Description Type Weighting * Examination Period ^ Course Learning Outcomes
Labs Continuous Assessment 20% - CLO2
Homework Continuous Assessment 30% - CLO3
Written exam covers all taught content in the course. Written Examination 50% August 13 to 18, 2018 CLO1
* The weighting of coursework and examination marks is subject to approval
^ The exact examination date uses to be released when all enrolments are confirmed after add/drop period by the Examinations Office.  Students must oblige to the examination schedule. Students should NOT enrol in the course if they are not certain that they will be in Hong Kong during the examination period.  Absent from examination may result in failure in the course. There is no supplementary examination for all MSc curriculums in the Faculty of Engineering.

For reference:
Course materials Text:
  •  E. Casey, Digital Evidence and Computer Crime, Third Edition: Forensic Science, Computers, and the Internet
Recommended readings:
  •  S. Davidoff and J. Ham, Network Forensics: Tracking Hackers through Cyberspace
  • C. Altheide, H. Carvey, Digital Forensics with Open Source Tools
Session dates
Date Time Venue Remark
Session 1 3 Jul 2018 (Tue) 7:00pm - 10:00pm CB-C  
Session 2 6 Jul 2018 (Fri) 7:00pm - 10:00pm CB-C  
Session 3 10 Jul 2018 (Tue) 7:00pm - 10:00pm CB-C  
Session 4 13 Jul 2018 (Fri) 7:00pm - 10:00pm CB-C  
Session 5 20 Jul 2018 (Fri) 7:00pm - 10:00pm CB-C  
Session 6 24 Jul 2018 (Tue) 7:00pm - 10:00pm CB-C  
Session 7 27 Jul 2018 (Fri) 7:00pm - 10:00pm CB-C  
Session 8 31 Jul 2018 (Tue) 7:00pm - 10:00pm CB-C  
Session 9 1 Aug 2018 (Wed) 7:00pm - 10:00pm CB-C  
Session 10 3 Aug 2018 (Fri) 7:00pm - 10:00pm CB-C  
CB - Chow Yei Ching Building
Add/drop 11 June, 2018 - 6 July, 2018
Quota 100
Moodle course website
  • HKU Moodle: (Login using your HKU Portal UID and PIN)

    - Please note that the instructor maintains and controls when to release the Moodle teaching website to students.
    - Enrolled students should visit the Moodle teaching website regularly for latest announcements, course materials, assignment submission, discussion forum, etc.