BN309 - Computer Forensics

Credit Points: 15

Prerequisite: BN203 Network Security 1

Co-requisite: N/A

Workload: 48 contact hours

Campus: Melbourne, Sydney

Aims & Objectives

This is an elective unit out of a total of 24 units in the Bachelor of Networking (BNet). This unit addresses the BNet course learning outcomes and complements other courses in a related field by developing students’ specialised knowledge in computer forensics and applying critical skills such as data acquisition, processing crime scenes and analysing and validation of forensics data and forensics ethics. 

For further course information refer to: Bachelor of Networking

This unit is part of the AQF Level 7 (BNet) course.

This unit provides students with an understanding and appreciation of the discipline of Computer Forensics. They will also learn how Computer Forensics interacts with other organisational groups, especially with general management and with other forensics groups.

This unit will cover the following topics:

  1. Introduction to Computer Forensics
  2. Understanding Computer Investigations
  3. Data Acquisition, Processing Crime and Incident Scenes
  4. Computer Forensics Analysis and Validation
  5. Report Writing for High-Tech Investigations
  6. Expert Testimony and Ethics

Learning Outcomes

On successful completion of this unit, students should be able to:

  1. systematically collect evidence at private-sector incident scenes;
  2. document evidence and report on computer forensics findings;
  3. Implement a number of methodologies for validating and testing computer forensics tools and evidence;
  4. Understand the cross-examination of a legal process;
  5. Exhibit and understand forensics ethical behaviour and professional conduct;
  6. Implement a process to support the administration and management of computer forensics;
  7. Conduct practical investigations into computer forensics, including industry and legal procedures with respect to data acquisitions with Virtual Machines, RAM dump and mobile devices.

Teaching Method

Lecture: 2 hours
Tutorial/Workshop: 2 hours
Face to Face


Assessment Task
Learning Outcomes Assessed
Midterm Test a-g*10%
Assignment 1a-c*15%
Assignment 2a-d*15%
Laboratory participation & submissiona-g*10%
Final Examination (2 hours)a-g*50%
Total 100%

*refer to learning outcomes above.


  • Bill Nelson, Amelia Phillips, Christopher Steuart, Guide to Computer Forensics and Investigations, 5th ed. Course Technology Cengage Learning, 2016

Reference Reading

  • Michael E. Whitman and Herbert J. Mattord, Management of Information Security, 5th ed, Cengage learning, 2016
  • R. Smith, Elementary Information Security, 2nd ed, Jones & Bartlett Learning, 2015
  • J. R. Vacca, Computer and Information Security Handbook, 2nd ed. Morgan Kaufmann, 2013

MIT is committed to ensure the course is current, practical and relevant so that graduates are “work ready” and equipped for life-long learning. In order to accomplish this, the MIT Graduate Attributes identify the required knowledge, skills and attributes that prepare students for the industry.
The level to which Graduate Attributes covered in this unit are as follows:

Ability to communicateIndependent and Lifelong LearningEthicsAnalytical and Problem SolvingCultural and Global AwarenessTeamwork Cooperation, Participation and LeadershipSpecialist knowledge of a field of study


Colour coding    

Extent covered

                               The standard  is covered by theory and practice, and addressed by assessed activities in which the students always play an active role, e.g. workshops, lab submissions, assignments, demonstrations, tests, examinations
 The standard is covered by theory or practice, and addressed by assessed activities in which the students mostly play an active role, e.g. discussions, reading, intepreting documents, tests, examinations
 The standard is discussed in theory or practice; it is addressed by assessed activities in which the students may play an active role, e.g. lectures and discussions, reading, interpretation, workshops, presentations 
 The standard is presented as a side issue in theory or practice; it is not specifically assessed, but it is addressed by  activities such as lectures or tutorials
 The standard  is not considered, there is no theory or practice or activities associated with this standard