MSc Advanced Security and Digital Forensics

Postgraduate, Full-Time

This popular and high-quality GCHQ-accredited Masters degree delivers modern enterprise Cyber Security, coupled with Digital Forensics for investigation and incident response.

  • Napier code:

    56731MM

  • Course type:

    Full-Time

  • Duration:

    3 Trimesters

  • Award:

    MSc

  • Location:

    Merchiston campus

Ask about this course
About you
Enter first name
*
Enter last name
*
*
*
*
*
*

Course introduction

Computer security is one of the key challenges in contemporary computing. You will gain critical knowledge within the cyber security and digital forensic domains, combining academic principles and industrial practice. The course is informed by current research in security and digital forensics, and is underpinned by our experience with external partners in law enforcement, financial institutions, and other knowledge transfer activities. Course specialisms include network security, penetration testing, incident response, malware analysis, cryptography, audit and compliance, and host and mobile digital forensics.

The specialisation you gain in the taught modules is further developed through an extensive research-based MSc dissertation project, leading towards a mastery of a subject area and enhancing your particular specialism.


student in lecture theatre

What you’ll learn

This course focuses on the areas of securing computer, network and communications systems, incident response, and the forensic investigation of digital devices and networks. Computer security is a growth industry, and is vital in modern computing environments. You will gain foundation knowledge in all the key areas of computing cyber security, both defensive and offensive, as well as post incident response. The digital forensic aspects of the course include network and computer forensics, allowing you to develop the knowledge required to conduct computer-related investigations across networks, systems, and other digital devices. Cyber security and digital forensics are becoming significant computing disciplines, with an acknowledged skill shortage coupled with growing employment opportunities.

Our industry informed course combines thorough coverage of academic theory aligned with extensive hands-on practical activities, supported by online and blended materials with virtualised lab environments that complement our on-campus specialist facilities.

The School of Computing has developed close ties with industry, law enforcement, and the public sector, through partnerships with organisations such as Cisco Systems, Guidance Software, Dell Secure Works, NCA, NCC, Police Scotland, and many others. The course benefits from this by including many guest lecturers by industry experts. Through the dedicated cyber security and forensic research group extensive cutting edge research is also carried out in key domains by an ever growing cohort of Phd students. The programme also has an affiliation with The Cyber Academy here at Edinburgh Napier, which integrates formally with a range of international initiatives including into a European Centre of Excellence, along with the EU-funded DFET project, which is building a world class virtualised infrastructure for Cyber Security teaching and training, with strong links into law enforcement industry and academia across the World.

The MSc is also one of a very small number of courses certified by GCHQ, recognising UK universities which are excellent in Cyber Security.
GCHQ certified education logo

What you will study

  • Host-Based Forensics
  • Network Security
  • Security Audit and Compliance
  • e-Security
  • Incident Response and Malware Analysis
  • Computer Penetration Testing
  • Dissertation

Study modules mentioned above are indicative only. Some changes may occur between now and the time that you study.

Full information on this is available in our disclaimer.

Careers

The continued growth in the current requirement for cyber security and digital forensics professionals means there are a wide range of careers which can be followed after graduating from the course, such as security consultant/analyst, penetration tester, network security analyst, forensic investigator, audit/compliance consultant, security certification engineer, incident response analyst, cisco security engineer/architect, sys admin, network engineer.

The programme develops a range of key skills currently needed in industry, covering areas such as network security, penetration testing, security monitoring, incident response, malware analysis, operating systems, network and computer forensics, virtualisation and malware analysis. Materials from many professional courses are integrated into the curriculum, towards helping students prepare for sought after professional certification such as Cisco Security Certifications, CISSP, and CREST.


An Honours degree in a computing discipline at 2:2 or above, or equivalent.

  • English language requirements

If your first language isn't English, you'll normally need to undertake an approved English language test and our minimum English language requirements will apply.

This may not apply if you have completed all your school qualifications in English, or your undergraduate degree was taught and examined in English (within two years of starting your postgraduate course). Check our country pages to find out if this applies to you.

Our entry requirements indicate the minimum qualifications with which we normally accept students. Competition for places varies from year to year and you aren't guaranteed a place if you meet the minimum qualifications.

International students

If your qualifications aren't listed above, visit our country pages to get entry requirements for your country.

Please note that non-EU international students are unable to enrol onto the following courses:

BN Nursing/MN Nursing (Adult, Child, Mental Health or Learning Disability)

BM Midwifery/MM Midwifery

Admissions policies

We are committed to being as accessible as possible to anyone who wants to achieve higher education.

Our admissions policies will help you understand our admissions procedures and how decisions are made.


Modules that you will study as part of this course*

Computer Penetration Testing ( CSN11127 )

This module will cover a range of elements concerned with digital penetration testing and security testing. Initial lectures consider important soft skills such as documentation techniques, reporting, the law, and risk assessment and management. The practical skills and their related theoretical knowledge include operating system weaknesses, information gathering (both passive and active), and various ethical hacking techniques and processes. Considerable practical focus is made on available tools to assist in auditing and penetration testing. Aspects targeted include operating systems, common network services, and network-based applications.

Further information

e-Security ( CSN11102 )

The aim of the module is to develop a deep understanding of advanced areas related to security that will allow graduates to act professionally in the design, analysis, implementation, evaluation, and reporting of security strategies. An outline of the main areas includes: ? Security Threats, Secure Infrastructures, Threat Detection. ? Encryption Techniques, Algorithms, Key Management and Exchange Methods, Weaknesses. ? Authentication methods. ? Message hash (MD5, SHA), Digital Signatures, and Digital certificates, MAC methods, Biometrics, Claims-based Identity, Multi-factor authentication, Kerberos. ? Advanced Secure communications and crypto-systems such as SSL ? Intrusion Detection Systems: Techniques applied IDS using Snort, Distributed/Agent-based, Signature/ Anomaly detection and current research. ? Security in Network Architectures: Overview of interconnected security systems, Domain infrastructures, OS/Web Stacks, Password Security, Identity Infrastructures, Backups/File Synchronisation, Web/Data Infrastructures. ? Software security: .NET framework security, Obfuscation, Role-based security, bugs vs vulnerabilities vs exploits, malware, software threats, compiled v interpreted languages, Run-time Environments, Sandboxing, Trusted Computing, Software Security Compliance Testing, Secure Coding, good practice. * Wireless Security: Layered security and wireless protocols, Encryption/Authentication Infrastructures, Challenge-based protocols, Wireless Cyber Threats and Mitigation (such as DoS, Attack Vectors, and MITM).

Further information

Host-Based Forensics ( CSN11125 )

This module will cover elements of operating system disk-level architectures, such as Windows and Linux. This will allow students to study how operating systems store system and user data, and thus students will gain an understanding as to what information could technically be held on such systems. This data could include user files, as well as user activities such as login session data, browsing histories, operating system manipulation, and general user interactions with a variety of operating system tools. This understanding will be expanded through theoretical knowledge and practical exercises in extracting information from systems, using a variety of open source and commercial forensic analysis tools, and documenting the results of such a process using consistent and thorough evidential procedures. This includes the production of event timelines, as well as the analysis of system logs, operating system state, file systems, and application data. The module will also consider the ethical and professional issues related to digital forensics.

Further information

Incident Response and Malware Analysis ( CSN11128 )

The aim of the module is to develop a deep understanding of advanced areas related to security and live/network forensics, with a strong focus on virtualised environments that will allow graduates to act professionally within incident response and in malware/threat analysis. An outline of the main areas includes: • Threat Timelining This involves networks and host traces around key threats, such as DDoS, malware infection and data loss. • Host Investigation Evidence Gathering: Windows, Linux, Android and Mac OS. • System Architectures, Services and Devices. Networked infrastructures (Servers/Firewall/IDS/ Syslog). • Network Protocol Analysis. Advanced Network Protocol Analysis, Advanced Trace Analysis, IDS Signature Detection, and Security Threat Network Traces. • Log Capture/Analysis, and Time-lining. Creating large-scale data infrastructure and analysis methods such as Big Data, SIEM and cross-log analysis . • Malware Forensics. Code Analysis, Host/Network Analysis, Reverse Engineering. Mobile/x86 architecture, Machine Code Analysis, Vulnerability Analysis and Sandboxed Analysis. • Malware Analysis. Encoding methods. Static/Dynamic Analysis. Disassembly. Obfuscation. Behaviour Analysis. Encoding methods. • Advanced Malware Analysis. Anti-disassembly, anti-debugging, packers and unpackers, malware launching, malware signatures, and shell code analysis. • Data Hiding Data hiding methods, tunnelling, and disk encryption. • Current Related Research.

Further information

Masters Dissertation ( SOC11101 )

The work for this module comprises the completion of an individual research project. Each student is assigned a personal Supervisor, and an Internal Examiner who monitors progress and feedback, inputs advice, examines the dissertation and takes the lead at the viva. There are three preliminary deliverables prior to the submission of the final dissertation: (1) Project proposal (2) Initial Report including time plan and dissertation outline

Further information

Network Security ( CSN11111 )

The aim of the module is to develop a deep understanding of advanced areas related to security and digital forensics that will allow graduates to act professionally in the design, analysis, implementation, and reporting of network security strategies. An outline of the main areas includes: • Introduction. Networking Concepts; Network Security Concepts; Network Threats and Attacks; Network Defense - Perimeter, Defence in Depth • Firewalls. Concepts; Types - Host, Network; Technologies - Static packet filtering; Stateful packet filtering; Multilayer firewall; Architectures; Polices; and Implementation and Deployment. • Intrusion Detection and Prevention Systems (IDPS). Concepts; Types; Alert Monitoring and Sensor Tuning; behavioural analysis, in-line/out-of-line. • Access Control and Authentication. Concepts: Trust and Identity; Attacks; Models - Access Control Models; Network Device Access Control; AAA, Layer 2; Device Hardening. • Remote Access and VPNs. Concepts; Cryptography; Types - L2, L3 and L4/5; Technologies; IPSec and SSL. • Wireless Security. Wireless Overview; Attacks; Encryption; Authentication. • CCNA Certification - Concepts. CIA; Attacks on CIA; Data Classification; Law and Ethics; Network policies; Risk Management and Secure Network Design; Security in the SDLC; Cisco self-defending network; Secure Administration. • CCNA Certification - Secure Infrastructure and Extending Security. Cisco Layer 2 Security; Cisco IOS Firewalls. Cisco IOS IPS; Cisco VPN and Cryptographic Solutions; Digital Signatures and PKI.

Further information

Security Audit & Compliance ( INF11109 )

The aim of the module is to let you develop a deep understanding of the framework that information security operates in, and to give you an opportunity to express this in the form of professional written reports. Topics covered include: • Overview of relevant laws and regulations: national and international, covering Data Protection, computer misuse and other legal issues. • The relation between governance models and frameworks including: ISACA’s COBIT and ISO Standards (ISO27000 in particular) • Role of the professions; difference between audit, forensics and security management. Professional ethics and codes of practice • Risk management, contingency and continuity planning • Understanding and application of the COBIT domains

Further information

* These are indicative only and reflect the course structure in the current academic year. Some changes may occur between now and the time that you study.

School of Computing courses