MSc Advanced Security & Digital Forensics

Postgraduate, Distance learning

Advanced Security & Digital Forensics MSc

This NCSC-certified course delivers enterprise security techniques with forensic skills for investigation and intrusion analysis


Computer security is one of the key challenges in contemporary computing. You will gain critical knowledge within the cyber security and digital forensic domains, combining academic principles and industrial practice.

The course is informed by current research in security and digital forensics, and is underpinned by our experience with external partners in law enforcement, the cyber security industry financial institutions, and other knowledge transfer activities.

Course specialisms include network security, penetration testing, incident response, malware analysis, cryptography, audit and compliance, and host and mobile digital forensics. The specialisation you gain in the taught modules is further developed through an extensive research-based MSc dissertation project, leading towards a mastery of a subject area and enhancing your particular specialism.

The course is a fully online version of the MSc Advanced Security & Digital Forensics on-campus programme. All teaching and learning resources are online, with all assessments also carried out remotely. There is also the option to spread the course modules out over a number of years, making the course ideal for students who cannot attend on-campus classes or those in employment.

Two female students in the SOC lab looking at computers

Mode of Study:

Distance learning (available as Full-time | Part-time)


2.5-4 years

Start date:


About you
Enter first name
Enter last name

Watch the video here:

NCSC Certified Training

This MSc is one of a very small number of courses certified by NCSC, recognising UK universities which are excellent in Cyber Security and accredited by the British Computing Society, the Chartered Institute for IT.

Best Cyber Education Programme

Advanced Security and Digital Forensics course awarded Best Cyber Education Programme by the Scottish Cyber Awards 2019

Course details

You will gain foundation knowledge in all the key areas of cyber security, both defensive and offensive, as well as post-incident response and malware analysis. The digital forensic aspects of the course include network and computer forensics, allowing you to develop the knowledge required to conduct computer-related investigations across networks, systems, and other digital devices.

The School of Computing has developed close ties with industry, law enforcement, and the public sector, through partnerships with organisations such as Cisco Systems, Guidance Software, Symantec, NCC Group, NCA, Police Scotland, and many others. 

This helps inform the course, and provides guest lecturers by industry experts. Extensive innovative research is also carried out in key domains by academics and PhD students in our dedicated cyber security and forensic research group.

Lead academics

Programme Leader

Rich Macfarlane

Module Leaders

Prof Bill Buchanan OBE
Dr Thomas Tan
Robert Ludwiniak
Peter Cruickshank
Dr Gordon Russell

  • calendar How you’ll be taught

    Our industry-informed course combines thorough coverage of academic theory aligned with extensive hands-on practical activities, supported by fully online web-based materials with virtualised lab environments that provide an equivalent experience to our on-campus specialist facilities.

    This is a distance-learning course which you can start in September or January with flexibility in the number of taught modules taken in each trimester. The distance learning course runs in parallel with our on-campus course and is aligned to the same three 15-week academic trimesters, including the assessments, which are taken in the same weeks as on-campus students.  Students normally take 2.5 years to complete this course but you can take up to 4 years depending on your commitments and availability.

    As the teaching runs to the same weekly schedule, distance students who wish to attend some of the taught classes here in Edinburgh are more than welcome, but there is no requirement to attend. The course content and assessments are fully online and are supported by the same staff as the on-campus teaching, leading to an academically equivalent MSc degree.

  • note and pen Assessments Your knowledge of the information security taught subjects on the course is assessed via a variety of mechanisms including exams, written reports and essays, and practical scenario-based assessments.

    Assessments are all fully online including virtualised practical environments for hands on assessments.

  • library Facilities

    You will have access to extensive online, materials, and virtualised safe lab environments for authentic scenario-based practical work such as malware analysis and offensive network security exercises.


Modules that you will study* as part of this course

Applied Cryptography and Trust ( CSN11131 )

The focus of this module is to provide a core understanding of the fundamental areas of cryptography, identity, and trust. A key feature is to cover both the theoretical areas, while often demonstrating practical applications including key protocols.

The module key areas are:
• Privacy, and Cryptography Fundamentals (Confidentiality, Sec Models, Cipher types)
• Asymmetric Key Encryption. Including RSA and Elliptic Curve Cryptography (ECC).
• Symmetric Key Encryption. Including AES and associated modes.
• Hashing and MAC Methods. Including MD5, SHA-1, SHA-256, SHA-3 and PBKDF2.
• Security Protocols: HTTPS, SSL/TLS, DNSSec, IPSec, WPA
• Key Exchange. Diffie-Hellman Method, ECDH.
• Trust Infrastructures. Digital Certificates, Signatures, Key Distribution Centres (Kerberos), OAuth
• Identity and Authentication (Passwords, Authentication tokens, Key pair identity, Multi-factor, Biometric Authentication).
• Distributed Systems: Blockchain, Distributed Ledgers and Cryptocurrency. Smart Contracts, Data Tokenization, and Transactions.
• Future Cryptography: Zero Knowledge Proof, Homomorphic Encryption, Light-weight cryptography, and Quantum robust methods.
• Host and Domains: Trust systems. Authentication with Active Directory Authorisation: Log integration and rights.

Further information

Computer Penetration Testing ( CSN11127 )

This module will cover a range of elements concerned with digital penetration testing and security testing. Initial lectures consider important soft skills such as documentation techniques, reporting, the law, and risk assessment and management. The practical skills and their related theoretical knowledge include operating system weaknesses, information gathering (both passive and active), and various ethical hacking techniques and processes. Considerable practical focus is made on available tools to assist in auditing and penetration testing. Aspects targeted include operating systems, common network services, and network-based applications.

Further information

Host-Based Forensics (DL) ( CSN11126 )

This module will cover elements of operating system disk-level architectures, such as Windows and Linux. This will allow students to study how operating systems store system and user data, and thus students will gain an understanding as to what information could technically be held on such systems. This data could include user files, as well as user activities such as login session data, browsing histories, operating system manipulation, and general user interactions with a variety of operating system tools. This understanding will be expanded through theoretical knowledge and practical exercises in extracting information from systems, using a variety of open source and commercial forensic analysis tools, and documenting the results of such a process using consistent and thorough evidential procedures. This includes the production of event timelines, as well as the analysis of system logs, operating system state, file systems, and application data. The module will also consider the ethical and professional issues related to digital forensics.

Further information

Incident Response and Malware Analysis ( CSN11129 )

The aim of the module is to develop a deep understanding of advanced areas related to security and live/network forensics, with a strong focus on virtualised and Cloud-based environments that will allow graduates to act professionally within incident response and in malware/threat analysis. An outline of the main areas includes:
• Threat Analysis. This involves an in-depth analysis of a range of current threats, such as DDoS, Botnets, trojans, and so on.
• System Architectures, Services and Devices. Networked infrastructures (Servers/Firewall/IDS/ Syslog).
• Network Forensics. Advanced Network Protocol Analysis, Advanced Trace Analysis, IDS Signature Detection, and Security Threat Network Traces.
• Live Forensics. Code Analysis, Host/Network Analysis, Reverse Engineering. Mobile/x86 architecture, Machine Code Analysis, Vulnerability Analysis, Sandboxed Analysis.
• Log Capture/Analysis, and Time-lining. Creating large-scale data infrastructure and analysis methods such as Big Data, SIEM and cross-log analysis (such as Splunk).
• Malware Analysis. Static/Dynamic Analysis. Disassembly. Obfuscation. Behaviour Analysis. Encoding methods.
• Data Hiding and Data Loss Detection/Prevention. Data hiding methods, detection methods, tunnelling, and disk encryption.
• Host Investigation Evidence Gathering: Windows, Linux, Android and Mac OS.
• Current Related Research.

Further information

Masters Dissertation ( SOC11101 )

The work for this module comprises the completion of an individual research project. Each student is assigned a personal Supervisor, and an Internal Examiner who monitors progress and feedback, inputs advice, examines the dissertation and takes the lead at the viva.

There are two preliminary deliverables prior to the submission of the final dissertation:

(1) Project proposal
(2) Initial Report including time plan and dissertation outline

Further information

Network Security (D/L) ( CSN11118 )

The aim of the module is to develop a deep understanding of advanced areas related to security and digital forensics that will allow graduates to act professionally in the design, analysis, implementation, and reporting of network security strategies. An outline of the main areas includes:

• Introduction. Networking Concepts; Network Security Concepts; Network Threats and Attacks; Network Defence - Perimeter, Defence in Depth

• Firewalls. Concepts; Types - Host, Network; Technologies - Static packet filtering; Stateful packet filtering; Multilayer firewall; Architectures; Polices; Implementation and Deployment.

• Intrusion Detection and Prevention Systems (IDPS). Concepts; Types; Alert Monitoring and Sensor Tuning; behavioural analysis, in-line/out-of-line.

• Access Control and Authentication. Concepts: Trust and Identity; Attacks; Models - Access Control Models; Network Device Access Control; AAA, Layer 2; Device Hardening.

• Remote Access and VPNs. Concepts; Cryptography; Types - L2, L3 and L4/5; Technologies; IPSec and SSL.

• Wireless Security. Wireless Overview; Attacks; Encryption; Authentication.

• CCNA Certification - Concepts. CIA; Attacks on CIA; Data Classification; Law and Ethics; Network policies; Risk Management and Secure Network Design; Security in the SDLC; Cisco self-defending network; Secure Administration.

• CCNA Certification - Secure Infrastructure and Extending Security. Cisco Layer 2 Security; Cisco IOS Firewalls. Cisco IOS IPS; Cisco VPN and Cryptographic Solutions; Digital Signatures and PKI.

Further information

Security Audit & Compliance ( INF11109 )

The aim of the module is to let you develop a deep understanding of the framework that information security operates in, and to give you an opportunity to express this in the form of professional written reports. Topics covered include:
• Overview of relevant laws and regulations: national and international, covering Data Protection, computer misuse and other legal issues.
• The relation between governance models and frameworks including: ISACA’s COBIT and ISO Standards (ISO27000 in particular)
• Role of the professions; difference between audit, forensics and security management. Professional ethics and codes of practice
• Risk management, contingency and continuity planning
• Understanding and application of the COBIT domains

Further information

* These are indicative only and reflect the course structure in the current academic year. Some changes may occur between now and the time that you study.



Study modules mentioned above are indicative only. Some changes may occur between now and the time that you study.

Placement and study abroad opportunities are subject to UK and Scottish Government health and travel advice.

Full information is available in our disclaimer.

Entry requirements

Entry requirements

The entry requirement for this course is a Bachelor (Honours) Degree at a 2:2 or above in a Computing discipline such as Computing; Computer Science; Computer Networking; Software Engineering or Cyber Security).  

Other IT disciplines may be considered provided a minimum of 50% of the modules undertaken in the last two years of study were Computing related.   

We may also consider lesser qualifications, or even none at all, if you have sufficient relevant work experience from industry.

Edinburgh Napier University welcomes applications from current and former Armed Forces personnel and offers entry based on training and education already received while in service. To assess your eligibility please contact our UK Student Recruitment team providing digital copies of your qualifications and indicating which course you would like to apply for.  

Edinburgh Napier University is a member of the MOD’s Enhanced learning Credit scheme (ELC)  

English language requirements

If your first language isn't English, you'll normally need to undertake an approved English language test and our minimum English language requirements will apply.

This may not apply if you have completed all your school qualifications in English, or your undergraduate degree was taught and examined in English (within two years of starting your postgraduate course). Check our country pages to find out if this applies to you.

International students

We welcome applications from students studying a wide range of international qualifications.
Entry requirements by country

Please note that international students are unable to enrol onto the following courses:
  • BN Nursing/MSc Nursing (Pre-registration) (Adult or Mental Health)
  • BM Midwifery/MM Midwifery

Admissions policies

We’re committed to admitting students who have the potential to succeed and benefit from our programmes of study. 

Our admissions policies will help you understand our admissions procedures, and how we use the information you provide us in your application to inform the decisions we make.

Undergraduate admissions policies
Postgraduate admissions policies

Fees & funding

The course fees you'll pay and the funding available to you will depend on a number of factors including your nationality, location, personal circumstances and the course you are studying. We also have a number of bursaries and scholarships available to our students.

Tuition fees
Students from 2021/22 2022/23
Scotland, England, Wales, Northern Ireland, and Republic of Ireland-Taught modules *£990 *tba
Scotland, England, Wales, Northern Ireland, and Republic of Ireland-60credit Dissertation module £585 tba
Overseas and EU-Taught modules *£2,531 *tba
Overseas and EU-Dissertation module £1,689 tba
Fees for modules are calculated according to the number of credits (multiples of 20). The rate shown in the table is for 20 credits*. The total fee you will pay is dependant upon the exit award you wish to achieve.

Please note tuition fees are subject to an annual review and may increase from one year to the next.
For more information on this and other Tuition Fee matters please see Frequently Asked Questions about Fees

Click this link for Information of Bursaries and Scholarships

The University offers a 20% discount on Postgraduate Taught Masters programmes to its alumni. The discount applies to all full-time, part-time and online programmes.


The continued growth in the current requirement for cybersecurity and digital forensics professionals means there are a wide range of careers which can be followed after graduating from the course, such as:

  • Security Consultant/Analyst
  • Penetration Tester
  • Network Security Analyst
  • Forensic Investigator
  • Audit/Compliance Consultant
  • Security Certification Engineer
  • Incident Response Analyst
  • System Admin
  • Network Engineer

The programme develops a range of key skills currently needed in industry, covering areas such as network security, penetration testing, security monitoring, incident response, malware analysis, operating systems, network and computer forensics, virtualisation and malware analysis. Materials from many professional courses are integrated into the curriculum, towards helping students prepare for sought after professional certification such as:

  • Cisco Security Certifications
  • Certified Information Systems Security Professional (CISSP)
  • Offensive Security Certified Professional (OSCP)
  • Centre for Research and Evidence on Security Threats (CREST)
Four men standing smiling for the camera with trophies after winning Best New Cyber Talent’ at the Scottish cyber awards in 2017