University of Oxford Logo University of OxfordSoftware Engineering - Home
On Facebook
Follow us on twitter
Linked in
Linked in
Google plus
Google plus
Stumble Upon
Stumble Upon


Security is an emergent property of whole systems, of which software plays a part. A system's life cycle does not stop once it has been designed and delivered. When in its operating environment a system will be monitored and maintained within its original use cases through traditional software management techniques. But what happens when an incident causes a system to operate outside its original use cases? Simply taking a traditional software maintenance approach will only reveal part of what happened and why.

The aim of the module is to provide students with an understanding of forensic principles and techniques within a context of software and systems, enabling them: to choose the most appropriate techniques to apply when conducting or managing an investigation into a software-centric systems; to apply techniques or to identify resources necessary for application; to explain their choices in terms that can be understood by anyone with a basic knowledge in the field.


This course normally runs twice a year.

Course dates

20th May 2024Oxford University Department of Computer Science - Held in the Department 0 places remaining.
23rd September 2024Oxford University Department of Computer Science - Held in the Department14 places remaining.
28th April 2025Oxford University Department of Computer Science - Held in the Department17 places remaining.


The successful participant will

  • Understand how forensic principles and techniques relate to the investigation of software and systems.
  • Have a detailed knowledge of a systematic methodology for undertaking forensic investigations.
  • Understand how the results of an investigation relate to those security measures that were taken during the design, development and implementation of a software-centric system.


  • Forensic Investigations: The approach to an investigation. Its purpose; the steps involved; the presentation of findings. Discuss legal issues associated with the gathering of evidence, chain of custody and presentation of findings.
  • Computer Forensic Analysis & Investigation: Discuss the various techniques used to analyse a computer and the typical applications that are on a computer.
  • Computer Network Forensic Analysis & Investigation: Discuss the various techniques used to analyse a computer network and the typical data that moves across the network.
  • System Forensic Analysis: Build upon the computer and network analysis to discuss how a system using computers should be investigated.
  • Industrial System Forensic Analysis: Discuss the techniques used to analyse an industrial system.


The lecturer for the Forensics module has indicated a number of topics that will be assumed, in order to allow the course to run smoothly. Please ensure that you are up to date on these, or can be by the time the module begins. If you have any doubts about your suitability for the module, please contact your tutor and/or the Programme Office.

As prerequisites for the FOR module students should have an understanding of computer hardware, software and networks. In particular students should be familiar with:-

  •  Computer hardware, including an understanding of hard drives and PC architectures;
  •  Operating systems, including their role in monitoring and logging application execution;
  •  The relationship between a computer’s operating system and file system. In particular the file system’s role in holding data and metadata for the operating system;
  •  The role of network protocols in network communication, including email, instant messaging, and web browsing;
  •  The use of public key encryption for emails and files. 

The exercises undertaken during the course involve using open source command line tools on a Linux distribution. Students taking the module should be familiar with Linux and its command line. The course's Pre-study Material describes the Linux distribution used and the command line tools in more detail. (The Pre-study Material is available upon request prior to signing up for the module.)

The Linux distribution and command line tools are made available to the students as a guest virtual machine for use in conducting the assignment. Students taking the module should be familiar with hosting and running virtual machines on the computer they will use for the assignment. The Pre-study Material describes the virtual machine in more detail.

During the assignment students will be expected to evaluate computer system(s) with possibly unfamiliar applications that have been used by others in a scenario unfamiliar to the student.