Bachelor in Digital Forensics and Incident Response

Bachelor in Digital Forensics and Incident Response

  • Study Facts
    • Area of Study
      Computing
    • ECTS
      180
    • NQF Level
      Bachelor's degree (Level 6 1. Cycle)
    • Campus
      Kristiansand, OnlinePLUS - Bergen, OnlinePLUS - Oslo, Online
    • Study Mode
      OnlinePLUS, Full-time, Online
    • Entry Requirements
    • Study Programme Leader
      Emlyn Butterfield
Introduction

Noroff University College (NUC) offers awards that specialise in the utilisation of digital technology. The objective of the Bachelor in Digital Forensics and Incident Response (DFIR) is to provide you with an understanding of the forensic analysis of digital systems, the methods and techniques that can be applied, and to develop you into future digital investigators and incident responders. The use of computers and technology has become ubiquitous within the modern world. With an increase in the use of digital devices within every walk of life now means that there is not a single action taken that does not require a digital device at some point. The legal and commercial sectors have identified this factor and now analyse digital devices on a regular basis to help identify or dismiss user activity.

Traditionally digital forensics was seen as a law enforcement only activity, however given the increase and breadth of cyber-attacks, the field of Digital Forensics and Incident Response (DFIR) was formed. Cyber-attacks, and security breaches, can happen to any organisation at any point due to the connected and distributed nature of an organisation’s infrastructure. Attacks and breaches can cause an organisation to suffer data, financial, and reputational loss. An organisation must identify, respond to, and reduce the impact of an attack or breach as quickly as possible. DFIR focuses on identification, investigation, and remediation from cyber-attacks. With the increased reliance on technology, there are simply more devices that can be 'attacked'. DFIR provides reactive technological capabilities to any organisation to deal with incidents, often the central capability.

This degree will provide students with the skills, knowledge, and competencies to investigate incidents on a range of complex digital systems in a forensically sound manner. Students will be able to analyse and assess evidence and events both in a real time incident analysis and in a post event investigation to enable decisions to be made to secure systems and devices; understanding the potential legal and commercial impact of their actions, while preserving evidence to enable further investigation and prosecution in a court of law. The complexity of cyber-attacks and data breaches has increased the need for skilled individuals who are able to investigate and think analytically, rather than simply knowing how to secure or attack a digital system. DFIR’s are generally creative and flexible in their approach taking on board a range of data and systems with an ability to identify the “red thread”. This degree aims to provide specialists in the DFIR domain, and it will challenge individuals to develop a scientific, rigorous approach to their work.

Aims of the Degree Programme

This programme aims to develop individuals with a holistic understanding of key practice, principles and procedures of digital forensic investigations and incident response. Through a blend of theoretical and practical experience in investigating digital systems students can identify the who, what, where, and when. Graduates have a high level of proficiency in a wide range of skills including problem-solving, digital forensics, network infrastructures, system design and development, operating and file system analysis, network security and incident response. The programme has been specifically designed to equip students with the practical and theoretical understanding and principles required to excel in the DFIR domain.

Students are provided the required background to act as a digital investigator and incident responder, they become competent in the collection, processing, and secure handling of digital evidence from a variety of sources. They have received instruction on the full life cycle of a digital investigation. This will encompass the collection of evidence from a crime scene, maintenance of the chain of custody, analysis and interpretation of the evidence, and the final production of results and findings. The following are the broad core elements for the degree programme.  

  • Computing provides an essential understanding of how digital devices communicate locally and across networks. These fundamentals are key for anyone within a computing discipline.  
  • Digital Forensics is a branch of forensic science that covers the recovery, analysis, interpretation, and presentation of information from digital devices, whilst preserving their integrity.  
  • Incident Response is an organised approach to investigating and addressing security breaches or cyber-attacks.  
  • Legal and Compliance provides an essential understanding of the processes, procedures and broad legal aspects related to digital forensics and incident response to ensure students are aware of the risks and obligations of their work.

The programme develops and equips students as digital investigators with the necessary skills to process numerous forms of digital evidence and sources of data. It will challenge individuals to develop a scientific, methodical, and rigorous approach to their work, along with creativity and versatility in problem solving. This will enable students to not only solve issues posed as part of the degree but also to address unforeseen problems once employed within the DFIR domain, and other future careers. The specialisation builds upon the practice and procedures explored in earlier courses through thorough exploration of different types of file systems and data types. Students then explore investigative practices and tools, before examining novel platforms in their final year.

Entry Requirements

For general admission it is required to document the following criteria as passed:

  • Higher Education Entrance Qualification, and
  • Candidates must be able to document proficiency in the English language.
    Language requirements by Samordna Opptak

Special admission requirements:
In addition to the general admission requirements, it is required to document the following:

  • Mathematics R1 (S1+S2)

For admission on basis of prior learning and work experience:
Admission based on prior experience requires a written application for evaluation. Applicable candidates must be at least 25 years of age in the year of admission.

For candidates with foreign education the requirements for Higher Education are:

  • The country must be recognized by NOKUT, specified in the GSU-list.
  • Candidates must be able to document proficiency in the English language.
    Language requirements by Samordna Opptak

For further information, please see the admission requirements: https://www.noroff.no/en/admission/admission-requirements

Campus and Online Study

All students follow the same progression according to their education plan, irrespective of whether they study online or on campus. All students study the courses at the same time, with the same delivery and workload, following identical assessment strategies for every course. At the study level no distinction is therefore made between campus and online students. All students are required to engage in live education sessions (such as lectures) and undertake all required educational activities.

Students are encouraged to interact with each other via online forums and chat systems, enabling discussions to take place involving both online and campus students. Each student cohort is therefore a single learning community, concurrently engaging in all educational activities irrespective of actual physical location. Throughout all educational sessions course staff actively encourage participation from campus and online students simultaneously, and do not focus solely on those who are physically present.

This tight integration of campus and online ensures students will be part of a cohesive learning community throughout their study. As a result, this also means that should students' personal situations change during their studies, and they must change their mode of study from online to campus (or vice versa) this can be done with little to no disruption to their studies.

Opportunities for Further Studies

The subject material will enable graduates to go on to postgraduate study, for example:

Undertaking some period of study at an international educational institution can result in many benefits to those who take part, including:

  • Language and general competence in the destination country and culture
  • Development of personal and professional networks in other parts of the world
  • Personal growth and holistic development.

All students are eligible to apply to undertake a period of study at an international university. All international study opportunities are subject to the application processes and admissions requirements of the international institution, in addition to an evaluation of the suitability of the proposed study exchange within the students’ study at NUC. Full details of international study opportunities and the application process is available to all students within the LMS.

Possible Professions

Graduates understand business security needs examined and are able to ensure that such security solutions are implemented correctly, and that they are in fact adequate to mitigate the risks the organisation faces in the given context. The graduate is enabled to fulfil a number of distinct employment titles, such as the following:

  • Digital Forensics Investigator 
  • Intrusion Analyst 
  • Cyber Security Incident Responder
  • Cyber Security Analyst 
  • CERT Specialist 
  • SOC Analyst 
Accredited
June, 2023