1 CORPORATE AND ACADEMIC SERVICES Part 1: Basic Data Awarding Institution Teaching Institution Delivery Location Faculty responsible for programme Department responsible for programme Modular Scheme Title Professional Statutory or Regulatory Body Links Name of PSRB Type of approval Dates Highest Award Title Default Award Title Interim Award Titles UWE Progression Route Mode(s) of Delivery PROGRAMME SPECIFICATION UWE UWE UWE Environment and Technology Computer Science and Creative Technologies FET UG modular scheme British Computer Society BSc (Hons) Forensic Computing and Security BSc Forensic Computing and Security Dip HE Forensic Computing and Security Cert HE Forensic Computing and Security n/a Full time, Part time Codes UCAS: G4H4 UCAS: ISIS2: G4H4 ISIS2: Relevant QAA Subject Benchmark Statements Computing (primary) Law (secondary) CAP Approval Date Valid From September 2012 Valid until Date Version 1 Part 2: Educational Aims of the Programme Section 2: Educational Aims of the Programme The BSc in Forensic Computing and Security has the following general aims:
2 Part 2: Educational Aims of the Programme 1. To prepare students for careers in computing. 2. To prepare students for study for higher degrees in related subjects 3. To develop problem-solving, communication and other transferable skills applicable to a variety of careers 4. To continue the development of those general study skills that will enable students to become independent, lifelong learners. The BSc in Forensic Computing and Security has the following specific aims: 1. To prepare students for careers in computer crime-investigation (e.g. forensic technician ) and computer security 2. To equip students with the knowledge, skills, and understanding that will enable them to continue to enquire into methods and techniques for the investigation of computer crime and the security requirements of computer systems Part 3: Learning Outcomes of the Programme The award route provides opportunities for students to develop and demonstrate knowledge and understanding, qualities, skills and other attributes in the following areas: Learning Outcomes Teaching, Learning and Assessment Strategies A Knowledge and Understanding On completion of the programme students will have developed an understanding of a complex body of knowledge, some of it at the current boundaries of the disciplines, in the areas of: 1. Information, data and its representation and organisation in computer systems 2. Tools and techniques for investigating computer crime such as data mining and profiling A Knowledge and Understanding Teaching/learning methods and strategies: During the first year, students are introduced to basic programming skills and gain practical knowledge in constructing simple software systems. They encounter the elementary components of computer systems. This knowledge is extended during the second year to give the knowledge necessary to understand different computer architectures and network topologies. Beginning in the first year with both programming and computer systems modules and continuing into the second year with security and forensic tools, students learn how information can be represented as data within a computer. 3. English, EU and US legal systems By the second year students have gained a better
3 Part 3: Learning Outcomes of the Programme and the procedures and laws that support them, as relevant to a Forensic Computing practitioner. 4. The management of and requirements for security in computer systems and computer networks. understanding of computer systems, algorithms and protocols and study security as it applies to standalone and networked computers with special emphasis on mobile and embedded devices. It is here that they learn the fundamentals of computer security. The relevant parts of the Computer Crime and Digital Evidence module will conform to the QAA subject benchmarking for Law, treating the law component of the programme as subsidiary. Students will be introduced to the principle features of the English (and other major) legal systems, its institutions and procedures. Appropriate criminal process and procedure will be highlighted. The role of judges, barristers, solicitors and court staff will be explained. Throughout the programme students are exposed legal terminology and legal texts. A first-year module introduces computer crime legislation including Computer Misuse Act 1990, EU CyberCrime Convention 2003 and relevant international law. Categories of computer crime: offences against confidentiality and integrity; computer-related; content related. National law pertaining to seizure and presentation as evidence is then covered, for example (for UK) Police and Criminal Evidence Act, 1984, Regulation of Investigatory Powers Act Finally difficulties and emerging issues in interpreting these laws are discussed. Legal, commercial and other aspects of security are further explored in a practical context in the module Security Management in Practice where broader security issues of delivering end to end applications and services are studied this module also provides a practical real-world-based project to exercise the security skills developed elsewhere in the programme. Securing and examining evidence will be introduced using the platform of industry-standard software such as EnCase and other generic security and investigative tools. These tools will be available for student use in investigating sample data. In the final year the Forensic Computing Practice module provides for the investigation of and reporting on substantial sets of data. Security Management in Practice Throughout there is an emphasis on preventing
4 Part 3: Learning Outcomes of the Programme B Intellectual Skills On completion of the programme students will be able to: 1. Analyse problems and devise solutions, particularly in the area of forensic computing and security. 2. Think critically 3. Synthesis of different types of information 4. Appreciate problem contexts 5. Balance conflicting objectives contamination of the evidence or detection by intruders, ensuring continuity of evidence and the use of auditable procedures. Assessment: Assessment will be by a combination of examination and coursework. For many aspects of this programme the coursework will contain a significant practical element. Where appropriate other forms of assessment such as observation of a presentation or viva may be used. The nature of security and forensics implies a significant inter-disciplinary component. For example, the student might research into some aspect of the law as it applies to the discipline or a relevant legal case. The student would then be required to evaluate the evidence and relevant law precedents, form an opinion and produce a written report. Alternatively, the student might be given a unique set of data representing a possible computer crime scene and, applying their computer and legal skills, investigate this, produce a report suitable for use by the legal profession and then defend their work during a viva. Communication skills form an important part of the programme. These would be assessed mock trial and final year viva. B Intellectual Skills Throughout this programme students are confronted with problem solving exercises in the context of computing in general and Computer Security and Forensics in particular. In the process of devising solutions to these problems, the intellectual skills listed here are encouraged and developed. As they move through the programme, these skills are developed at increasing levels of sophistication through the use of scenarios that move from the simple and well-bounded to the complex and illstructured. As an example, in the first year students are introduced to investigative techniques and computer security via the Computer Crime & Digital Evidence module where they gain an appreciation of the issues surrounding computer security and computer forensics, thus expanding their critical thinking in this area and their analytical skills in terms of investigating cases of computer crime. At this stage they become aware of the need to appreciate the context of the cases they are dealing with and the need to balance the need for an efficient investigation with the needs of justice for all appropriate evidence
5 Part 3: Learning Outcomes of the Programme to be discovered. This leads to the need to develop critical thinking skills to target the investigation accurately and to synthesis and evaluate the sometimes conflicting evidence they may encounter to arrive at a plausible scenario. During this first year they will develop computer programs, design web applications, use design notations and design methodologies that develop their evaluative and problem solving skills In the second year these skills are further developed by designing and programming larger and more complex software systems, thus expanding the skills of problem solving and evaluation. It is at this stage that the fundamental computer security mechanisms and concepts are introduced and the concept of a trusted computing base is developed. This further expands all five of the intellectual skills. Understanding of abstract concepts is developed through practical exercises using software security libraries, thus allowing students to engage critically with the tools and materials. More advanced tools relevant to both security and forensics are introduced at this stage, reinforcing the close dependency of security and forensics and developing an understanding of the need to carefully evaluate complex real-world situations. These practical exercises in turn develop understanding of software engineering of dependable computing systems, which reinforces analytical and problem solving skills. In the final year the Security Management module broadens the scope of security beyond the confines of computers and networks through the use of case studies of real industrial applications. Here the intellectual skills gained during the programme need to be demonstrated in a realistic setting. The Forensic Computing Practice module also exercises these skills (and also develops them through further practice) by forcing students to engage with potentially confusing computer forensic cases both from the point of view of the investigator and that of the perpetrator. At all levels students are required to bring together knowledge and skills acquired in different subsidiary disciplines and hence determine new ways of approaching complex situations where it will be necessary to use all the intellectual skills acquired earlier in the programme to secure a computer system or achieve an appropriate and fair representation of a representative computer crime scene.
6 Part 3: Learning Outcomes of the Programme Assessment The investigation of computer crime evidence requires demonstration of all of the intellectual skills. At level 1 the focus in programming coursework assessment, undertaken in a number of modules, is on the skills of Analysis (1), and Problem Solving (2). At levels 2 and 3 this branches out to include all the remaining skills. Many of the coursework assessments and exam papers include elements of programming work. Independent reading is used to enable students to focus on their own areas of interest and in the process assess skills 1-3 in the submitted reports, essays and exam answers. Design-work, even when not implemented in a programming language, requires demonstration of skills 1,2,4 and 5 and a number of coursework assessments and exam questions are devoted to such work. Finally, all of the examinations assess skills 2 and 3 whilst skills 1, 4 and 5 are covered in many exams. C Subject, Professional and Practical Skills C Subject, Professional and Teaching/learning methods and strategies: Practical Skills Throughout the program, the skills listed are On completion of the programme developed through a combination of theoretical students will be able to: 1. Design and write software. 2. Employ a range of tools and notations to support the activities listed here. 3. Communicate with legal personnel at an appropriate level 4. Assess a computer crime scene and formulate a strategy for securing the evidence, investigating it impartially, and produce a report in appropriate language 5. Use software libraries and toolkits to implement security aware applications conforming to appropriate designs 6. Describe the key security mechanisms used in access control, authentication, encryption and digital signatures and perform systems analysis in terms of computer security. discussion, practical laboratory based work, classroom based tutorial exercises and directed self-study. Most of the skills listed (1, 2, 3, 4) are introduced at level 1 and then drawn into sharper focus at levels 2 and 3 (years 2 and 3). The general teaching/learning method is therefore to impart these practical/professional skills by a process of moving from an overview of what is required to a specific application of an individual skill at a higher level. Security-based skills (5 and 6) are introduced at level 2 and continued into level 3. Assessment A combination of all or most of these skills will be required to successfully complete the final year project and thus most are assessed there. The possession of these skills is also demonstrated both by the investigation of a potential computer crime scene and by examination. The practical nature of the skills to be acquired means that some are specifically addressed by particular modules (3, 4, 5,6). The more generic skills (1,2) are assessed across the programme.
7 Part 3: Learning Outcomes of the Programme D Transferable Skills and other attributes D Transferable Skills and other Teaching/learning methods and strategies: attributes On completion of the programme students will be able to : 1. Communication skills: to communicate orally or in writing, Skill one is developed through a variety of methods and strategies including the following: including, for instance, the results of technical investigations, to peers and/or to problem owners. Students maintain laboratory log books Students participate in electronic conferences, workshops, and groupwork sessions. Students participate in discussion tutorials Students present research topic findings in tutorials 2. Self-management skills: to manage one s own time; to meet deadlines; to work with others having gained insights into the problems of teambased systems development. Students participate in individual tutorials Students participate in mock trials, crossexamination and other verbal interrogation Skill two is developed through a variety of methods and strategies including the following: Students conduct self-managed practical work Students participate in practically-oriented tutorial and laboratory sessions Students work through practical work-sheets in teams Students practice design and programming 3. IT Skills in Context (to use software in the context of problem-solving investigations, and to interpret findings) Skill three is developed widely throughout the programme. 4. Problem formulation: To express problems in appropriate notations. 5. Progression to independent learning: To gain experience of, and to develop skills in, learning independently of structured class work. For example, to develop the ability to use on-line facilities to further self-study. Skill four is developed through a variety of methods and strategies including the following: Students practice design and programming Students devise procedures for investigating digital evidence Skill five is developed through a variety of methods and strategies including the following: Students are encouraged to practice programming to extend their skills Students are encouraged to research relevant computing and law topics Students are encouraged to use online facilities to discover information
8 Part 3: Learning Outcomes of the Programme 6. Comprehension of professional literature: to read and to use literature sources appropriate to the discipline to support learning activities. Skill six is developed through a variety of methods and strategies including the following: Students are encouraged to read legal case notes Students are encouraged to maintain their awareness of computing, forensic and security issues via both printed and online materials 7. Working with Others: to be able to Skill seven is developed widely throughout the work as a member of a team; to be programme. aware of the benefits and problems which teamwork can bring. Part 4: Programme Structure Assessment: Transferable skills are demonstrated though not necessarily discretely assessed in the following ways: 1. Communication skills are demonstrated, essays, presentations and poster presentations. 2. The other skills are demonstrated through a number of similar instruments including the following: Individual and group projects Practical assignments Portfolio of exercises 3. In addition self-management skills are demonstrated by in personal academic tutorial sessions and generally throughout the course. This structure diagram demonstrates the student journey from Entry through to Graduation for a full time student, including: level and credit requirements interim award requirements module diet, including compulsory and optional modules
9 Year 3 Year 2 Year 1 ENTRY UFCFC Introduction to OO Systems Development UFCF Computer and Network Systems UFCFB Web Programming UFCFP Computer Crime and Digital Evidence UFCFW Mobile and Embedded Devices UFCFLC-30-2 Secure Computer Networks UFCFJ Security and Forensic Tools UJUUJD-30-2 Science in Court Optional Modules None Optional Modules None Interim Awards Cert HE in Forensic Computing and Security 120 credits, of which not less than 100 are at Level 1 or above Interim Awards Dip HE in Forensic Computing and Security 240 credits, of which not less than 100 are at Level 2 or above and a further 120 are at Level 1 or above. Year Out: Students may optionally complete a placement year. For students on placement, there is an opportunity to complete a professional practice module and be awarded 15 level 3 credits. The professional practice module is shown in the option list for year 3 but is actually completed during the year out. Compulsory Modules UFCFR Computing Project UFCFC Forensic Computing Practice UFCFRB-15-3 Security Management in Practice Optional Modules 1 UFCFM Requirements Engineering UFCFU Advanced Databases UFCFT Cryptography UFCF Entrepreneurial Skills Option Modules 2 UFCFE Professional Experience UFCFP Integrated Case Studies Interim Awards BSc Forensic Computing and Security 300 credits with at least 60 credits at level 3, plus a further 100 credits at level 2 or above and a further 120 credits at level 1 or Highest award BSc (Hons) Forensic Computing and Security 360 credits, of which at least 100 must be at Level 3 or above, at least a further 100 at Level 2 or above and a further 140 at Level 1 or above.
10 Unseen Written Exam Open Book Written Exam In-class Written Test Multiple-Choice Test Practical Exam Practical Skills Assessment Oral assessment and/or presentation Written Assignment Report / Project Dissertation Portfolio GRADUATION NB: For part time mode of delivery provide a diagram to demonstrate the student journey from entry to graduation for a typical part time student Part 5: Entry Requirements The University s Standard Entry Requirements apply with the following additions. Successful applicants normally require a minimum of (the equivalent of) 300 UCAS points Part 6: Assessment Delete one of the following statements as appropriate A: Approved to University Regulations and Procedures Assessment Map The programme encompasses a range of assessment methods including; essays, posters, presentations, written examinations, demonstration of practical work. These are detailed in the following assessment map: Instructions: Add the Component (A or B) to the appropriate column for each Module Number and add the weighting for that assessment in brackets e.g. B1(5, A(5 Assessment Map for BSc (Hons) Forensic Computing and Security Type of Assessment* Weighting should sum to 100. Add further columns as necessary* UFCFC3- Compulso 30-1 ry UFCF93- Modules 30-1 Level 1 A (75) B (25) A (5 B1( 15) B2( 35) UFCFB3- A(2 B(1 B(6
11 Part 6: Assessment ) 5) UFCFP4- A( B(5 Compulso ry Modules Level 2 UFCFW UFCFLC UFCFJ UJUUJD A1( 5 A (5 A(3 A(5 B1( 35) B(5 B2( 15) B1( 2 B(7 B2( 3 Compulso ry Modules Level 3 UFCFR UFCFC UFCFRB A1( 25) A3( 25) A3( 15) A2( 5 A(1 0 A1( 1 A2( 75) Optional Modules Level 2 Optional Modules Level 3 UFCFM UFCFU A(1 0 A50 ) B(5 UFCFT UFCF UFCFE UFCFP A(5 B(5 A(2 5) A(2 5) B(7 5) A(1 0 B(7 5) *Assessment should be shown in terms of either Written Exams, Practical exams, or Coursework as indicated by the colour coding above.
12 Part 7: Student Learning Teaching, learning and assessment strategies to enable learning outcomes to be achieved and demonstrated At UWE, Bristol there is a policy for a minimum average requirement of 12 hours/week contact time over the course of the full undergraduate programme. This contact time encompasses a range of face:face activities as described below. In addition a range of other learning activities will be embedded within the programme which, together with the contact time, will enable learning outcomes to be achieved and demonstrated. On the BSc (Hons) Forensic Computing and Security programme teaching is a mix of scheduled, independent and placement learning. Scheduled learning includes lectures, seminars, tutorials, project supervision, demonstration, practical classes; external visits. Scheduled sessions may vary slightly depending on the module choices made. Independent learning includes hours engaged with essential reading, case study preparation, assignment preparation and completion etc. These sessions constitute an average time per module as indicated in the module specifications. Scheduled sessions may vary slightly depending on the module choices made. Placement learning: Students are strongly encouraged to undertake a placement year. They are also encouraged to take the Professional Experience module whilst on placement Description of Distinctive Features and Support Class-based Activities The particular mode of delivery of a module is determined by its Module Leader, and typically involves a combination of lectures, practical sessions, individual and group activities and group project work. Many modules involve significant practical work and therefore a proportion of the student s contact time for that module, usually 50%, is spent in the computer labs. Academic Support Academic advice and support is the responsibility of the staff delivering the module. Outside of normal timetabled hours, advice and guidance on matters relating to the material being taught and on its assessment can be obtained either by arranging an appointment with academic staff or during published "surgery" hours. Appointments are most commonly arranged by . In addition all students are allocated Academic Personal Tutor (APT) to whom they can turn for general academic advice related to their studies. From time to time students can expect their APT to invite them to meet to discuss their progress. As a supplement to this formal academic support, all modules at level 1 (i.e. first year modules) include timetabled Peer-Assisted Learning (PAL) sessions. These classes are extra to the sessions timetabled with academics and provide new students with a significant additional resource, over and above the normal 12 hours contact time. PAL sessions are led by trained PAL leaders; second and final year students who are able to use their experience during the first year to help the newer students overcome barriers to success in their studies. On-line Academic Support Extensive on-line support for this programme is provided through the University portal (myuwe). This provides access to the University s e-library, which allows students to read academic journals and study-skills material. Of particular interest to students of this programme is access to the ACM, IEEE and British Standards Online databases. The portal also gives entry to UWE s Virtual Learning Environment
13 Part 7: Student Learning (Blackboard) which is used by academics to make available general information about the module delivery, handbooks, lecture notes and other materials. In addition, the portal publishes individual student timetables, marks and other aspects of the operation of the programme and University life. Pastoral Support Pastoral care is provided through the University-wide Student Advisers, a team of staff who provide comprehensive, full-time student support service. Advisers are trained to provide advice on matters commonly of concern, including regulatory and other matters; the Adviser will, when necessary, direct the student to specialist professional services including the University's counselling service, careers, financial services etc.. Independent Study All modules require students to carry out independent study, such as preparation for classes, research for projects and completion of assignments, and a full range of facilities are available at all sites to help students with these. The philosophy is accordingly to offer students both guided support and opportunities for independent study. Guided support is mainly in the form of timetabled sessions. Students are expected to attend all sessions on their timetable. The habits and practice of independent study is then developed through the support offered in individual modules. Typically, module leaders will provide a plan for the module indicating the activities to be carried out and the forms of learning to be undertaken during the delivery of the module, with a view to encouraging students to plan ahead and to take responsibility for managing their time and resources. Computing Facilities In 2012 the Faculty has undertaken a major new build f computing facilities in which it offers a specialised computing facility alongside the general University provisions. There are multiple computing laboratories of 20 plus seats running Windows, Linux and dual-boot systems required for this program. Computers within the specialist laboratories include the standard University build augmented by software resources and hardware equipment necessary for the delivery of the modules. For example, the specialist Forensic and Security laboratory runs virtual machine and industry-standard specialist software. In addition, one of the most popular areas within the Faculty is the Open Access laboratory. This area is never timetabled and gives students the opportunity to access machines at all times during opening hours. Part 8: Reference Points and Benchmarks Description of how the following reference points and benchmarks have been used in the design of the programme: QAA subject benchmark statements The QAA Subject Benchmark Statements for Computing and for Law were published in 2007, and are applicable to this proposal. The programme clearly falls into the cognate area described by the Computing benchmark. Due to the nature of Forensic and Security practice, much of the computing material is of a technical, low-level nature, with relatively little computing theory. Thus, in terms of the
14 Part 8: Reference Points and Benchmarks benchmark s high-level characterisation of Computing, the emphasis of the programme is on software, communication and interaction and practice, developed within the context of the specialised requirements of the programme. From the body of knowledge the following are considered essential to a study of Forensic Computing: Artificial Intelligence, specifically in the context of data mining; Computer Based Systems; Computer Networks; Data Structures and Algorithms, with emphasis on data structures; Distributed Computer Systems; Operating Systems; Programming Fundamentals; Security and Privacy; Web-based Computing. The Computing Benchmark Statement also contains (section 5) statements of the standards expected of graduates at both modal and threshold levels. The team is of the view that graduates of the proposed programme will be able to meet the required standards. The Law benchmark has been considered during the design process at the Law as Subsidiary level of performance, which focuses on the development of legal skills related to some specific area (in this case Forensic Computing and Security). Though the Statement is targeted at programmes with at least 180 credits of legal subjects, its expectations also apply to programmes such as this, where the legal aspects make up a relatively small, but very important component. No attempt has been made to include all aspects of law or to provide the foundation for a legal career as such instead the most important points of law and court procedure are covered. The aim of the design team has been to provide sufficient legal knowledge to be aware of the rules and legal system pertaining to Forensic Computing: as suggested in the Benchmark, the relevant law is treated mainly as data from which legal conclusions or opinions can be derived. It is expected that student will be able to assimilate legal information from a variety of sources and apply the knowledge acquired to computer crime investigation and security analysis. University strategies and policies The development of this programme reflects well institutional policies and is fully consistent with the University s commitment to make a positive difference to our students, business and society. This programme supports the University s Strategic Partnership themes as represented by the INSPIRE acronym: Innovation Nurturing Talent Student Experience Participation Internationalisation Research Exchange Employer interaction and feedback The content of the proposed programme has been very much shaped by feedback from employers (both of placement students and of graduates) and by graduates of the former BSc (Hons) Forensic Computing and BSc (Hons) Computer Security. The emphasis is to prepare students with a solid grounding in Forensic Computing and Security to enable them to take up a variety of technical positions in the forensics and security industry. The success of this approach has been borne out by the wide variety of organisations in which students have been placed or employed and by the overwhelmingly positive feedback of their employers.
15 This specification provides a concise summary of the main features of the programme and the learning outcomes that a typical student might reasonably be expected to achieve and demonstrate if he/she takes full advantage of the learning opportunities that are provided. More detailed information on the learning outcomes, content and teaching, learning and assessment methods of individual modules can be found in module specifications, available on the University s website.