This module is a resource for lecturers


When investigating crimes, law enforcement agencies are more likely than not to encounter information and communication technology (ICT) during an investigation. ICT can be the target of the crime, used to commit a crime, or contain evidence of a crime. ICTs and the data within them are examined to identify evidence of criminal activity. This investigation seeks to scientifically establish facts of a case using digital evidence. The investigator's role is to identify this evidence and reconstruct the sequence of events of the crime (or cybercrime). This Module examines the way digital evidence is identified, particularly digital forensics (discussed in Cybercrime Module 4 on Introduction to Digital Forensics), which is the process by which digital evidence of crimes and cybercrimes is collected, acquired, preserved, analysed, interpreted, reported, and presented during legal proceedings.

Learning Outcomes

  • Identify, analyse, and critically assess legal and ethical obligations of cybercrime investigators and digital forensics professionals
  • Identify essential phases in the digital forensics process
  • Articulate and critically evaluate the ways in which digital evidence is identified, collected, acquired, and preserved
  • Discuss and appraise the processes involved in digital evidence analysis and the reporting of findings based on this analysis
  • Explain and apply a framework for assessing the admissibility of digital evidence in courts
Next: Key issues
Back to top