• Introduction
  • Target Audience
  • Course Purpose
  • Course Structure and Duration
  • Course Description
  • Delivery Method
  • Course Fees

Digital Forensics is the field of forensic science that deals with investigations  of digital crimes and computer related offences.  Digital forensics is emerging as an important field of study in Information and Communication Technology (ICT) security as well as in advance law studies. Cyber security on the other hand refers technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. Thus digital forensics refers to post incident response measures while cyber security refers to the preventive measures for information security.

This course is a professional certificate programme for individuals interested in pursuing careers in cyber security and digital forensics. It is implemented in a blended learning format, combining face to face contact and packed with hands on sessions with tutor-supported online interactions. It covers the fundamentals of cyber security and digital forensics as well as practical skills gained through exposure to open source and commercial forensic analysis tools. 

This programme has been developed in close consultation with the industry experts and lawyers who are involved with handling the digital forensics cases and cyber security matters as part of their professional practice. In any subject, having a textbook as a primary source of reference is important. Due to the emerging nature of the cyber security and digital forensics discipline, it is very challenging to find all the contents in one book.

At the end of the programme qualified students receive a Professional Certificate in Cyber Security Technology and Forensics from Jaramogi University of Science and Technology as well as Internet Examiner Certified Professional (IECP) certification from Siquest Corporation, developers Internet Examiner Toolkit forensic analysis software. This certification will be beneficial to students who need to qualify their experience or status as an expert.



Internet Examiner Toolkit is the first complete, multilingual, multi-faceted forensic suite of tools that is designed specifically to discover, examine, analyze, and report internet-based evidence acquired from computers hard drives, live memory and mobile devices. IXTK also makes it possible to conduct, track and capture “live” internet investigations in real-time. With the propriety design of an intelligent and user-customizable Artifact Framework, IXTK can rapidly update its library of supported internet artifacts.


Established by an executive team with 17 years of law enforcement, IXTK is a reflection of an established experience in criminal investigations, case management, prosecution, and expert witness testimony.


For more information on IXTK visit http://www.siquest.com/index.php/home/

Digital Forensic Managers, Auditors, Corporate and Public Security and Investigations personnel, Risk Managers, Legal Professionals, IT Security professionals, Judges, Prosecutors, Cloud Security professionals, Intelligence Agencies, IT Architects, Compliance Managers, Network and System Administrators and any other interested persons (enthusiasts).

This program is intended to prepare participants to acquire general knowledge on cyber security and digital forensics.

The objectives  of the course are to:

  • Explore the fundamental concepts of cyber security and digital forensics.
  • Explore the legal, ethical and global impacts of cyber security and related threats in private, public and personal computing infrastructures.
  • Explore the importance of electronic evidence in court proceedings.
  • Explore impacts of cyber security with regards to national security, legal structure and international relations as well as formal treaties, standards and frameworks related to cyber security.
  • Explore the various ways of computer and cyber forensics techniques.
  • Make detailed explanation of computer crime scene management and report writing.
  • Identify practical aspects of computer forensic tools.
  • Appreciate network and system security procedures.
  • Obtain updates on cyber security concepts and fundamentals and its applications in real life scenarios.
  • Relate the dimensions and complexity of cyber security to national security and international relations.
  • Present legal and ethical considerations for investigating and prosecuting digital crimes.
  • Describe the role of digital forensics in criminal investigations, corporate investigation and auditing, and IT security operations.
  • Explain how data are stored on a local computer, remotely on the Internet, and also the general structures of the local computer and the Internet.
  • Plan and execute a digital forensic investigation, from data acquisition and validation to evidence discovering, analyzing, validating, and presenting, by using a variety of digital forensic tools.
  • Perform independent research to deepen the understanding in a specific area or keep the pace with latest development in the fields.
  • Acquire skills, such as communication, analysis and inquiry, problem solving, independent and group working, and professionalism and social responsibility.

  • The course shall take sixty (60) hours(including assessments and tests) with the first Five (5) dedicated to digital literacy skills.
  • The course shall be offered in seven modules with each module lasting one Five (5) hours. The last ten (10) hours shall include hands-on practicum and moot court sessions and final assessment.
  • Each module will consist of the equivalent of five (5) lecture hours, which includes interactive online interactions, tutorials and face to face contact sessions.
  • Participants shall undertake two assessments for the entire course as detailed under the Assessment clause.
  • The participants shall be required to have laptops with current running Operating Systems.


The teaching and learning approaches will combine classroom lectures, group discussions and individual practical activities and take home assignments.


Computer hardware and software, handouts prepared by the lecturer, power point slides, and summarized teaching notes.


JOOUST university Examinations rules and regulations shall apply

The professional certificate program is developed in close consultation with the industry experts and lawyers who are involved with handling the digital forensics cases and cyber security matters as part of their professional practice. In any subject, having a textbook as a primary source of reference is important. Due to the emerging nature of the cyber security and digital forensics discipline, it is very challenging to find all the contents in one book. Especially, books written in Kenyan context are rare.


Topic 1: Understanding digital forensics and cyber security

This topic defines digital forensics and cyber security concepts.  The emphasis is placed on the ability of the user to understand fundamentals of cyber security and the basics of digital forensics.

Expected Learning Outcomes

  • Definition of cyber forensics and cyber security
  • Introduction to computer forensics concepts and terminology
  • Describe how to prepare for digital investigations
  • Describe the role of a digital forensic investigator
  • Learn the requirements to establish a digital forensic lab
  • Basic forensic analysis concepts and presentation of digital evidence
  • Understand history of cyber security


Topic 2: Fundamentals of Digital Forensics Investigations

This topic explains digital investigation processes. Students learn how to prepare a digital investigation and apply a systematic approach to an investigation. The topic describes the procedures for a high-tech investigation. It also describes the role of a digital forensics investigator.

Expected Learning Outcomes

  • Explain digital investigation process and how to prepare a digital investigation while applying systematic approach to investigation
  • Comparing and contrasting digital investigations and other modes of investigations
  • Review of several available computer software and hardware forensics tools and learn various methods for validating and testing these tools.
  • Describe the procedures of a high-tech investigation
  • Formats of Cyber Security and Digital Investigations Reports


Topic 3: Incident and Crime Scene Management

This refers to actions taken from the outset of an investigation of a crime/incident scene that involves documented step-by-step processes used in the discovery, identification, collection, preservation and presentation of the evidence that also ensures the integrity of the evidence.  The student gets to learn the following:

Expected Learning Outcomes

  • Understand best data acquisition and collection methods using forensic tools
  • Difference between data collection and data acquisition
  • Learn ADAMS principles and ACPO principles
  • conduct incident or/ and crime scene management when the computer is either off or on
  • Learn about the hashing algorithms used in forensic analysis to validate data
  • Determine whether data – hiding techniques have been used
  • Learn how to best handle and preserve evidence
  • Develop an audit trail/chain of custody
  • Identification of primary & secondary Computer incident and Crime Scene(s)

 Topic 4: Electronic Evidence Management

Sometimes, a civil case can quickly become a criminal case, and a criminal case can revert to a civil case. Although this topic examines rules of evidence, computer crimes and computer related offences in the Kenya, the procedures apply in most courts worldwide.  Following are covered:

Expected Learning Outcomes

  • Definition of digital evidence and identification of various sources and characteristics of e-evidence
  • Explanation of various rules of electronic evidence and other related legislations
  • Understanding e-discovery, e-disclosure and metadata
  • Criminal law and procedure versus electronic evidence
  • Jurisdictional issues and International Cooperation
  • Understanding cyber crime and its methodologies
  • Challenges of electronic evidence
  • Learn how to complete and critique a case


Topic 5: Fundamentals of Cyber Security

This topic deals with all measure put in place to ensure information security. . Cyber security is the process of applying security measures to ensure confidentiality, integrity, and availability of data.  Cyber security assures protection of assets which includes data, desktops, servers, buildings, and most importantly, humans.  In this topic, matters concerning computer security, network security, classes of attacks and areas of weaknesses in cyber security are handled.

Expected Learning Outcomes

  • Brief history of computer security
  • Overview of technologies, processes and practices designed to protect networks, computers, programs and data
  • Introducing systems security and Network security
  • Explaining classes of Attack and cyber risks
  • Overview of ISO 27001:2005 – Information technology – security techniques – Information security systems – requirements
  • Information Security Management and Standards of Best Practices


Topic 6: Digital Forensics in Practice

The topic reviews how data is stored and managed in operating systems (OSs). To become proficient in recovering data for computer investigations, students are taken through mechanics of file systems.  The students also learn about the hashing algorithms used in forensics analysis to validate data and use of forensics tools and practices to process electronic evidence.  In addition, the students are introduced to data recovery and data hiding concepts

Expected Learning Outcomes

  • Usage of both hardware and software forensic tools
  • Applying the various hashing algorithms in forensic analysis
  • Applying and detecting data recovery and data hiding concepts
  • Review how data is stored and managed in operating systems
  • Understanding email headers and other Metadata


Topic 7: Forensic Expert in Courtroom

In this topic, the students learn about the types of testimony—for trials, depositions, and hearings—and the difference between a technical/scientific witness/ expert witness and lay witness.  In addition, the students learn how computer forensic experts conduct their work and give expert testimony as well as how they generate reports on findings.

Expected Learning Outcomes

  • Guidelines on writing reports of forensics findings and investigations
  • Learning the rules of evidence and procedure as they apply to testimony and types of testimonies
  • Appreciation of general duties of an expert
  • Testing the reliability of forensic software(s) used by the experts –“Daubert Test”
  • Cross –examination of expert witnesses

The professional certificate program shall be delivered in a blended face-to-face lecture/ practical session mode and attended by all students in a fully functional forensic laboratory and interactive online sessions, in order to enhance their practical skills.  It is in the face – to face period that all the attempted practical exercises and sessions are reviewed and solved.

The rationale behind the use of the blended method in subject delivery is primarily the targeted audience who are mostly working professionals. The choice of this method is its ability to deliver the contents interactively.


There are two assessment items with several tasks each in this subject. Assessment-1 includes hands-on projects, a case project and a research project. Assessment-2 is an on-site exam containing multiple choices and short-answer questions.


Assessment 1: Hands-on projects using forensic tools

These assessments contain some selected hands-on projects from the textbook. Some of these projects require students to use open source as well as commercial forensic tools to perform most digital forensics acquisition and analysis functions.

Hands-on projects are vital in this subject. The rationale for this assessment is to enable students to complete important hands-on projects, solve case projects, investigate important forensics utilities, effectively use forensics tools, investigate file systems, and be able to write a case study based on their experience or learning in the subject.

Emphasis shall be put on the technical aspects of the subject more elaborately and guidelines for the software tools and technical requirements needed to complete the hands – on projects provided in advance of the commencement of the subject.

Assessment 2: Final Examination

The final examination is an on-site closed book examination which covers the entire subject syllabus. The Managecom and JOOUST University have the exclusive arrangement to conduct examination for most of the subjects offered. The two hours examination consists of 20 multiple choice questions and three short answer questions. Marks are awarded against the accurate expression of ideas and demonstration of understanding of subject objectives, facts and concepts learned.

Application Fees:         KES 1,500/=

Course Fees:               KES 70,000/=

IXTK Dongle:               KES 3,500/=


Tuesdays:            5:30 – 8:00 (Two and half hours)

Thursdays:          5:30 – 8:00 (Two and half hours)

Venue:                  Nairobi Campus, Postbank Building 12th Floor

Registration for September 2016 intake on-going

For more information call +254 721 226 324 / +254 733 973 999

or send email to info@managecom.co.ke