This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Unit 2 of Research Methodology
Research design types from purely descriptive to true experimental, the literature review process from search string to named gap, systematic reviews versus narrative ones, the academic databases and reference tools researchers actually use, and why reproducibility failures are already well documented inside malware research itself.
Learning outcomes
Eight common research designs -- from purely descriptive to true experimental -- and why correlational findings like "MFA users report fewer breaches" get misreported as causal claims almost every time.
What a literature review is actually for, the six stages that take a topic from vague interest to a named research gap, how to build a Boolean search string, and how snowballing catches what keyword search misses.
What separates an ordinary literature review from a systematic one -- a fixed protocol decided before screening begins -- and the two frameworks, Kitchenham and PRISMA, most often used to run one.
The eight databases used for computer science and digital forensics literature reviews, why an arXiv preprint is not the same as a peer-reviewed paper, and how to handle grey literature like CERT-In advisories and MITRE ATT&CK pages.
Zotero, Mendeley, and EndNote compared, and the capture-to-citation workflow that turns a browser bookmark into an auto-formatted citation in a LaTeX thesis.
The difference between reproducible and replicable, and two documented cases -- Rossow et al.'s 2012 audit of 36 malware papers and the 2019 TESSERACT study -- showing how badly designed experiments inflate a headline accuracy figure.
How to move from a broad topic to a specific, answerable research question, and from a research question to a testable hypothesis — the bridge between the literature review and the methodology chapter.