Computer Forensics

Course Description

The goal of this course is to introduce students to the methods of collection and handling of digital traces for the purpose of investigation and legal proceedings. Course content includes forensic data storage media, network forensics, memory forensics, digital document forensics, techniques for collecting, analyzing and managing digital traces. Students will learn about the hardware and software tools that help forensic scientists in the collection of digital traces.

Learning Outcomes

  1. collect digital traces of IT systems
  2. handle data sources and collected traces
  3. analyze traces of the attacker
  4. reconstruct the events that formed the attack
  5. produce reports on security incidents
  6. use the tools that help in data collection, analysis and identification of digital traces

Forms of Teaching


Lectures have predefined topics. Students have to prepare for the lecture according to available instructions.

Laboratory Work

Students can do the lab work also at their home.


Student can receive consultations via e-mail in the course of several days or in person which ahas to be scheduled via e-mail.


The course includes making a seminar, presenting it and making a video presentation of the conducted work.


All lecture materials, lecture captures and lab assignments are available to students on course web-pages..

Grading Method

Continuous Assessment Exam
Type Threshold Percent of Grade Threshold Percent of Grade
Laboratory Exercises 50 % 35 % 0 % 0 %
Homeworks 50 % 10 % 0 % 0 %
Seminar/Project 50 % 20 % 50 % 20 %
Mid Term Exam: Written 0 % 1 % 0 %
Final Exam: Written 50 % 34 %
Exam: Written 50 % 80 %

Week by Week Schedule

  1. Computer forensics basics. Techniques for collecting digital traces. Digital evidence management.
  2. File system and media forensics I.
  3. File system and media forensics II.
  4. Digital document forensics.
  5. Mail forensics.
  6. Network forensics I.
  7. Mid-term exam.
  8. Mid-term exam.
  9. Network forensics II.
  10. Network forensics III.
  11. Memory forensics.
  12. Hardware forensics tools.
  13. Legislation.
  14. Exam preparation exercises.
  15. Final exam.

Study Programmes

University graduate
Computer Engineering (profile)
Recommended elective courses (3. semester)
Computer Science (profile)
Recommended elective courses (3. semester)
Electronic and Computer Engineering (profile)
Recommended elective courses (3. semester)
Electronics (profile)
Recommended elective courses (3. semester)
Information Processing (profile)
Recommended elective courses (3. semester)
Software Engineering and Information Systems (profile)
Recommended elective courses (3. semester)
Telecommunication and Informatics (profile)
Recommended elective courses (3. semester)


Warren G. Kruse, Jay G. Heiser (2002.), Computer Forensics, Addison-Wesley Professional
Eoghan Casey (2011.), Digital Evidence and Computer Crime, Academic Press
Cory Altheide, Harlan Carvey (2011.), Digital Forensics with Open Source Tools, Elsevier
Sherri Davidoff, Jonathan Ham (2012.), Network Forensics, Prentice Hall

Associate Lecturers

Laboratory exercises


ID 139971
  Winter semester
L2 English Level
L3 e-Learning
30 Lectures
0 Exercises
15 Laboratory exercises
0 Project laboratory

Grading System

90 Excellent
80 Very Good
70 Good
60 Acceptable