Computer Forensics
Laboratory exercises
Course Description
Prerequisites
Study Programmes
University graduate
Learning Outcomes
- collect digital traces of IT systems
- manage data sources and collected traces
- analyze traces of the attacker
- reconstruct the events that formed the attack
- produce reports on security incidents
- use the tools that help in data collection, analysis and identification of digital traces
Forms of Teaching
Lectures are held weekly. There is a class preparation assignment for each lecture.
Seminars and workshopsThe course includes a seminar in form of an article on the course wiki page, but also presenting the article live and preparing video material for that purpose.
Partial e-learningAll lecture materials, lecture captures and lab assignments are available to students on course web pages.
LaboratoryLaboratory exercises are held bi-weekly. They can be completed remotely at the location of your choice. Course lecturers can offer help in laboratory sessions held at the University. Laboratory sessions' results are submitted using Moodle.
Work with mentorStudents can choose a more challenging seminar topic, for example using real forensic data, get lecturers' help with the goal of publishing the results in a scientific paper.
OtherAll course materials are available on the course web site. All knowledge assessments and laboratory exercises are also performed in a digital environment.
Grading Method
Continuous Assessment | Exam | |||||
---|---|---|---|---|---|---|
Type | Threshold | Percent of Grade | Threshold | Percent of Grade | ||
Laboratory Exercises | 50 % | 35 % | 0 % | 0 % | ||
Homeworks | 50 % | 10 % | 0 % | 0 % | ||
Quizzes | 50 % | 5 % | 0 % | 0 % | ||
Seminar/Project | 50 % | 20 % | 50 % | 20 % | ||
Mid Term Exam: Written | 0 % | 1 % | 0 % | |||
Final Exam: Written | 50 % | 29 % | ||||
Exam: Written | 50 % | 80 % |
Comment:
When completing the course in the exam period, the final exam consists of two parts:
- Practical part (with the same content as the final exam in continuous assessment) worth 65% of overall course credits
- Theoretical part (multiple choice questions on Moodle) worth 15% of the overall course credits
Week by Week Schedule
- Basic principles and methodologies for digital forensics
- Operating system forensics
- Digital document forensics
- RAM forensics
- Network forensics (1/2)
- Network forensics (2/2)
- Wireless network forensics
- Midterm exam
- e-Mail forensics
- Logs
- Forensic procedures
- Mobile forensics
- Steganography
- Project presentations
- Final exam