Computer Forensics

Course Description

Students will learn how to acquire and handle digital traces for private and legal investigations, as well as perform forensic procedures on storage media, communication networks, random access memory and digital documents. Students will learn to use hardware and software tools to assist them in forensic procedures.

Learning Outcomes

  1. collect digital traces of IT systems
  2. handle data sources and collected traces
  3. analyze traces of the attacker
  4. reconstruct the events that formed the attack
  5. produce reports on security incidents
  6. use the tools that help in data collection, analysis and identification of digital traces

Forms of Teaching


Lectures are held weekly. There is a class preparation assignment for each lecture.

Seminars and workshops

The course includes a seminar in form of an article on the course wiki page, but also presenting the article live and preparing video material for that purpose.

Partial e-learning

All lecture materials, lecture captures and lab assignments are available to students on course web pages.


Laboratory exercises are held bi-weekly. They can be completed remotely at the location of your choice. Course lecturers can offer help in laboratory sessions held at the University. Laboratory sessions' results are submitted using Moodle.

Work with mentor

Students can choose a more challenging seminar topic, for example using real forensic data, get lecturers' help with the goal of publishing the results in a scientific paper.


All course materials are available on the course web site. All knowledge assessments and laboratory exercises are also performed in a digital environment.

Grading Method

Continuous Assessment Exam
Type Threshold Percent of Grade Threshold Percent of Grade
Laboratory Exercises 50 % 35 % 0 % 0 %
Homeworks 50 % 10 % 0 % 0 %
Seminar/Project 50 % 20 % 50 % 20 %
Mid Term Exam: Written 0 % 1 % 0 %
Final Exam: Written 50 % 34 %
Exam: Written 50 % 80 %

When completing the course in the exam period, the final exam consists of two parts:

  • Practical part (with the same content as the final exam in continuous assessment) worth 65% of overall course credits
  • Theoretical part (multiple choice questions on Moodle) worth 15% of the overall course credits
Both parts have a 50% passing threshold.

Week by Week Schedule

  1. Basic principles and methodologies for digital forensics
  2. Operating system forensics
  3. Digital document forensics
  4. RAM forensics
  5. Network forensics (1/2)
  6. Network forensics (2/2)
  7. Wireless network forensics
  8. Midterm exam
  9. e-Mail forensics
  10. Logs
  11. Forensic procedures
  12. Mobile forensics
  13. Steganography
  14. Project presentations
  15. Final exam

Study Programmes

University graduate
Audio Technologies and Electroacoustics (profile)
Free Elective Courses (1. semester)
Communication and Space Technologies (profile)
Free Elective Courses (1. semester)
Computational Modelling in Engineering (profile)
Free Elective Courses (1. semester)
Computer Engineering (profile)
Free Elective Courses (1. semester) Recommended elective courses (3. semester)
Computer Science (profile)
Free Elective Courses (1. semester) Recommended elective courses (3. semester)
Control Systems and Robotics (profile)
Free Elective Courses (1. semester)
Data Science (profile)
Free Elective Courses (1. semester)
Electrical Power Engineering (profile)
Free Elective Courses (1. semester)
Electric Machines, Drives and Automation (profile)
Free Elective Courses (1. semester)
Electronic and Computer Engineering (profile)
Elective Courses of the Profile (1. semester) Recommended elective courses (3. semester)
Electronics (profile)
Free Elective Courses (1. semester) Recommended elective courses (3. semester)
Information and Communication Engineering (profile)
Elective Courses of the Profile (1. semester)
Information Processing (profile)
Recommended elective courses (3. semester)
Network Science (profile)
Free Elective Courses (1. semester)
Software Engineering and Information Systems (profile)
Elective Course of the Profile (1. semester) Recommended elective courses (3. semester)
Telecommunication and Informatics (profile)
Recommended elective courses (3. semester)


Shiva V. N. Parasram (2020.), Digital Forensics with Kali Linux, Packt Publishing Ltd
Bill Nelson, Amelia Phillips, Christopher Steuart (2018.), Guide to Computer Forensics and Investigations, Loose-Leaf Version, Mindtap Course List
Ric Messier (2017.), Network Forensics, John Wiley & Sons
Joakim Kävrestad (2018.), Fundamentals of Digital Forensics, Springer
Xiaodong Lin (2018.), Introductory Computer Forensics, Springer

Laboratory exercises

For students


ID 222756
  Winter semester
L3 English Level
L2 e-Learning
30 Lectures
15 Laboratory exercises

Grading System

90 Excellent
80 Very Good
70 Good
60 Acceptable