Computer Forensics

Course Description

The goal of this course is to introduce students to the methods of collection and handling of digital traces for the purpose of investigation and legal proceedings. Course content includes forensic data storage media, network forensics, memory forensics, digital document forensics, techniques for collecting, analyzing and managing digital traces. Students will learn about the hardware and software tools that help forensic scientists in the collection of digital traces.

Learning Outcomes

  1. collect digital traces of IT systems
  2. handle data sources and collected traces
  3. analyze traces of the attacker
  4. reconstruct the events that formed the attack
  5. produce reports on security incidents
  6. use the tools that help in data collection, analysis and identification of digital traces

Forms of Teaching

Lectures

Lectures are held weekly. There is a class preparation assignment for each lecture.

Seminars and workshops

The course includes a seminar in form of an article on the course wiki page, but also presenting the article live and preparing video material for that purpose.

Partial e-learning

All lecture materials, lecture captures and lab assignments are available to students on course web pages.

Laboratory

Laboratory exercises are held bi-weekly. They can be completed remotely at the location of your choice. Course lecturers can offer help in laboratory sessions held at the University. Laboratory sessions' results are submitted using Moodle.

Work with mentor

Students can choose a more challenging seminar topic, for example using real forensic data, get lecturers' help with the goal of publishing the results in a scientific paper.

Other

All course materials are available on the course web site. All knowledge assessments and laboratory exercises are also performed in a digital environment.

Grading Method

Continuous Assessment Exam
Type Threshold Percent of Grade Threshold Percent of Grade
Laboratory Exercises 50 % 35 % 0 % 0 %
Homeworks 50 % 10 % 0 % 0 %
Quizzes 50 % 5 % 0 % 0 %
Seminar/Project 50 % 20 % 50 % 20 %
Mid Term Exam: Written 0 % 1 % 0 %
Final Exam: Written 50 % 29 %
Exam: Written 50 % 80 %
Comment:

When completing the course in the exam period, the final exam consists of two parts:

  • Practical part (with the same content as the final exam in continuous assessment) worth 65% of overall course credits
  • Theoretical part (multiple choice questions on Moodle) worth 15% of the overall course credits
Both parts have a 50% passing threshold.

Week by Week Schedule

  1. Basic principles and methodologies for digital forensics
  2. Operating system forensics
  3. Digital document forensics
  4. RAM forensics
  5. Network forensics (1/2)
  6. Network forensics (2/2)
  7. Wireless network forensics
  8. Midterm exam
  9. e-Mail forensics
  10. Logs
  11. Forensic procedures
  12. Mobile forensics
  13. Steganography
  14. Project presentations
  15. Final exam

Study Programmes

University graduate
[FER3-HR] Audio Technologies and Electroacoustics - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Communication and Space Technologies - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Computational Modelling in Engineering - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Computer Engineering - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Computer Science - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Control Systems and Robotics - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Data Science - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Electrical Power Engineering - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Electric Machines, Drives and Automation - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Electronic and Computer Engineering - profile
Elective Courses (1. semester) (3. semester)
Elective Courses of the Profile (1. semester) (3. semester)
[FER3-HR] Electronics - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Information and Communication Engineering - profile
Elective Courses (1. semester) (3. semester)
Elective Courses of the Profile (1. semester)
Elective Coursesof the Profile (3. semester)
[FER3-HR] Network Science - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Software Engineering and Information Systems - profile
Elective Course of the profile (3. semester)
Elective Course of the Profile (1. semester)
Elective Courses (1. semester) (3. semester)
[FER2-HR] Computer Engineering - profile
Recommended elective courses (3. semester)
[FER2-HR] Computer Science - profile
Recommended elective courses (3. semester)
[FER2-HR] Electronic and Computer Engineering - profile
Recommended elective courses (3. semester)
[FER2-HR] Electronics - profile
Recommended elective courses (3. semester)
[FER2-HR] Information Processing - profile
Recommended elective courses (3. semester)
[FER2-HR] Software Engineering and Information Systems - profile
Recommended elective courses (3. semester)
[FER2-HR] Telecommunication and Informatics - profile
Recommended elective courses (3. semester)

Literature

Shiva V. N. Parasram (2020.), Digital Forensics with Kali Linux, Packt Publishing Ltd
Bill Nelson, Amelia Phillips, Christopher Steuart (2018.), Guide to Computer Forensics and Investigations, Loose-Leaf Version, Mindtap Course List
Ric Messier (2017.), Network Forensics, John Wiley & Sons
Joakim Kävrestad (2018.), Fundamentals of Digital Forensics, Springer
Xiaodong Lin (2018.), Introductory Computer Forensics, Springer

For students

General

ID 222756
  Winter semester
5 ECTS
L1 English Level
L2 e-Learning
30 Lectures
0 Seminar
0 Exercises
15 Laboratory exercises
0 Project laboratory

Grading System

90 Excellent
80 Very Good
70 Good
60 Sufficient