Faculty of Information Technology, BUT

Course details

Digital Forensics (in English)

DFAa Acad. year 2019/2020 Summer semester 5 credits

The course focuses on the role of computer forensics and the methods used in the investigation of computer crimes. The course explains the need for proper investigation and illustrates the process of locating, handling, and processing computer evidence. A detailed explanation of how to efficiently manage a forensics investigation and how to preserve and present evidence is covered.

Guarantor

Deputy Guarantor

Language of instruction

English

Completion

Examination (written+oral)

Time span

26 hrs lectures, 12 hrs laboratories, 14 hrs projects

Assessment points

55 exam, 30 exercises, 15 projects

Department

Lecturer

Instructor

News


This course is instructed in English, and it is intended for incoming Erasmus+ students, too.

Subject specific learning outcomes and competences

Student acquaints basic concepts and principles of computer forensics and skills in a computer forensic examination.

Learning objectives

The aim is to understand principles of computer forensics and the basic concepts used in a computer forensics examination; introduces techniques required for conducting a forensic analysis of systems and data.

Why is the course taught


The course prepares the student for a possible role of cyber attack investigator or forensic analyst within security teams.

Prerequisite kwnowledge and skills

Basic knowledge of operating systems, storage media, networking and ability to write simple scripts.

Fundamental literature

  • Nelson, B, Phillips, A, Enfinger, F, Stuart, C: Guide to Computer Forensics and Investigations, 2nd Ed, Thomson Course Technology, 2006, ISBN: 0-619-21706-5
  • Vacca, J: Computer Forensics, Computer Crime Scene Investigation, 2nd Ed, Charles River Media, 2005.
  • Buchanan, W, J: Introduction to Security and Network Forensics, Taylor and Francis, Auerbach Publications, 2011.
  • Davidoff, S, Ham, J: Network Forensics: Tracking Hackers through Cyberspace, Prentice Hall, 2012.

Syllabus of lectures

  1. Introduction to Forensics Investigation
  2. Data Acquisition Tools and Methods
  3. Computer Forensics Tools
  4. Data Recovery, Filesystem Examination
  5. Data Analysis, Carving, Recovery Files
  6. OS Forensics: Windows, Mac OS, Linux
  7. Introduction to Mobile Forensics
  8. Mobile Forensics Data Acquisition and Analysis
  9. Network Traffic Capturing and Processing
  10. Network Data Analysis
  11. Network Device Forensics
  12. IoT Forensics
  13. Cryptocurrencies

Syllabus - others, projects and individual work of students

Performing the investigation of the selected cases. Solving the cases and writing the report.

Controlled instruction

Controlled activities include a project, computer exercises and the final exam. Missed labs will not be replaced.

Exam prerequisites

  • Earning at least 20 points during the term is required.
  • Minimum of 20 points of the final exam is necessary to pass the course.

Schedule

DayTypeWeeksRoomStartEndLect.grpGroupsInfo
Wedlecturelectures O203 08:0009:50 1EIT 1MIT 2EIT 2MIT INTE xx
Wedlaboratorylectures O203 10:0010:50 1EIT 1MIT 2EIT 2MIT INTE xx

Course inclusion in study plans

Back to top