Course detail

Digital Forensics (in English)

FIT-DFAaAcad. year: 2019/2020

The course focuses on the role of computer forensics and the methods used in the investigation of computer crimes. The course explains the need for proper investigation and illustrates the process of locating, handling, and processing computer evidence. A detailed explanation of how to efficiently manage a forensics investigation and how to preserve and present evidence is covered.

Language of instruction

English

Number of ECTS credits

5

Mode of study

Not applicable.

Guarantor

doc. Ing. Ondřej Ryšavý, Ph.D.

Department

Department of Information Systems (UIFS)

Offered to foreign students

Of all faculties

Learning outcomes of the course unit

Student acquaints basic concepts and principles of computer forensics and skills in a computer forensic examination.

Prerequisites

Basic knowledge of operating systems, storage media, networking and ability to write simple scripts.

Co-requisites

Not applicable.

Planned learning activities and teaching methods

Not applicable.

Assesment methods and criteria linked to learning outcomes

  • Earning at least 20 points during the term is required.
  • Minimum of 20 points of the final exam is necessary to pass the course.

Course curriculum

Not applicable.

Work placements

Not applicable.

Aims

The aim is to understand principles of computer forensics and the basic concepts used in a computer forensics examination; introduces techniques required for conducting a forensic analysis of systems and data.

Specification of controlled education, way of implementation and compensation for absences

Controlled activities include a project, computer exercises and the final exam. Missed labs will not be replaced.

Recommended optional programme components

Not applicable.

Prerequisites and corequisites

Not applicable.

Basic literature

Not applicable.

Recommended reading

Nipun Jaswal: Hands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools,  Packt Publishing, 2019. (EN)

Classification of course in study plans

  • Programme IT-MSC-2 Master's

    branch MMI , 0 year of study, summer semester, elective
    branch MBI , 0 year of study, summer semester, elective

  • Programme IT-MGR-1H Master's

    branch MGH , 0 year of study, summer semester, recommended course

  • Programme IT-MSC-2 Master's

    branch MSK , 0 year of study, summer semester, elective
    branch MMM , 0 year of study, summer semester, elective
    branch MBS , 0 year of study, summer semester, elective
    branch MPV , 0 year of study, summer semester, elective
    branch MIS , 0 year of study, summer semester, elective
    branch MIN , 0 year of study, summer semester, elective
    branch MGM , 0 year of study, summer semester, elective

  • Programme IT-MSC-2 Master's

    branch MGMe , 0 year of study, summer semester, compulsory-optional

  • Programme MITAI Master's

    specialization NBIO , 0 year of study, summer semester, elective
    specialization NSEN , 0 year of study, summer semester, elective
    specialization NVIZ , 0 year of study, summer semester, elective
    specialization NGRI , 0 year of study, summer semester, elective
    specialization NISD , 0 year of study, summer semester, elective
    specialization NSEC , 0 year of study, summer semester, elective
    specialization NCPS , 0 year of study, summer semester, elective
    specialization NHPC , 0 year of study, summer semester, elective
    specialization NNET , 0 year of study, summer semester, elective
    specialization NMAL , 0 year of study, summer semester, elective
    specialization NVER , 0 year of study, summer semester, elective
    specialization NIDE , 0 year of study, summer semester, elective
    specialization NEMB , 0 year of study, summer semester, elective
    specialization NSPE , 0 year of study, summer semester, elective
    specialization NADE , 0 year of study, summer semester, elective
    specialization NMAT , 0 year of study, summer semester, elective
    specialization NISY , 0 year of study, summer semester, elective

Type of course unit

 

Lecture

26 hod., optionally

Teacher / Lecturer

doc. Ing. Ondřej Ryšavý, Ph.D.
Ing. Radek Hranický, Ph.D.
Ing. Vladimír Veselý, Ph.D.
doc. Ing. Petr Matoušek, Ph.D., M.A.

Syllabus

  1. Introduction to Forensics Investigation
  2. Data Acquisition Tools and Methods
  3. Computer Forensics Tools
  4. Data Recovery, Filesystem Examination
  5. Data Analysis, Carving, Recovery Files
  6. OS Forensics: Windows, Mac OS, Linux
  7. Introduction to Mobile Forensics
  8. Mobile Forensics Data Acquisition and Analysis
  9. Network Traffic Capturing and Processing
  10. Network Data Analysis
  11. Network Device Forensics
  12. IoT Forensics
  13. Cryptocurrencies

Laboratory exercise

12 hod., compulsory

Teacher / Lecturer

doc. Ing. Ondřej Ryšavý, Ph.D.
doc. Ing. Petr Matoušek, Ph.D., M.A.
Ing. Vladimír Veselý, Ph.D.
Ing. Radek Hranický, Ph.D.

Syllabus

  1. Disk Imaging and Data Acquisition
  2. Digital Forensics using Autopsy
  3. Mobile data acquisition and analysis using MobilEdit
  4. Network Forensics using Wireshark
  5. Network Forensics: Flow and Log Analysis
  6. Digital Forensics of Cryptocurrencies

Project

14 hod., compulsory

Teacher / Lecturer

doc. Ing. Ondřej Ryšavý, Ph.D.
Ing. Radek Hranický, Ph.D.
doc. Ing. Petr Matoušek, Ph.D., M.A.
Ing. Vladimír Veselý, Ph.D.

Syllabus

Performing the investigation of the selected cases. Solving the cases and writing the report.