Course details

Digital Forensics (in English)

DFAa Acad. year 2019/2020 Summer semester 5 credits

The course focuses on the role of computer forensics and the methods used in the investigation of computer crimes. The course explains the need for proper investigation and illustrates the process of locating, handling, and processing computer evidence. A detailed explanation of how to efficiently manage a forensics investigation and how to preserve and present evidence is covered.

Guarantor

Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)

Course coordinator

Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)

Language of instruction

English

Completion

Examination (written+oral)

Time span

26 hrs lectures
12 hrs laboratories
14 hrs projects

Assessment points

55 pts final exam (written part)
30 pts numeric exercises
15 pts projects

Department

Department of Information Systems (UIFS)

Lecturer

Hranický Radek, Ing., Ph.D. (DIFS)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)
Veselý Vladimír, Ing., Ph.D. (DIFS)

Instructor

Hranický Radek, Ing., Ph.D. (DIFS)
Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)
Veselý Vladimír, Ing., Ph.D. (DIFS)

Subject specific learning outcomes and competences

Student acquaints basic concepts and principles of computer forensics and skills in a computer forensic examination.

Learning objectives

The aim is to understand principles of computer forensics and the basic concepts used in a computer forensics examination; introduces techniques required for conducting a forensic analysis of systems and data.

Why is the course taught

The course prepares the student for a possible role of cyber attack investigator or forensic analyst within security teams.

Prerequisite knowledge and skills

Basic knowledge of operating systems, storage media, networking and ability to write simple scripts.

Study literature

Nipun Jaswal: Hands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools, Packt Publishing, 2019.

Syllabus of lectures

Introduction to Forensics Investigation
Data Acquisition Tools and Methods
Computer Forensics Tools
Data Recovery, Filesystem Examination
Data Analysis, Carving, Recovery Files
OS Forensics: Windows, Mac OS, Linux
Introduction to Mobile Forensics
Mobile Forensics Data Acquisition and Analysis
Network Traffic Capturing and Processing
Network Data Analysis
Network Device Forensics
IoT Forensics
Cryptocurrencies

Syllabus of laboratory exercises

Disk Imaging and Data Acquisition
Digital Forensics using Autopsy
Mobile data acquisition and analysis using MobilEdit
Network Forensics using Wireshark
Network Forensics: Flow and Log Analysis
Digital Forensics of Cryptocurrencies

Syllabus - others, projects and individual work of students

Performing the investigation of the selected cases. Solving the cases and writing the report.

Progress assessment

Earning at least 20 points during the term is required.
Minimum of 20 points of the final exam is necessary to pass the course.

Controlled instruction

Controlled activities include a project, computer exercises and the final exam. Missed labs will not be replaced.

Exam prerequisites

Earning at least 20 points during the term is required.
Minimum of 20 points of the final exam is necessary to pass the course.

Course inclusion in study plans

Programme IT-MGR-2, field MBI, MBS, MGM, MIN, MIS, MMI, MMM, MPV, MSK, any year of study, Elective
Programme IT-MGR-2 (in English), field MGMe, any year of study, Compulsory-Elective
Programme MITAI, field NADE, NBIO, NCPS, NEMB, NGRI, NHPC, NIDE, NISD, NISY, NMAL, NMAT, NNET, NSEC, NSEN, NSPE, NVER, NVIZ, any year of study, Elective