Course details

Digital Forensics (in English)

DFAa Acad. year 2023/2024 Summer semester 5 credits

Current academic year

The course focuses on the role of computer forensics and the methods used in the investigation of computer crimes. The course explains the need for proper investigation and illustrates the process of locating, handling, and processing computer evidence. A detailed explanation of how to efficiently manage a forensics investigation and how to preserve and present evidence is covered.

Guarantor

Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)

Course coordinator

Matoušek Petr, doc. Ing., Ph.D., M.A. (DIFS)

Language of instruction

English

Completion

Examination (written+oral)

Time span

  • 26 hrs lectures
  • 13 hrs laboratories
  • 13 hrs projects

Assessment points

  • 55 pts final exam (written part)
  • 30 pts numeric exercises
  • 15 pts projects

Department

Department of Information Systems (UIFS)

Lecturer

Hranický Radek, Ing., Ph.D. (DIFS)
Mutua Nelson Makau, M.Sc. (DIFS)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)

Instructor

Hranický Radek, Ing., Ph.D. (DIFS)
Mutua Nelson Makau, M.Sc. (DIFS)
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS)

Learning objectives

The aim is to understand principles of computer forensics and the basic concepts used in a computer forensics examination; introduces techniques required for conducting a forensic analysis of systems and data.


Student acquaints basic concepts and principles of computer forensics and skills in a computer forensic examination.

Why is the course taught

The course prepares students for the possible role of cyber attack investigator or forensic analyst within security teams.

Prerequisite knowledge and skills

Basic knowledge of operating systems, storage media, networks, and the ability to create simple programs.

Study literature

  • Nipun Jaswal: Hands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools,  Packt Publishing, 2019.
  • Bruce Nikkel , Practical Linux Forensics, No Starch Press, 2021

Fundamental literature

  • Daren Hayes, Practical Guide to Digital Forensics Investigations, Pearson IT Certification; 2nd edition, 2020.
  • Gerard Johansen: Digital Forensics and Incident Response: Incident response techniques and procedures to respond to modern cyber threats, Packt Publishing; 2nd edition, 2020

Syllabus of lectures

  1. Investigation Techniques
  2. Data Acquisition
  3. Data Recovery and Analysis
  4. Windows System Forensics
  5. Microsoft 365 Forensics
  6. Web Browser Forensics
  7. Events and Logs
  8. Network Forensics
  9. Encryption Traffic Analysis
  10. Memory Forensics
  11. Malware Analysis
  12. Password Recovery
  13. Case Study

 

Syllabus of laboratory exercises

Hands-on activities in the following areas:

  1. Investigation Techniques Basics
  2. Data Acquisition
  3. Data Recovery and Analysis
  4. Windows System Forensics
  5. Microsoft 365 Forensics
  6. Web Browser Forensics
  7. Events and Logs
  8. Network Forensics
  9. Encryption Traffic Analysis
  10. Memory Forensics
  11. Malware Analysis
  12. Password Recovery
  13. Case Study

Syllabus - others, projects and individual work of students

Performing the investigation of the selected cases. Solving the cases and writing the report.

Progress assessment

  • Project (15 points).
  • Hands-on labs (30 points). Missed labs can only be replaced if there is a serious obstacle in the study. 
  • Final exam (55 points). Minimum of 20 points of the final exam is necessary to pass the course.

 

Controlled activities include the project (15 points), hands-on labs (30 points), and the final exam (55 points). Missed labs can only be replaced if there is a serious obstacle in the study. 

Exam prerequisites

 

How to contact the teacher

As part of face-to-face activities. Possibilities of individual consultations during the teacher's consultation hours or at other times by appointment.

Course inclusion in study plans

Back to top