Course - Introduction Digital Forensics - IMT4114
IMT4114 - Introduction Digital Forensics
About
New from the academic year 2016/2017
Examination arrangement
Examination arrangement: Written exam and Project work
Grade: Letters
Evaluation | Weighting | Duration | Grade deviation | Examination aids |
---|---|---|---|---|
Project work | 1/2 | |||
Written examiniation | 1/2 | 3 timer |
Course content
Digital investigations, stakeholders and their roles
Digital evidence, e.g. acquisition, admissibility, authenticity
Chain of custody, evidence integrity and forensic soundness
File and live system forensics
Timeline analysis
Forensic reconstructions
Internet and network forensics
Automation and forensic tools
Reporting and presenting evidence
Expert witness and cyber crime law
Computational forensics
Forensic readiness
Advanced topics if time permits
Learning outcome
Knowledge
:
Digital Forensics methodology with a solid understanding of requirements for handling digital evidence
Requirements and impact on maintaining evidence integrity and chain of custody
Principles, procedures, and the basic concepts of forensic standards and best practices, e.g. forensic tool testing
The overall process for establishment and maintenance of a digital forensic lab environment
The role of expert witnesses and digital evidence in the context of legal proceedings
The role of policies, standards and guidelines for controls and is capable of applying his/her knowledge in case studies
Legal, privacy and ethical aspects of digital forensics investigations.
Skills
:
Forensic acquisition of digital evidence from computer and network media
Live system forensics and evaluation of order of volatility
Evidence analysis with timeline analysis and forensic reconstruction
Scientific documentation of forensic acquisition and analysis
Applying forensic principles on practical case-studies
Performing stakeholder analysis, risk assessment and forensic triage on limited case-studies
Evaluating the applicability of forensic methods and tools for various controls given a certain scope and policy for the control
General competence
:
Capability of analyzing business, legal, ethical and case-specific requirements for planning and conducting a digital forensics investigation
Understanding of forensic analysis and incident response processes
Working independently and familiarity with digital forensics terminology
Capability of discussing professional problems such as documentation, decision making processes, implementation plans, operations, reviews and corrective actions, with forensic experts, IT specialists and general managers
Learning skills to continue acquiring new knowledge and skills in a largely self-directed manner
Ability to contribute to innovative thinking and innovation processes
Learning methods and activities
Forelesninger|Gruppearbeid|Lab.øvelser|Nettbasert Læring|Nettstøttet læring|Prosjektarbeid
Utfyllende informasjon:
The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through the university¿s learning management system.
Obligatoriske arbeidskrav:
The students are required to follow/attend the lab work sessions and complete all required hand-ins. (The lab sessions will be made available to remote students electronically).Groupwise oral presentation of project work must be approved.
Compulsory assignments
- Coursework Requirements
Further on evaluation
Utfyllende om kontinuasjon:
For the final written exam: Ordinary re-sit examination in August.
Vurderingsformer:
An average where project work counts for 50%, and final written exam counts for 50% of the grade according to the recommended averaging process.Both parts must be passed.
Specific conditions
Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)
Course materials
Course book/papers/supplementary materials, such as; Digital Forensics, André Årnes ed., lecture and other presentation materials and selected papers.
Credit reductions
Course code | Reduction | From | To |
---|---|---|---|
IMT3551 | 5.0 | ||
IMT4012 | 5.0 |
No
Version: 1
Credits:
7.5 SP
Study level: Second degree level
Term no.: 1
Teaching semester: AUTUMN 2016
Language of instruction: English
-
- Information Security
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Written exam and Project work
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
- Autumn ORD Project work 1/2
-
Room Building Number of candidates - Autumn ORD Written examiniation 1/2 2016-12-16 10:00
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"