IMT4114 - Introduction Digital Forensics

About

New from the academic year 2016/2017

Examination arrangement

Examination arrangement: Written exam and Project work
Grade: Letters

Evaluation form Weighting Duration Examination aids Grade deviation
Written examination 1/2 3 hours
Assignment 1/2

Course content

Digital investigations, stakeholders and their roles

Digital evidence, e.g. acquisition, admissibility, authenticity

Chain of custody, evidence integrity and forensic soundness

File and live system forensics

Timeline analysis

Forensic reconstructions

Internet and network forensics

Automation and forensic tools

Reporting and presenting evidence

Expert witness and cyber crime law

Computational forensics

Forensic readiness

Advanced topics if time permits

Learning outcome

Knowledge
:

Digital Forensics methodology with a solid understanding of requirements for handling digital evidence

Requirements and impact on maintaining evidence integrity and chain of custody

Principles, procedures, and the basic concepts of forensic standards and best practices, e.g. forensic tool testing

The overall process for establishment and maintenance of a digital forensic lab environment

The role of expert witnesses and digital evidence in the context of legal proceedings

The role of policies, standards and guidelines for controls and is capable of applying his/her knowledge in case studies

Legal, privacy and ethical aspects of digital forensics investigations.

Skills
:

Forensic acquisition of digital evidence from computer and network media

Live system forensics and evaluation of order of volatility

Evidence analysis with timeline analysis and forensic reconstruction

Scientific documentation of forensic acquisition and analysis

Applying forensic principles on practical case-studies

Performing stakeholder analysis, risk assessment and forensic triage on limited case-studies

Evaluating the applicability of forensic methods and tools for various controls given a certain scope and policy for the control

General competence
:

Capability of analyzing business, legal, ethical and case-specific requirements for planning and conducting a digital forensics investigation

Understanding of forensic analysis and incident response processes

Working independently and familiarity with digital forensics terminology

Capability of discussing professional problems such as documentation, decision making processes, implementation plans, operations, reviews and corrective actions, with forensic experts, IT specialists and general managers

Learning skills to continue acquiring new knowledge and skills in a largely self-directed manner

Ability to contribute to innovative thinking and innovation processes

Learning methods and activities

Forelesninger|Gruppearbeid|Lab.øvelser|Nettbasert Læring|Nettstøttet læring|Prosjektarbeid

Utfyllende informasjon:

The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through the university¿s learning management system.

Obligatoriske arbeidskrav:

The students are required to follow/attend the lab work sessions and complete all required hand-ins. (The lab sessions will be made available to remote students electronically).Groupwise oral presentation of project work must be approved.

Compulsory assignments

  • Coursework Requirements

Further on evaluation

Utfyllende om kontinuasjon:

For the final written exam: Ordinary re-sit examination in August.

Vurderingsformer:

An average where project work counts for 50%, and final written exam counts for 50% of the grade according to the recommended averaging process.Both parts must be passed.

Specific conditions

Exam registration requires that class registration is approved in the same semester. Compulsory activities from previous semester may be approved by the department.

Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)

Course materials

Course book/papers/supplementary materials, such as; Digital Forensics, André Årnes ed., lecture and other presentation materials and selected papers.

Credit reductions

Course code Reduction From To
IMT3551 5.0 2017-09-01
IMT4012 5.0 2017-09-01

Timetable

Detailed timetable

Examination

Examination arrangement: Written exam and Project work

Term Statuskode Evaluation form Weighting Examination aids Date Time Room *
Autumn ORD Assignment 1/2
Autumn ORD Written examination 1/2 2016-12-16 10:00 K2 , A153, 1.etg. A-bygg , A154, 1.etg. A-bygg , A061, eksamensrom U-etg. A-bygg , Trondheim , Tyskland
  • * The location (room) for a written examination is published 3 days before examination date.
If more than one room is listed, you will find your room at Studentweb.