Course - Digital Forensics - IMT3551
IMT3551 - Digital Forensics
About
Examination arrangement
Examination arrangement: Written exam and Project work
Grade: Letters
| Evaluation | Weighting | Duration | Grade deviation | Examination aids |
|---|---|---|---|---|
| Project work | 1/2 | |||
| Written examination | 1/2 | 3 timer |
Course content
- Digital investigations and evidence
- Chain of custody and forensic soundness
- Timeline analysis
- Live system forensics
- File system forensics
- Forensic reconstructions
- Internet and network forensics
- Cybercrime law
- Advanced topics if time permits
Learning outcome
Forensic science is the application of science and technology to investigate and establish facts of interest in relation to criminal or civil law. The course digital forensics will introduce students to forensic science, as applied to digital evidence. This area has become an integral aspect of information security, and knowledge of the preservation and processing of digital evidence is becoming an essential skill for information security professionals.Students are able to explain the fundamental principles of digital forensics. The students are able to survey a digital crime scene and to acquire, analyze and present digital evidence in a forensically sound manner. The students are further expected to be able to scientifically document theoretical and experimental results related to forensic investigations, and to evaluate the validity of evidence presented by another party. The course is research-based, with emphasis on the application of scientific publications in practical forensic analysis. After completion of the course, the student shall demonstrate the following competency:
Knowledge
- Digital Forensics methodology with a solid understanding of requirements for handling digital evidence, with an emphasis on evidence integrity and chain of custody
- The students will develop a knowledge of the main publication channels in digital forensics, and selected academic papers are included in the curriculum.
Skills
- Forensic acquisition of digital evidence from computer and network media
- Live system forensics and evaluation of order of volatility
- Evidence analysis with timeline analysis and forensic reconstruction
- Scientific documentation of forensic acquisition and analysis
General Competency
- Legal aspects of cyber crime and cyber crime investigations
- The role of expert witnesses and digital evidence in the context of legal proceedings
- The relationship between digital forensics and incident handling in the context of information security
Learning methods and activities
Forelesninger|Lab.øvelser|Prosjektarbeid
Utfyllende informasjon:
The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC¿s learning management system (ClassFronter).
Obligatoriske arbeidskrav:
Will be announced later
Further on evaluation
Utfyllende om kontinuasjon:
For the final exam: Ordinary re-sit examnination.
Vurderingsformer:
An average where project work counts for 50%, and final written exam counts for 50% of the grade according to the recommended averaging process.Both parts must be passed.
Specific conditions
Admission to a programme of study is required:
Drift av nettverk og datasystemer (BDR)
Informasjonssikkerhet (BIS)
Information Security (MIS)
Information Security (MISD)
Required previous knowledge
The following courses or equivalent background is required:
- IMT2282- Operativsystemer
- IMT2431- Datakommunikasjon og nettverkssikkerhet
Course materials
Textbook will be announced at course start
Presentation material and 5 selected academic papers
Credit reductions
| Course code | Reduction | From | To |
|---|---|---|---|
| IMT3004 | 3.7 | ||
| IMT4114 | 5.0 |
No
Version: 1
Credits:
5.0 SP
Study level: Third-year courses, level III
Term no.: 1
Teaching semester: AUTUMN 2016
Language of instruction: English
-
- Information Security
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Written exam and Project work
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
- Autumn ORD Project work 1/2
-
Room Building Number of candidates - Autumn ORD Written examination 1/2 2016-12-16 10:00
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"