Examination arrangement

Course content

Linux operating system, commands, and tools

Linux filesystem and forensic artifacts

Scripting and programming for investigators

Building own forensic toolkit applications

Forensic tool testing and quality assurance

Linux analysis and data recovery techniques

Investigation and forensic analysis

Law and ethics

Crime prevention policing

Learning outcome

Knowledge

After completing the course the candidate possesses knowledge of:

The importance of open source software in the investigation

New methods and techniques used in the investigation

Legal and ethical issues

Automation of techniques

The benefit of being able to customize the tool in relation to specific challenges

 Skills

After completing the course the candidate can:

Utilize the potential of tools written in open source

Master command interpreters

Assess tools for adapting to different situations

Develop Open source tools for efficient investigation within the rule of law

Understand scripts written by others and adapt them to your context

Validate proprietary and open tools

 General Competence

After completing the course the candidate can:

Emerge with greater insight and confidence in the professional role

Show personal responsibility for tasks in the investigation of electronic tracking

Identify and evaluate ethical dilemmas in work performance

See a record in a bigger prevention and investigation purposes

Learning methods and activities

Forelesninger|Nettbasert Læring|Obligatoriske oppgaver|Annet

Utfyllende informasjon:

Lectures and exercises delivered by PHS, through PHS´s digital learning system (It´s Learning/PingPong)Other: Independent studyThe course will be made accessible for remote students. It is organized as a web-based, online course where students can choose their own study time and follow their progress. The program is estimated to be approx. 280 hours.In the course student-centered learning activities on the internet are emphasized, including 10 online, on-demand lectures and the use of a virtual computer lab. The learning activities shall contribute to the learning outcome of the students, and in particular emphasize the relationship between theory and practice.In this course, students will build their forensic toolkit from scratch, which also takes place in a virtual environment. Throughout the course students will construct their forensic toolkit gradually and end with a complete machine that is specially adapted to needs of a digital forensic investigator. Students will be guided through the various required steps in the process.A distributed online learning platform at NTNU and the Norwegian Police University College is used in the administration and implementation of the course.

Obligatoriske arbeidskrav:

The following course requirements must be met and approved before students can take the exam:

Up to three tests related to specific topics

Compulsory assignments

• Coursework Requirements

Further on evaluation

Utfyllende om kontinuasjon:

At the discression of PHS.A new computer installation must be provided and the examination must be re-sat.

Vurderingsformer:

Assessment consists of two parts, pass decision is on cumulative grade of both parts:

Individual home exam over 8 hours (50%)

Assessment of the student configuration of its own laptop computer (50%)

Both parts must be passed.

Specific conditions

Recommended previous knowledge

NCFI2 or similar, see admisson criteria for MISEB studyprogram, courses delivered by PHS

Course materials

The following textbooks are the primary material in the course curriculum.

Altheide, C. & Carvey, H. (2011). Digital Forensics with Open Source Tools. Waltham, MA: Syngress

Cameron, N. (2005). Learning the bash Shell: Unix Shell Programming. Sebastopol: O'Reilly Media