course-details-portlet

IMT4114 - Introduction to Digital Forensics

About

Examination arrangement

Examination arrangement: Assignment and written examination
Grade: Letters

Evaluation Weighting Duration Grade deviation Examination aids
Written examination 51/100 3 hours ORDBOK
Approved report 49/100

Course content

- Digital investigations, stakeholders and their roles - Digital evidence, e.g. acquisition, admissibility, authenticity - Chain of custody, evidence integrity and forensic soundness - File and live system forensics - Timeline analysis - Forensic reconstructions - Internet and network forensics - Automation and forensic tools - Reporting and presenting evidence - Expert witness and cyber crime law - Computational forensics - Forensic readiness - Advanced topics if time permits

Learning outcome

Knowledge: - Digital Forensics methodology with a solid understanding of requirements for handling digital evidence - Requirements and impact on maintaining evidence integrity and chain of custody - Principles, procedures, and the basic concepts of forensic standards and best practices, e.g. forensic tool testing - The overall process for establishment and maintenance of a digital forensic lab environment - The role of expert witnesses and digital evidence in the context of legal proceedings - The role of policies, standards and guidelines for controls and is capable of applying his/her knowledge in case studies - Legal, privacy and ethical aspects of digital forensics investigations.

Skills: - Forensic acquisition of digital evidence from computer and network media - Live system forensics and evaluation of order of volatility - Evidence analysis with timeline analysis and forensic reconstruction - Scientific documentation of forensic acquisition and analysis - Applying forensic principles on practical case-studies - Performing stakeholder analysis, risk assessment and forensic triage on limited case-studies - Evaluating the applicability of forensic methods and tools for various controls given a certain scope and policy for the control

General competence: - Capability of analyzing business, legal, ethical and case-specific requirements for planning and conducting a digital forensics investigation - Understanding of forensic analysis and incident response processes - Working independently and familiarity with digital forensics terminology - Capability of discussing professional problems such as documentation, decision making processes, implementation plans, operations, reviews and corrective actions, with forensic experts, IT specialists and general managers - Learning skills to continue acquiring new knowledge and skills in a largely self-directed manner - Ability to contribute to innovative thinking and innovation processes

Learning methods and activities

- Lectures - Group work - Lab work - E-learning - Project work

Additional information:

  • This course is given on campus Gjøvik and will be accessible for off-campus/remote students. The lectures will be live-streamed and made available as a recording for offline viewing through the university's learning management system. Each student is free to choose the pedagogic arrangement that best suits her/his own requirement. More information about this course will be provided on the first lecture and in our learning management systems.
  • Students should follow/attend the lab work sessions and complete all required hand-ins. The lab sessions will be live-streamed to remote students and be made available as recordings for offline viewing. More information about the lab sessions will be provided closer to its planned schedule.
  • Group-wise oral presentation of selected paper and project work must be approved for the group/project work as a whole to be approved.
  • Group projects, exercises and remote teaching assistance are guiding on demand.

Coursework requirements: - None for sitting the written exam.

Compulsory assignments

  • Coursework Requirements

Further on evaluation

Re-sit: - Ordinary re-sit examination in August for the final written exam. Depending on the number of students the re-sit examination can be changed to oral exam.

Forms of assessment: - A group-wise oral presentation of a selected paper and project must be passed for the whole group/project work to pass. - The final grade is an average of the project work and written exam, they count for 49% and 51% respectively, according to the recommended averaging process. Both parts must be completed to receive a final grade. - The final written exam through Inspera

Specific conditions

Compulsory activities from previous semester may be approved by the department.

Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)

Course materials

Course book (Digital Forensics, André Årnes ed.), lectures, other presentations/supplementary materials and selected papers.

Credit reductions

Course code Reduction From To
IMT4012 5.0 01.09.2017
IMT3551 5.0 01.09.2017
More on the course

No

Facts

Version: 1
Credits:  7.5 SP
Study level: Second degree level

Coursework

Term no.: 1
Teaching semester:  AUTUMN 2021

Language of instruction: English

Location: Gjøvik

Subject area(s)
  • Information Security
Contact information
Course coordinator: Lecturer(s):

Department with academic responsibility
Department of Information Security and Communication Technology

Examination

Examination arrangement: Assignment and written examination

Term Status code Evaluation Weighting Examination aids Date Time Digital exam Room *
Autumn ORD Written examination 51/100 ORDBOK INSPERA
Room Building Number of candidates
Autumn ORD Approved report 49/100 INSPERA
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
Examination

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU