IMT4114 - Introduction Digital Forensics


Examination arrangement

Examination arrangement: Written exam and Project work
Grade: Letters

Evaluation form Weighting Duration Examination aids Grade deviation
Written examination 1/2 3 hours E
Assignment 1/2

Course content

-Digital investigations, stakeholders and their roles
-Digital evidence, e.g. acquisition, admissibility, authenticity
-Chain of custody, evidence integrity and forensic soundness
-File and live system forensics
-Timeline analysis
-Forensic reconstructions
-Internet and network forensics
-Automation and forensic tools
-Reporting and presenting evidence
-Expert witness and cyber crime law
-Computational forensics
-Forensic readiness
-Advanced topics if time permits

Learning outcome

-Digital Forensics methodology with a solid understanding of requirements for handling digital evidence
-Requirements and impact on maintaining evidence integrity and chain of custody
-Principles, procedures, and the basic concepts of forensic standards and best practices, e.g. forensic tool testing
-The overall process for establishment and maintenance of a digital forensic lab environment
-The role of expert witnesses and digital evidence in the context of legal proceedings
-The role of policies, standards and guidelines for controls and is capable of applying his/her knowledge in case studies
-Legal, privacy and ethical aspects of digital forensics investigations.

-Forensic acquisition of digital evidence from computer and network media
-Live system forensics and evaluation of order of volatility
-Evidence analysis with timeline analysis and forensic reconstruction
-Scientific documentation of forensic acquisition and analysis
-Applying forensic principles on practical case-studies
-Performing stakeholder analysis, risk assessment and forensic triage on limited case-studies
-Evaluating the applicability of forensic methods and tools for various controls given a certain scope and policy for the control

General competence:
-Capability of analyzing business, legal, ethical and case-specific requirements for planning and conducting a digital forensics investigation
-Understanding of forensic analysis and incident response processes
-Working independently and familiarity with digital forensics terminology
-Capability of discussing professional problems such as documentation, decision making processes, implementation plans, operations, reviews and corrective actions, with forensic experts, IT specialists and general managers
-Learning skills to continue acquiring new knowledge and skills in a largely self-directed manner
-Ability to contribute to innovative thinking and innovation processes

Learning methods and activities

-Group work
-Lab work
-Project work

Additional information:
-The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through the university's learning management system.
-The students should to follow/attend the lab work sessions and complete all required hand-ins. (The lab sessions will be made available to remote students electronically).Groupwise oral presentation of project work must be approved for the project work as a whole to be approved.

Coursework requirements:
-None for sitting the written exam.

Compulsory assignments

  • Coursework Requirements

Further on evaluation

-For the final written exam: Ordinary re-sit examination in August.

Forms of assessment:
-An average where project work counts for 50%, and final written exam counts for 50% of the grade according to the recommended averaging process.Both parts must be passed.

Specific conditions

Exam registration requires that class registration is approved in the same semester. Compulsory activities from previous semester may be approved by the department.

Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)

Course materials

Course book/papers/supplementary materials, such as; Digital Forensics, André Årnes ed., lecture and other presentation materials and selected papers.

Credit reductions

Course code Reduction From To
IMT3551 5.0 2017-09-01
IMT4012 5.0 2017-09-01


Detailed timetable


Examination arrangement: Written exam and Project work

Term Statuskode Evaluation form Weighting Examination aids Date Time Room *
Autumn ORD Assignment 1/2
Autumn ORD Written examination 1/2 E 2017-12-15 14:00 A153, 1.etg. , A154, 1.etg. , A254, 2.etg. , A061, eksamensrom U-etg. A-bygg , H3 Rom 511
  • * The location (room) for a written examination is published 3 days before examination date.
If more than one room is listed, you will find your room at Studentweb.