IMT4114 - Introduction to Digital Forensics


Examination arrangement

Examination arrangement: Aggregate grade
Grade: Letter grades

Evaluation Weighting Duration Grade deviation Examination aids
Group report 49/100
Written exam 51/100 3 hours E

Course content

- Digital investigations, stakeholders and their roles - Digital evidence, e.g. acquisition, admissibility, authenticity - Chain of custody, evidence integrity and forensic soundness - File and live system forensics - Timeline analysis - Forensic reconstructions - Internet and network forensics - Automation and forensic tools - Reporting and presenting evidence - Expert witness and cyber crime law - Computational forensics - Forensic readiness - Advanced topics if time permits

Learning outcome

Knowledge: - Digital Forensics methodology with a solid understanding of requirements for handling digital evidence - Requirements and impact on maintaining evidence integrity and chain of custody - Principles, procedures, and the basic concepts of forensic standards and best practices, e.g. forensic tool testing - The overall process for establishment and maintenance of a digital forensic lab environment - The role of expert witnesses and digital evidence in the context of legal proceedings - The part of policies, standards and guidelines for controls and is capable of applying their knowledge in case studies - Legal, privacy and ethical aspects of digital forensics investigations.

Skills: - Forensic acquisition of digital evidence from a computer and network media - Live system forensics and evaluation of order of volatility - Evidence analysis with timeline analysis and forensic reconstruction - Scientific documentation of forensic acquisition and analysis - Applying forensic principles on practical case studies - Performing stakeholder analysis, risk assessment and forensic triage on limited case-studies - Evaluating the applicability of forensic methods and tools for various controls given a specific scope and policy for the control

General competence: - Capability of analyzing business, legal, ethical and case-specific requirements for planning and conducting a digital forensics investigation - Understanding of forensic analysis and incident response processes - Working independently and familiarity with digital forensics terminology - Capability of discussing professional problems such as documentation, decision-making processes, implementation plans, operations, reviews and corrective actions, with forensic experts, IT specialists and general managers - Learning skills to continue acquiring new knowledge and skills in a largely self-directed manner - Ability to contribute to innovative thinking and innovation processes

Learning methods and activities

- Lectures - Group work - Lab work

Additional information:

  • This course is on campus Gjøvik and lectures (incl. lab) will be accessible for off-campus/remote students via live-streaming. We will record lectures for offline viewing. Lecture recordings and course/lecture material will be available via electronic learning management systems. Each student is free to choose the educational arrangement that best suits their requirement.
  • Students are expected to participate in the group work actively.
  • Group-wise project deliveries and oral presentations of selected papers must be approved for the group work as a whole to be approved.
  • Group projects and remote teaching assistance are guiding on demand.

Further on evaluation

Re-sit: - Ordinary re-sit examination for the written exam in August. - Group work is only possible the next time the course is running.

Forms of assessment: - You must pass group-wise deliveries and presentations for the whole group work to pass. - The final grade is an average of the group work and written exam. The group work and the written exam count for 49% and 51%, respectively. - You must pass (i.e. E grade or higher) both examination and group work to receive a final grade. - You can complete group work and written exam in different semesters.

Specific conditions

Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)

Course materials


  • Årnes, André, ed. Digital forensics. John Wiley & Sons, 2017.

Other conferences/journal papers, lectures, and other supplementary materials are available via electronic learning management systems.

Credit reductions

Course code Reduction From To
IMT4012 5.0 AUTUMN 2017
IMT3551 5.0 AUTUMN 2017
More on the course



Version: 1
Credits:  7.5 SP
Study level: Second degree level


Term no.: 1
Teaching semester:  AUTUMN 2023

Language of instruction: English

Location: Gjøvik

Subject area(s)
  • Information Security
Contact information


Examination arrangement: Aggregate grade

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Autumn ORD Written exam 51/100 E 2023-12-15 15:00 INSPERA
Room Building Number of candidates
SL310 Sluppenvegen 14 7
M433-Eksamensrom 4.etg Mustad, Inngang A 80
Autumn ORD Group report 49/100





Room Building Number of candidates
Summer UTS Written exam 51/100 E INSPERA
Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU