Course - Introduction to Digital Forensics - IMT4114
IMT4114 - Introduction to Digital Forensics
About
Examination arrangement
Examination arrangement: Aggregate grade
Grade: Letter grades
Evaluation | Weighting | Duration | Grade deviation | Examination aids |
---|---|---|---|---|
Group report | 49/100 | |||
Written exam | 51/100 | 3 hours | E |
Course content
- Digital investigations, stakeholders and their roles - Digital evidence, e.g. acquisition, admissibility, authenticity - Chain of custody, evidence integrity and forensic soundness - File and live system forensics - Timeline analysis - Forensic reconstructions - Internet and network forensics - Automation and forensic tools - Reporting and presenting evidence - Expert witness and cyber crime law - Computational forensics - Forensic readiness - Advanced topics if time permits
Learning outcome
Knowledge: - Digital Forensics methodology with a solid understanding of requirements for handling digital evidence - Requirements and impact on maintaining evidence integrity and chain of custody - Principles, procedures, and the basic concepts of forensic standards and best practices, e.g. forensic tool testing - The overall process for establishment and maintenance of a digital forensic lab environment - The role of expert witnesses and digital evidence in the context of legal proceedings - The part of policies, standards and guidelines for controls and is capable of applying their knowledge in case studies - Legal, privacy and ethical aspects of digital forensics investigations.
Skills: - Forensic acquisition of digital evidence from a computer and network media - Live system forensics and evaluation of order of volatility - Evidence analysis with timeline analysis and forensic reconstruction - Scientific documentation of forensic acquisition and analysis - Applying forensic principles on practical case studies - Performing stakeholder analysis, risk assessment and forensic triage on limited case-studies - Evaluating the applicability of forensic methods and tools for various controls given a specific scope and policy for the control
General competence: - Capability of analyzing business, legal, ethical and case-specific requirements for planning and conducting a digital forensics investigation - Understanding of forensic analysis and incident response processes - Working independently and familiarity with digital forensics terminology - Capability of discussing professional problems such as documentation, decision-making processes, implementation plans, operations, reviews and corrective actions, with forensic experts, IT specialists and general managers - Learning skills to continue acquiring new knowledge and skills in a largely self-directed manner - Ability to contribute to innovative thinking and innovation processes
Learning methods and activities
- Lectures - Group work - Lab work
Additional information:
- This course is on campus Gjøvik and lectures (incl. lab) will be accessible for off-campus/remote students via live-streaming. We will record lectures for offline viewing. Lecture recordings and course/lecture material will be available via electronic learning management systems. Each student is free to choose the educational arrangement that best suits their requirement.
- Students are expected to participate in the group work actively.
- Group-wise project deliveries and oral presentations of selected papers must be approved for the group work as a whole to be approved.
- Group projects and remote teaching assistance are guiding on demand.
Further on evaluation
Re-sit: - Ordinary re-sit examination for the written exam in August. - Group work is only possible the next time the course is running.
Forms of assessment: - You must pass group-wise deliveries and presentations for the whole group work to pass. - The final grade is an average of the group work and written exam. The group work and the written exam count for 49% and 51%, respectively. - You must pass (i.e. E grade or higher) both examination and group work to receive a final grade. - You can complete group work and written exam in different semesters.
Specific conditions
Admission to a programme of study is required:
Information Security (MIS)
Information Security (MISD)
Information Security (MISEB)
Course materials
Coursebook
- Årnes, André, ed. Digital forensics. John Wiley & Sons, 2017.
Other conferences/journal papers, lectures, and other supplementary materials are available via electronic learning management systems.
Credit reductions
Course code | Reduction | From | To |
---|---|---|---|
IMT4012 | 5.0 | AUTUMN 2017 | |
IMT3551 | 5.0 | AUTUMN 2017 |
No
Version: 1
Credits:
7.5 SP
Study level: Second degree level
Term no.: 1
Teaching semester: AUTUMN 2023
Language of instruction: English
Location: Gjøvik
- Information Security
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Aggregate grade
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
- Autumn ORD Written exam 51/100 E 2023-12-15 15:00 INSPERA
-
Room Building Number of candidates SL310 Sluppenvegen 14 7 M433-Eksamensrom 4.etg Mustad, Inngang A 80 -
Autumn
ORD
Group report
49/100
Release
2023-11-13Submission
2023-11-24
12:00
INSPERA
13:00 -
Room Building Number of candidates - Summer UTS Written exam 51/100 E INSPERA
-
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"