622.770 (19S) Digital Forensics Concepts

to moodle

Sommersemester 2019

Registration deadline has expired.

First course session
15.03.2019 10:00 - 12:00 On Campus

... no further dates known

Overview

Lecturer

Sen. Scientist Dr. Melih Kirlidog

Course title german

Digital Forensics Concepts

Type

Lecture - Course (continuous assessment course )

Hours per Week

2.0

ECTS credits

4.0

Registrations

12 (30 max.)

Organisational unit

Institut für Artificial Intelligence und Cybersecurity

Language of instruction

English

possible language(s) of the assessment

English

Course begins on

15.03.2019

eLearning

Go to Moodle course

Time and place

List of events is loading...

Course Information

English

Intended learning outcomes

This course aims to teach the basic concepts of Digital Forensics:

1. Searching digital evidence in a secondary storage medium,

2. Recovering deleted media (if it is not overwritten),

3. Learning the frequently used file systems: FAT, NTFS and Extn,

4. File system analysis for Digital Forensics,

5. Partition analysis for Digital Forensics,

6. Learning Sleuthkit, an open-source Digital Forensics tool.

Teaching methodology including the use of eLearning tools

The lectures will be followed by practical applications where students will use Digital Forensics tools such as Sleuthkit. Low-volume media such as 4GB memory sticks (and access tools to them) will be used in the lab environment.

Kali and Ubuntu releases of Linux will be used as operating systems. They can be run “live” or in virtual machines.

Students will bring their own computers to the class so that they can work also at home. This will also provide flexibility for installing the required software.

Course content

Data acquisition for forensic analysis. Sector-level analysis of digital media. System vulnerabilities.

Volume analysis and file system analysis. File systems: FAT, NTFS and Extn. Using steganography tools.

Prior knowledge expected

A working knowledge of Linux and number systems (decimal, hexadecimal and binary) are required.

Depending on the situation of the class, the first few hours may be used for teaching them.

Assessment:
• Midterm 25%
• Term Project 35%
• Final exam 40%

Literature

• Carrier, B. (2005). File System Forensic Analysis, Addison Wesley Professional.

• Marcella, A.J., Menendez, D. (2008). Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, 2nd ed., Auerbach Publications.

Examination information

Im Fall von online durchgeführten Prüfungen sind die Standards zu beachten, die die technischen Geräte der Studierenden erfüllen müssen, um an diesen Prüfungen teilnehmen zu können.

Grading scheme

Grade / Grade grading scheme

Position in the curriculum

Master's degree programme Applied Informatics (SKZ: 911, Version: 13W.1)
- Subject: Information and System Security (Compulsory elective)
  - Ausgewählte Kapitel der Systemsicherheit ( 2.0h VK / 4.0 ECTS)
    - 622.770 Digital Forensics Concepts (2.0h VC / 4.0 ECTS)

Master's degree programme Information Management (SKZ: 922, Version: 13W.2)
- Subject: Informations- und IT- Management (Compulsory subject)
  - 3.8 Current Topics in Information Management ( 2.0h SE/VC/KS / 4.0 ECTS)
    - 622.770 Digital Forensics Concepts (2.0h VC / 4.0 ECTS)

Masterstudium Information and Communications Engineering (ICE) (SKZ: 488, Version: 15W.1)
- Subject: Technical Complements (NC, ASR) (Compulsory elective)
  - Wahl aus dem LV-Katalog (Anhang 5) ( 0.0h VK, VO, KU / 12.0 ECTS)
    - 622.770 Digital Forensics Concepts (2.0h VC / 4.0 ECTS)

Masterstudium Information and Communications Engineering (ICE) (SKZ: 488, Version: 15W.1)
- Subject: Technical Complements (NC, ASR) (Compulsory elective)
  - Wahl aus dem LV-Katalog (Anhang 5) ( 0.0h VK, VO, KU / 12.0 ECTS)
    - 622.770 Digital Forensics Concepts (2.0h VC / 4.0 ECTS)

Equivalent courses for counting the examination attempts

This course is not assigned to a sequence of equivalent courses