622.770 (19S) Digital Forensics Concepts
Überblick
- Lehrende/r
- LV-Titel englisch Digital Forensics Concepts
- LV-Art Vorlesung-Kurs (prüfungsimmanente LV )
- Semesterstunde/n 2.0
- ECTS-Anrechnungspunkte 4.0
- Anmeldungen 12 (30 max.)
- Organisationseinheit
- Unterrichtssprache Englisch
- mögliche Sprache/n der Leistungserbringung Englisch
- LV-Beginn 15.03.2019
- eLearning zum Moodle-Kurs
Zeit und Ort
LV-Beschreibung
Intendierte Lernergebnisse
This course aims to teach the basic concepts of Digital Forensics:
1. Searching digital evidence in a secondary storage medium,
2. Recovering deleted media (if it is not overwritten),
3. Learning the frequently used file systems: FAT, NTFS and Extn,
4. File system analysis for Digital Forensics,
5. Partition analysis for Digital Forensics,
6. Learning Sleuthkit, an open-source Digital Forensics tool.
Lehrmethodik inkl. Einsatz von eLearning-Tools
The lectures will be followed by practical applications where students will use Digital Forensics tools such as Sleuthkit. Low-volume media such as 4GB memory sticks (and access tools to them) will be used in the lab environment.
Kali and Ubuntu releases of Linux will be used as operating systems. They can be run “live” or in virtual machines.
Students will bring their own computers to the class so that they can work also at home. This will also provide flexibility for installing the required software.
Inhalt/e
Data acquisition for forensic analysis. Sector-level analysis of digital media. System vulnerabilities.
Volume analysis and file system analysis. File systems: FAT, NTFS and Extn. Using steganography tools.
Erwartete Vorkenntnisse
A working knowledge of Linux and number systems (decimal, hexadecimal and binary) are required.
Depending on the situation of the class, the first few hours may be used for teaching them.
Assessment:
• Midterm 25%
• Term Project 35%
• Final exam 40%
Literatur
• Carrier, B. (2005). File System Forensic Analysis, Addison Wesley Professional.
• Marcella, A.J., Menendez, D. (2008). Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, 2nd ed., Auerbach Publications.
Prüfungsinformationen
Beurteilungsschema
Note BenotungsschemaPosition im Curriculum
- Masterstudium Angewandte Informatik
(SKZ: 911, Version: 13W.1)
-
Fach: Information and System Security
(Wahlfach)
-
Ausgewählte Kapitel der Systemsicherheit (
2.0h VK / 4.0 ECTS)
- 622.770 Digital Forensics Concepts (2.0h VC / 4.0 ECTS)
-
Ausgewählte Kapitel der Systemsicherheit (
2.0h VK / 4.0 ECTS)
-
Fach: Information and System Security
(Wahlfach)
- Masterstudium Informationsmanagement
(SKZ: 922, Version: 13W.2)
-
Fach: Informations- und IT- Management
(Pflichtfach)
-
3.8 Current Topics in Information Management (
2.0h SE/VC/KS / 4.0 ECTS)
- 622.770 Digital Forensics Concepts (2.0h VC / 4.0 ECTS)
-
3.8 Current Topics in Information Management (
2.0h SE/VC/KS / 4.0 ECTS)
-
Fach: Informations- und IT- Management
(Pflichtfach)
- Masterstudium Information and Communications Engineering (ICE)
(SKZ: 488, Version: 15W.1)
-
Fach: Technical Complements (NC, ASR)
(Wahlfach)
-
Wahl aus dem LV-Katalog (Anhang 5) (
0.0h VK, VO, KU / 12.0 ECTS)
- 622.770 Digital Forensics Concepts (2.0h VC / 4.0 ECTS)
-
Wahl aus dem LV-Katalog (Anhang 5) (
0.0h VK, VO, KU / 12.0 ECTS)
-
Fach: Technical Complements (NC, ASR)
(Wahlfach)
- Masterstudium Information and Communications Engineering (ICE)
(SKZ: 488, Version: 15W.1)
-
Fach: Technical Complements (NC, ASR)
(Wahlfach)
-
Wahl aus dem LV-Katalog (Anhang 5) (
0.0h VK, VO, KU / 12.0 ECTS)
- 622.770 Digital Forensics Concepts (2.0h VC / 4.0 ECTS)
-
Wahl aus dem LV-Katalog (Anhang 5) (
0.0h VK, VO, KU / 12.0 ECTS)
-
Fach: Technical Complements (NC, ASR)
(Wahlfach)