Digital forensic

2022/2023
Programme:
Computer Science and Mathematics, Second Cycle
Year:
1 in 2 year
Semester:
second
Kind:
optional
ECTS:
6
Language:
slovenian, english
Lecturers:

Andrej Brodnik

Hours per week – 2. semester:
Lectures
3
Seminar
0
Tutorial
2
Lab
0
Content (Syllabus outline)

Introduction and legal basis:
introduction
digital evidence and computer crime
technology and legal framework: European perspective, North American perspective
investigating procedure and reconstruction
modus operandi, motifs and technology
a digital evidence and a court of law
Computers:
basics: operation, data representation, file systems, encryption
forensic science and computers: authorization, recognition, documentation, collecting and saving data, investigation and analysis, reconstruction
forensic analysis of Windows systems: file system, collecting data from the computer, registry, logs, traces of files, network access, programs
forensic analysis of Unix systems: file system, collecting data from the computer, registry, logs, traces of files, network access, programs
forensic analysis of Mac computers: file system, collecting data from the computer, registry, logs, traces of files, network access, programs
forensic analysis of palm computers: memory, Palm OS, Windows CE, RIM Blackberry, mobile phones
Networks:
basics: layers and their services with protocols
forensic science and networks: recognition, documentation, collecting and saving data, data filtering and event matching
digital evidences on a physical layer
digital evidences on a link layer
digital evidences on a network layer
digital evidences in Internet: web, e-mail, chats, use of Internet as an investigation tool
Investigation of a computer crime:
intrusion and reconstruction
sexual crimes
harassment
digital evidence as an alibi

Readings

a) Digital Evidence and Computer Crime, Second Edition, Eoghan Casey, Academic Press (2004), ISBN-10: 0121631044, ISBN-13: 978-0121631048
b) Cyber Crime: The Investigation, Prosecution and Defense of a Computer-Related Crime. 2nd Edition. Edited by Clifford, R., Carolina Academic Press, ISBN 159460150X
c) Computer Forensics: Incident Response Essentials, Kruse, W., &, Heiser, J, Addison Wesley, ISBN 201707195

Objectives and competences

Student learns how to use knowledge and skills of Computer Science in forensic procedures.

Intended learning outcomes

After the successful completion of the course the student will be able to:

  • understand basic terms in forensic science,
  • explain details of computer systems, and
  • combine knowledge from both areas.
Learning and teaching methods

Lectures, exercises, lab work, assignments, seminars, consulting.

Assessment

Continuing (homework, midterm exams, project work)
Final (written and oral exam)
grading: 5 (fail), 6-10 (pass) (according to the Statute of UL)

Lecturer's references

Pet najpomembnejših del:
BRODNIK, Andrej, IACONO, John. Unit-time predecessor queries on massive data sets. Lect. notes comput. sci., part 1, str. 133-144. [COBISS-SI-ID 8178260]
BRODNIK, Andrej, GRGUROVIČ, Marko. Speeding up shortest path algorithms. V: 23rd international symposium, 23rd international symposium, ISAAC 2012, (Lecture notes in computer science, ISSN 0302-9743, 7676), 2012, str. 156-165. [COBISS-SI-ID 1024498772]
TRČEK, Denis, BRODNIK, Andrej. Hard and soft security provisioning for computationally weak pervasive computing systems in e-health. IEEE wireless communications, ISSN 1536-1284. [Print ed.], Aug. 2013, vol. 20, no. 4. [COBISS-SI-ID 10091092]
BRODAL, Gerth Stølting, BRODNIK, Andrej, DAVOODI, Pooya. The encoding complexity of two dimensional range minimum data structures. 21st Annual European Symposium: proceedings, (Lecture notes in computer science, ISSN 0302-9743, Theoretical computer science and general issues, 8125). [COBISS-SI-ID 10148692]
KRIŽAJ, Dejan, BRODNIK, Andrej, BUKOVEC, Boris. A tool for measurement of innovation newness and adoption in tourism firms. International journal of tourism research, ISSN 1522-1970, 2014, vol. 16, no. 2, str. 113-125. [COBISS-SI-ID 1500126]
Celotna bibliografija je dostopna na SICRISu: http://sicris.izum.si/search/rsr.aspx?lang=slv&,id=5281.