Semester 2 / ECTS Credits: 5 ECTS

Course Description:

The main objective of this course is to give basic knowledge about computer forensics, the technical foundations of computer forensics and the principles and practices of computer investigation. Students will gain comprehensive knowledge of the topic covered with the computer forensics theories and practice.

Throughout this course students will learn different techniques and procedures that enable them to perform a computer investigation and explain the technical issues of preparing for and performing digital forensic analysis based on the investigator’s position and duty.

The objective of this course is to emphasize the importance of computer forensics, and to prepare students to conduct a computer investigation in an organized and systematic way. Students will learn best practices for general computer forensics with the tools and techniques to perform a full computer forensic investigation.

Learning Outcomes:

  1. Collect evidence from the crime scene
  2. Conduct computer analysis
  3. Identify and analyze encrypted data
  4. Create reports on the computer’s digital forensic investigation
  5. Creating forensic copies of your computer
  6. Use tools to store and analyze digital evidence
  7. Knowing the procedures for storing data from your computer

Course content lectures:

  1. Introduction to Digital Forensics (key components, Principles, Digital Forensics Division)
  2. Parts of the computer (components and architecture)
  3. Digital evidence (sources and types)
  4. Place of investigation
  5. Procedures with a computer turned off or on
  6. Documenting all devices
  7. Copies of all record holders
  8. Packaging and storing of all components
  9. Documenting all steps
  10. Number system and Computers:
  11. Data storage
  12. Disk structure (physical and logical)
  13. Working memory
  14. Computer Boot Processes
  15. File System Basics
  16. FAT File System
  17. NTFS File System
  18. Other file systems
  19. Files and their forensic characteristics
  20. Recover deleted files and data carving
  21. Complex files
  22. Hash function
  23. Acquisition and verification of evidence
  24. Encryption
  25. Artifacts in the Windows operating system
  26. Internet artifacts
  27. Electronic mail and El. Communications artifacts
  28. Digital Forensics and upcoming technologies
  29. Create a report