Digital Forensics I
2011-2012 - IMT4012 - 5 ECTS


BSc level basics in operating systems, data communication and network security.

Expected learning outcomes

Students are able to explain the fundamental principles of digital forensics. The students are able to survey a digital crime scene and to acquire, analyze and present digital evidence in a forensically sound manner. The students are further expected to be able to scientifically document theoretical and experimental results related to forensic investigations, and to evaluate the validity of evidence presented by another party.


  •  Digital investigations and evidence
  •  Chain of custody and forensic soundness
  •  Timeline analysis
  •  Live system forensics
  •  File system forensics
  •  Forensic reconstructions
  • Internet and network forensics
  • Cybercrime law
  •  Advanced topics if time permits

Teaching Methods

Laboratory work

Form(s) of Assessment


Form(s) of Assessment (additional text)

Project report (40%)

Final exam (3 hours) (40%)

Final presentation (20%)

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

External examiner

Re-sit examination

For the final exam: Ordinary re-sit examination.

Coursework Requirements


Teaching Materials

Dan Farmer and Wietse Venema: Forensic Discovery, Addison-Wesley, 2005 (ISBN 0-201-63497-x)

Presentation material and 8 selected papers

Additional information

Knowledge of Linux is an advantage.

In case there will be less than 5 students that will apply for the course, it will be at the discretion of the head of the study program whether the course will be offered or not an if yes, in which form.