Expected learning outcomes
After successfully completing the course possesses detailed knowledge in digital forensics methodology, and has acquired skilled and general competences as follows:
- Digital Forensics methodology with a solid understanding of requirements for handling digital evidence
- Requirements and impact on maintaining evidence integrity and chain of custody
- Principles, procedures, and the basic concepts of forensic standards and best practices, e.g. forensic tool testing
- The overall process for establishment and maintenance of a digital forensic lab environment
- The role of expert witnesses and digital evidence in the context of legal proceedings
- The role of policies, standards and guidelines for controls and is capable of applying his/her knowledge in case studies
- Legal, privacy and ethical aspects of digital forensics investigations
- Forensic acquisition of digital evidence from computer and network media
- Live system forensics and evaluation of order of volatility
- Evidence analysis with timeline analysis and forensic reconstruction
- Scientific documentation of forensic acquisition and analysis
- Applying forensic principles on practical case-studies
- Performing stakeholder analysis, risk assessment and forensic triage on limited case-studies
- Evaluating the applicability of forensic methods and tools for various controls given a certain scope and policy for the control
- Capability of analyzing business, legal, ethical and case-specific requirements for planning and conducting a digital forensics investigation
- Understanding of forensic analysis and incident response processes
- Working independently and familiarity with digital forensics terminology
- Capability of discussing professional problems such as documentation, decision making processes, implementation plans, operations, reviews and corrective actions, with forensic experts, IT specialists and general managers
- Learning skills to continue acquiring new knowledge and skills in a largely self-directed manner
- Ability to contribute to innovative thinking and innovation processes
- Digital investigations, stakeholders and their roles
- Digital evidence, e.g. acquisition, admissibility, authenticity
- Chain of custody, evidence integrity and forensic soundness
- File and live system forensics
- Timeline analysis
- Forensic reconstructions
- Internet and network forensics
- Automation and forensic tools
- Reporting and presenting evidence
- Expert witness and cybercrime law
- Advanced topics if time permits
Teaching Methods (additional text)
- Project work
- Others (Essay/Article writing)
- Others (Independent study) !
The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (Fronter).
Form(s) of Assessment
Written exam, 3 hours
Evaluation of Project(s)
Form(s) of Assessment (additional text)
An overall evaluation based on a 100 point scale, where project work counts 40 points, oral presentation counts 20 points, and final exam (3 hours) counts 40 points. Conversion from 100 point scale to A-F scale according to recommended conversion table. In specific circumstances, the course responsible can slightly adjust the limits in the conversion table to enforce compatibility with the qualitative descriptions on the A-F scale.
Alphabetical Scale, A(best) – F (fail)
Evaluated by an internal examiner. An in addition an external examiner will be used within 4 years.
For the final written exam: Ordinary re-sit examination.
Announced at course start
Textbook will be announced at course start
Presentation material and 8 selected papers
The course is only available to students in the MISEB Study Programme (Experienced master in Information Security/Cybercrime).
This course (IMT4009) is equivalent to IMT4012 Digital Forencics 1.