1. GUC
  2. Course catalogue
  3. Student handbook
  4. 2015-2016
  5. Courses
  6. Avdeling for informatikk og medieteknikk
  7. IMT4504-PHS Apple-device Forensics

Apple-device Forensics
2015-2016 - IMT4504-PHS - 10 ECTS

Expected learning outcomes

Knowledge

After completing the course the candidate possesses knowledge of:

  • Identification and proper handling of various Apple-based devices
  • Methods and techniques for locating relevant trace evidence
  • Legal and ethical issues

Skills

After completing the course the candidate can:

  • Identify various Apple devices
  • Evaluate and apply relevant methods, techniques and tools in all phases of investigation of electronic traces on Apple-based devices
  • Mastering the command line interface of the operating system
  • Identify and manage data and hardware that is locked
  • Advise on management of Apple-based devices

General Competency

After completing the course the candidate can:

  • Emerge with greater insight and confidence in the professional role
  • Show personal responsibility for tasks in the investigation of electronic evidence
  • Identify and evaluate ethical dilemmas in work performance
  • See digital forensics in a broader proactive and reactive context

Topic(s)

  • OSX and iOS artifacts
  • HFS+
  • Live forensics of Apple devices
  • Apple hardware artifacts
  • Ethical dilemmas
  • Crime prevention policing

Teaching Methods

Lectures
Exercises
Other

Teaching Methods (additional text)

Other (Independent study)

Other (Essay/Article writing)

The course will be made accessible for remote students. It is organized as a web-based, online course where students can choose their own start time and follow their progress. The program is estimated to be approx. 280 hours.

The teaching methods emphasis a student-centered learning via Internet, including 10 online, on-demand lectures and the use of a virtual computer lab. In this course, students will build their forensic toolkit from scratch, which also takes place in a virtual environment. The working methods of the course is intended to provide students with good learning outcomes, and in particular highlighted the link between theory and practice. The students will work on an essay/article that is part of the assessment.

A distributed online learning platform at Gjøvik University College and the Norwegian Police University College is used in the administration and implementation of the course.

Form(s) of Assessment

Other

Form(s) of Assessment (additional text)

The exam is oral and is a presentation with examination of one of the four assignments. The assignment is selected by the lecturer.

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluated by internal examiner.

Re-sit examination

A new term paper must be provided and the examination must be re-sat next semester.

Examination support

Dictionary

Coursework Requirements

The following course requirements must be met and approved before students can take the exam:

  • Up to four assignments related to specific topics

Teaching Materials

The following textbooks are part of the curriculum. Which pages in the books are to be studied as part of the curriculum is emphasized in each lesson. The reading will be limited to a maximum of 600 pages.

  • Taylor, D (2012): Learning Unix for OS X Mountain Lion: Going Deep With the Terminal and Shell: O'Reilly Media: ISBN-10: 1449332315 :ISBN-13: 978-1449332310. http://www.amazon.com/Learning-Unix-OS-Mountain-Lion/dp/1449332315/ref=sr_1_1?s=books&ie=UTF8&qid=1363720991&sr=1-1&keywords=mac+osx+unix
  • Hogg, A (2011): iPhone and iOS Forensics: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices: ISBN-10: 1597496596,  ISBN-13: 978-1597496599 , Edition: 1 http://www.amazon.com/iPhone-iOS-Forensics-Investigation-Analysis/dp/1597496596
  • Levin, J (2012): Mac OS X and iOS Internals: To the Apple's Core: ISBN-10: 1118057651: ISBN-13: 978-1118057650, Edition 1: http://www.amazon.com/Mac-OS-iOS-Internals-apples/dp/1118057651/ref=sr_1_1?ie=UTF 8&qid=1381431259&sr=8-1&keywords=mac+os+x+and+ios+internals

Additional information

This course is delivered by PHS (Politihøgskolen). The course is only available to students in the MISEB Study Programme (Experienced master in Information Security/Cybercrime).

To complete IMT4504-PHS Apple Dev.Forensics, the students must have a MAC at their disposal.