Salta al contenuto principale della pagina

DIGITAL FORENSICS

CODE 101812
ACADEMIC YEAR 2021/2022
CREDITS 6 credits during the 1st year of 10852 COMPUTER SCIENCE (LM-18) GENOVA
SCIENTIFIC DISCIPLINARY SECTOR INF/01
LANGUAGE English
TEACHING LOCATION GENOVA (COMPUTER SCIENCE )
SEMESTER 2° Semester
TEACHING MATERIALS AULAWEB

OVERVIEW

This course introduces students to applying forensic science principles and practices for collecting, examining, analyzing and presenting digital evidence. The course includes selected topics from digital forensics and information technology domains. It utilizes lectures, assignments and programming projects to illustrate these topics. We will explore these topics through the use of various open-source and commercial forensic tools.

AIMS AND CONTENT

LEARNING OUTCOMES

Learning how to conduct digital investigations, following the standard process involving identification, acquisition, storage, and analysis of digital evidence.

AIMS AND LEARNING OUTCOMES

By the end of this course students should be able to:

  • Understand and describe how forensic science is applied to the cyber realm
  • Identify and describe various sources of digital evidence
  • Know how to acquire digital evidence from hard drives and mobile devices
  • Understand file systems and artifacts
  • Conduct forensic analysis of both disk images and mobile devices
  • Identify and describe basic legal principles regarding digital forensics

PREREQUISITES

Some familiarity with both Windows and Linux.

TEACHING METHODS

Class lectures and hands-on assignments ("homework")

SYLLABUS/CONTENT

  • Digital Forensics Domains
  • Digital Forensics and Digital Evidence definition
  • ISO Standards
  • Digital Forensics Process (Identification, Preservation, Handling, Collection, Acquisition, Preservation, Analysis)
  • Chain of Custody
  • Forensic Aquisition
  • Write blocking
  • ATA Standard
  • Hashing
  • Forensics formats (DD, E01)
  • Partitioning
  • File SystemsFAT and NTFS)
  • The SleuthKit
  • Image Mounting
  • Windows Forensics
  • Windows registry
  • LNK/Jumplists/Shellbags
  • USB Device Analysis
  • Windows Events
  • Mobile Forensics: definition, challenges and guidelines
  • Introduction to Android and iOS Forensics
  • Introduction to Memory Analysis

RECOMMENDED READING/BIBLIOGRAPHY

Support material and recommended bibliography will be available on AulaWeb.

TEACHERS AND EXAM BOARD

Exam Board

MATTIA EPIFANI (President)

GIOVANNI LAGORIO

FRANCESCO PICASSO (President Substitute)

LESSONS

Class schedule

All class schedules are posted on the EasyAcademy portal.

EXAMS

EXAM DESCRIPTION

Oral exam, where both theory and hands-on projects, assigned during the course, will be discussed.

ASSESSMENT METHODS

The oral examination aims to verify students' actual knowledge, concepts, and theoretical notions covered during the course and their ability to apply these notions to specific contexts.
Moreover, the ability to critically re-elaborate the acquired knowledge, the correct application of the models discussed during the course and the formulation of personal reflections, if any, adequately reasoned and motivated, will be considered preferential.

Exam schedule

Date Time Location Type Notes
27/06/2022 09:00 GENOVA Esame su appuntamento
12/09/2022 09:00 GENOVA Esame su appuntamento