Salta al contenuto principale della pagina

DIGITAL FORENSICS

CODE 101812
ACADEMIC YEAR 2022/2023
CREDITS
  • 6 cfu during the 1st year of 10852 COMPUTER SCIENCE (LM-18) - GENOVA
    		•
    SCIENTIFIC DISCIPLINARY SECTOR INF/01
    LANGUAGE English
    TEACHING LOCATION
  • GENOVA
    		•
    SEMESTER 2° Semester
    TEACHING MATERIALS AULAWEB

    OVERVIEW

    This course introduces students to applying forensic science principles and practices for collecting, examining, analyzing and presenting digital evidence. The course includes selected topics from digital forensics and information technology domains. It utilizes lectures, assignments and programming projects to illustrate these topics. We will explore these topics through the use of various open-source and commercial forensic tools.

    AIMS AND CONTENT

    LEARNING OUTCOMES

    Learning how to conduct digital investigations, following the standard process involving identification, acquisition, storage, and analysis of digital evidence.

    AIMS AND LEARNING OUTCOMES

    By the end of this course students should be able to:

    • Understand and describe how forensic science is applied to the cyber realm
    • Identify and describe various sources of digital evidence
    • Know how to acquire digital evidence from hard drives and mobile devices
    • Understand file systems and artifacts
    • Conduct forensic analysis of both disk images and mobile devices
    • Identify and describe basic legal principles regarding digital forensics

    PREREQUISITES

    Some familiarity with both Windows and Linux.

    TEACHING METHODS

    Class lectures and hands-on assignments ("homework")

    SYLLABUS/CONTENT

    • Digital Forensics Domains
    • Digital Forensics and Digital Evidence definition
    • ISO Standards
    • Digital Forensics Process (Identification, Preservation, Handling, Collection, Acquisition, Preservation, Analysis)
    • Chain of Custody
    • Forensic Aquisition
    • Write blocking
    • ATA Standard
    • Hashing
    • Forensics formats (DD, E01)
    • Partitioning
    • File SystemsFAT and NTFS)
    • The SleuthKit
    • Image Mounting
    • Windows Forensics
    • Windows registry
    • LNK/Jumplists/Shellbags
    • USB Device Analysis
    • Windows Events
    • Mobile Forensics: definition, challenges and guidelines
    • Introduction to Android and iOS Forensics
    • Introduction to Memory Analysis

    RECOMMENDED READING/BIBLIOGRAPHY

    Support material and recommended bibliography will be available on AulaWeb.

    TEACHERS AND EXAM BOARD

    Exam Board

    GIOVANNI LAGORIO (President)

    ENRICO RUSSO (President Substitute)

    LESSONS

    Class schedule

    All class schedules are posted on the EasyAcademy portal.

    EXAMS

    EXAM DESCRIPTION

    Oral exam, where both theory and hands-on projects, assigned during the course, will be discussed.

    ASSESSMENT METHODS

    The oral examination aims to verify students' actual knowledge, concepts, and theoretical notions covered during the course and their ability to apply these notions to specific contexts.
    Moreover, the ability to critically re-elaborate the acquired knowledge, the correct application of the models discussed during the course and the formulation of personal reflections, if any, adequately reasoned and motivated, will be considered preferential.

    Exam schedule

    Date Time Location Type Notes
    30/06/2023 09:00 GENOVA Esame su appuntamento
    08/09/2023 09:00 GENOVA Esame su appuntamento
    02/02/2024 09:00 GENOVA Esame su appuntamento