J012 Digital Forensics

Faculty of Informatics
Autumn 2020
Extent and Intensity
1/1/0. 2 credit(s) (plus extra credits for completion). Type of Completion: zk (examination).
Taught online.
Teacher(s)
Ing. Marián Svetlík (lecturer), doc. RNDr. Tomáš Pitner, Ph.D. (deputy)
RNDr. Petr Velan, Ph.D. (lecturer)
RNDr. Milan Čermák, Ph.D. (lecturer)
Radmila Čermáková (assistant)
Guaranteed by
doc. RNDr. Tomáš Pitner, Ph.D.
Department of Computer Systems and Communications - Faculty of Informatics
Timetable of Seminar Groups
J012/DigitalForensics: each odd Thursday 10:00–13:50 C525; and Fri 9. 10. 12:00–15:50 B311, Fri 20. 11. 12:00–15:50 B311, Fri 18. 12. 12:00–15:50 B311, Fri 8. 1. 12:00–15:50 B311, M. Svetlík
J012/NetworkForensics: Thu 14:00–15:50 S108, M. Čermák, P. Velan
Prerequisites
  • Digital Forensics (see Course objectives) – None
  • Network Forensics (see Course objectives) – ( PB156 Computer Networks && PV004 UNIX ) || SOUHLAS
  • Course Enrolment Limitations
    The course is offered to students of any study field.
    The capacity limit for the course is 24 student(s).
    Current registration and enrolment status: enrolled: 6/24, only registered: 0/24, only registered with preference (fields directly associated with the programme): 0/24
    Course objectives
    In the autumn 2020 semester, the course is specialized in the following areas:
  • Digital Forensics – The aim of the course is to provide: Basic overview of the role and position of the Digital Forensics in the area of cybersecurity as well as in criminal investigation. Basic overview of the methods and procedures used in the process of the digital evidence identification and analysis.
  • Network Forensics – The course teaches students to monitor network traffic using raw packet capture and network flows. Students will be able to analyze obtained data to detect malicious behavior and network attacks. They will learn how to explore unknown networks and their services and assess their vulnerabilities. (This seminar will be taught regularly each week in the Czech language.)
  • Learning outcomes
  • Digital Forensics – At the end of the course, the students will be able: to understand the specifics of Digital Forensics methods and processes, to assess quality and competency of outsourced digital forensic services, to implement elementary procedures of digital forensic analysis independently, especially to work as a digital forensics first responders.
  • Network Forensics – At the end of the course, the students will be able to: capture and analyze network traffic, understand network flow monitoring and be able to deploy it on a network, analyze flow records and extract information related to events and incidents in the monitored network, understand network attacks and their detection in traffic, analyze unknown network infrastructure and gain information about potential vulnerabilities.
  • Syllabus
    • Digital Forensics – Digital Forensics in Cybersecurity; Digital Forensics in a criminal investigation; Digital traces and digital evidence, their properties Digital evidence documentation principles; Typical sources of the digital traces; Digital evidence handling; Digital evidence gathering and protection; Process of the digital forensics examination; Digital Forensics Laboratory - building and managing; Digital Forensics - certification and accreditation; Electronic Evidence in Czech and European context
    • Network Forensics – Introduction to network forensics; Host-side artifacts; Packet capture and analysis; Network flow capture and analysis; Encrypted and tunneled traffic; Network attacks and anomalies; Intrusion detection systems; Firewall and application logs; Network scanning; Advanced network data analysis
    Literature
    • Arnes, A., Digital Forensics, John Wiley & Sons, 2018, ISBN 9781119262381
    • PORADA, Viktor. Kriminalistika : technické, forenzní a kybernetické aspekty. 2. aktualizované a rozší. Plzeň: Vydavatelství a nakladatelství Aleš Čeněk, 2019. 1205 stran. ISBN 9788073807412. info
    • STRAUS, Jiří and Viktor PORADA. Teorie, metody a metodologie kriminalistiky. Plzeň: Vydavatelství a nakladatelství Aleš Čeněk, 2017. 417 stran. ISBN 9788073806668. info
    • MESSIER, Ric. Network forensics. Indianapolis, IN: Wiley, 2017. xxiv, 331. ISBN 9781119328285. info
    Teaching methods
  • Digital Forensics – Lectures, Case studies and seminars, Assignment (homework)
  • Network Forensics – Hands-on seminars and homework assignments
  • Assessment methods
  • Digital Forensics – Written exam (40p.) Seminars assignments (30p.) Home work (30p.)
  • Network Forensics – Homework assignments during the semester (at least 60 % of all marks). Exam: practical assignment and discussion.
  • Language of instruction
    English
    Further Comments
    Study Materials
    The course is taught only once.
    Listed among pre-requisites of other courses
    The course is also listed under the following terms Autumn 2019.
    • Enrolment Statistics (recent)
    • Permalink: https://is.muni.cz/course/fi/autumn2020/J012