htw saar
Back to Main Page

Choose Module Version:

flag

IT Forensics

Module name (EN): IT Forensics
Degree programme: Computer Science and Communication Systems, Bachelor, ASPO 01.10.2017
Module code: KIB-ITF
Hours per semester week / Teaching method: 1V+1P (2 hours per week)
ECTS credits: 2
Semester: 5
Mandatory course: no
Language of instruction:
German
Assessment:
Successful participation in the tutorial, oral examination
Curricular relevance:
DFBI-344 Computer Science and Web Engineering, Bachelor, ASPO 01.10.2018, semester 6, optional course, informatics specific
KI690 Computer Science and Communication Systems, Bachelor, ASPO 01.10.2014, semester 5, optional course, technical
KIB-ITF Computer Science and Communication Systems, Bachelor, ASPO 01.10.2017, semester 5, optional course, technical
PIBWI54 Applied Informatics, Bachelor, ASPO 01.10.2011, semester 5, optional course, informatics specific
PIB-ITF Applied Informatics, Bachelor, ASPO 01.10.2017, semester 5, optional course, informatics specific
Workload:
30 class hours (= 22.5 clock hours) over a 15-week period.
The total student study time is 60 hours (equivalent to 2 ECTS credits).
There are therefore 37.5 hours available for class preparation and follow-up work and exam preparation.
Recommended prerequisites (modules):
None.
Recommended as prerequisite for:
Module coordinator:
Prof. Dr. Damian Weber
Lecturer:
Thorsten Wacker, M.Sc.


[updated 31.10.2017]
Learning outcomes:
After successfully completing this course, students will be able to use the system properties of an IT system to secure evidence that can be used in court after an IT security incident. To this end, they will apply best practices, compare the advantages and disadvantages, isolate problems that arise and investigate the usability of the secured data. They will be capable of interpreting the collected data and presenting the results convincingly to an independent authority.

[updated 26.02.2018]
Module content:
1. General information about the field
    Tools
    Literature
 
2. Introduction
    Definition of terms
    Motivation for authorities
    Motivation for companies
 
3. Principles of IT forensics
    Procedure model
    Digital traces
    Volatile data
    Interpreting data
    Interpreting time stamps
 
4. File system basics
    Hard disks, partitioning, file systems
    Unix file management
 
 
5. File system analysis
    Creating a file system image
    Analyzing a file system image
    Deleted files
    File carving
 
6. Analyzing a compromised system
    Process handling
    RAM
    Rootkits


[updated 26.02.2018]
Recommended or required reading:
Forensic Discovery. (Addison-Wesley Professional Computing) (hard cover)
by Daniel Farmer (author), Wietse Venema (author)
http://www.amazon.de/Forensic-Discovery-Addison-Wesley-Professional-Computing/dp/020163497X
 
File System Forensic Analysis. (soft cover) by Brian Carrier (author)
http://www.amazon.de/System-Forensic-Analysis-Brian-Carrier/dp/0321268172
 


[updated 26.02.2018]
Module offered in:
WS 2020/21 (probably)
[Sat Jul 11 13:27:13 CEST 2020, CKEY=ki, BKEY=ki2, CID=KIB-ITF, LANGUAGE=en, DATE=11.07.2020]