htw saar Piktogramm
Back to Main Page

Choose Module Version:


IT Forensics Practical Course

Module name (EN): IT Forensics Practical Course
Degree programme: Applied Informatics, Bachelor, ASPO 01.10.2017
Module code: PIB-ITFP
Hours per semester week / Teaching method: 2P (2 hours per week)
ECTS credits: 3
Semester: 4
Mandatory course: no
Language of instruction:
Project work

[updated 26.02.2018]
Applicability / Curricular relevance:
KI601 (P221-0084) Computer Science and Communication Systems, Bachelor, ASPO 01.10.2014, optional course, technical
KIB-ITFP Computer Science and Communication Systems, Bachelor, ASPO 01.10.2017, semester 6, optional course, technical
PIBWI66 (P221-0084) Applied Informatics, Bachelor, ASPO 01.10.2011, optional course, informatics specific
PIB-ITFP Applied Informatics, Bachelor, ASPO 01.10.2017, semester 4, optional course, informatics specific
30 class hours (= 22.5 clock hours) over a 15-week period.
The total student study time is 90 hours (equivalent to 3 ECTS credits).
There are therefore 67.5 hours available for class preparation and follow-up work and exam preparation.
Recommended prerequisites (modules):
Recommended as prerequisite for:
Module coordinator:
Prof. Dr. Damian Weber
Lecturer: Prof. Dr. Damian Weber

[updated 10.11.2016]
Learning outcomes:
After successfully completing this course, students will be able to secure justiciable evidence in the event of an IT security incident. In particular, they will be capable of tracing manipulative operations at the operating system level. This will enable them to uncover digital traces of electronic transactions or data transfers, even if they were rendered unusable for purposes of deception.

[updated 26.02.2018]
Module content:
1. General information about the field
2. Introduction
    Definition of terms
    Motivation for authorities
    Motivation for companies
3. Principles of IT forensics
    Procedure model
    Digital traces
    Volatile data
    Interpreting data
    Interpreting time stamps
4. File system basics
    Hard disks, partitioning, file systems
    Unix file management
5. File system analysis
    Creating a file system image
    Analyzing a file system image
    Deleted files
    File carving
6. Analyzing a compromised system
    Process handling

[updated 26.02.2018]
Recommended or required reading:
Forensic Discovery. (Addison-Wesley Professional Computing) (hard cover)
by Daniel Farmer (author), Wietse Venema (author)
File System Forensic Analysis. (soft cover) by Brian Carrier (author)

[updated 26.02.2018]
[Thu Aug 18 16:11:17 CEST 2022, CKEY=kip, BKEY=pi2, CID=PIB-ITFP, LANGUAGE=en, DATE=18.08.2022]