|
|
Module code: KI601 |
|
2P (2 hours per week) |
3 |
Semester: according to optional course list |
Mandatory course: no |
Language of instruction:
German |
Assessment:
Project work
[updated 26.02.2018]
|
KI601 (P221-0084) Computer Science and Communication Systems, Bachelor, ASPO 01.10.2014
, optional course, technical
KIB-ITFP Computer Science and Communication Systems, Bachelor, ASPO 01.10.2021
, semester 6, optional course, technical
KIB-ITFP Computer Science and Communication Systems, Bachelor, ASPO 01.10.2022
, semester 6, optional course, technical
PIBWI66 (P221-0084) Applied Informatics, Bachelor, ASPO 01.10.2011
, optional course, informatics specific
PIB-ITFP Applied Informatics, Bachelor, ASPO 01.10.2022
, semester 4, optional course, informatics specific
|
30 class hours (= 22.5 clock hours) over a 15-week period. The total student study time is 90 hours (equivalent to 3 ECTS credits). There are therefore 67.5 hours available for class preparation and follow-up work and exam preparation.
|
Recommended prerequisites (modules):
None.
|
Recommended as prerequisite for:
|
Module coordinator:
Prof. Dr. Damian Weber |
Lecturer: Prof. Dr. Damian Weber
[updated 11.02.2015]
|
Learning outcomes:
After successfully completing this course, students will be able to secure justiciable evidence in the event of an IT security incident. In particular, they will be capable of tracing manipulative operations at the operating system level. This will enable them to uncover digital traces of electronic transactions or data transfers, even if they were rendered unusable for purposes of deception.
[updated 26.02.2018]
|
Module content:
1. General information about the field Tools Literature 2. Introduction Definition of terms Motivation for authorities Motivation for companies 3. Principles of IT forensics Procedure model Digital traces Volatile data Interpreting data Interpreting time stamps 4. File system basics Hard disks, partitioning, file systems Unix file management 5. File system analysis Creating a file system image Analyzing a file system image Deleted files File carving 6. Analyzing a compromised system Process handling Rootkits
[updated 26.02.2018]
|
Recommended or required reading:
Forensic Discovery. (Addison-Wesley Professional Computing) (hard cover) by Daniel Farmer (author), Wietse Venema (author) http://www.amazon.de/Forensic-Discovery-Addison-Wesley-Professional-Computing/dp/020163497X File System Forensic Analysis. (soft cover) by Brian Carrier (author) http://www.amazon.de/System-Forensic-Analysis-Brian-Carrier/dp/0321268172
[updated 26.02.2018]
|
Module offered in:
SS 2016,
SS 2015
|