htw saar Piktogramm QR-encoded URL
Back to Main Page Choose Module Version:
XML-Code

flag

IT Forensics Practical Course

Module name (EN):
Name of module in study programme. It should be precise and clear.
IT Forensics Practical Course
Degree programme:
Study Programme with validity of corresponding study regulations containing this module.
Computer Science and Communication Systems, Bachelor, ASPO 01.10.2014
Module code: KI601
SAP-Submodule-No.:
The exam administration creates a SAP-Submodule-No for every exam type in every module. The SAP-Submodule-No is equal for the same module in different study programs.
P221-0084
Hours per semester week / Teaching method:
The count of hours per week is a combination of lecture (V for German Vorlesung), exercise (U for Übung), practice (P) oder project (PA). For example a course of the form 2V+2U has 2 hours of lecture and 2 hours of exercise per week.
2P (2 hours per week)
ECTS credits:
European Credit Transfer System. Points for successful completion of a course. Each ECTS point represents a workload of 30 hours.
3
Semester: according to optional course list
Mandatory course: no
Language of instruction:
German
Assessment:
Project work

[updated 26.02.2018]
Applicability / Curricular relevance:
All study programs (with year of the version of study regulations) containing the course.

KI601 (P221-0084) Computer Science and Communication Systems, Bachelor, ASPO 01.10.2014 , optional course, technical
KIB-ITFP Computer Science and Communication Systems, Bachelor, ASPO 01.10.2021 , semester 6, optional course, technical
KIB-ITFP Computer Science and Communication Systems, Bachelor, ASPO 01.10.2022 , semester 6, optional course, technical
PIBWI66 (P221-0084) Applied Informatics, Bachelor, ASPO 01.10.2011 , optional course, informatics specific
PIB-ITFP Applied Informatics, Bachelor, ASPO 01.10.2022 , semester 4, optional course, informatics specific
Workload:
Workload of student for successfully completing the course. Each ECTS credit represents 30 working hours. These are the combined effort of face-to-face time, post-processing the subject of the lecture, exercises and preparation for the exam.

The total workload is distributed on the semester (01.04.-30.09. during the summer term, 01.10.-31.03. during the winter term).
30 class hours (= 22.5 clock hours) over a 15-week period.
The total student study time is 90 hours (equivalent to 3 ECTS credits).
There are therefore 67.5 hours available for class preparation and follow-up work and exam preparation.
Recommended prerequisites (modules):
None.
Recommended as prerequisite for:
Module coordinator:
Prof. Dr. Damian Weber
Lecturer: Prof. Dr. Damian Weber

[updated 11.02.2015]
Learning outcomes:
After successfully completing this course, students will be able to secure justiciable evidence in the event of an IT security incident. In particular, they will be capable of tracing manipulative operations at the operating system level. This will enable them to uncover digital traces of electronic transactions or data transfers, even if they were rendered unusable for purposes of deception.

[updated 26.02.2018]
Module content:
1. General information about the field
    Tools
    Literature
  
2. Introduction
    Definition of terms
    Motivation for authorities
    Motivation for companies
  
3. Principles of IT forensics
    Procedure model
    Digital traces
    Volatile data
    Interpreting data
    Interpreting time stamps
  
4. File system basics
    Hard disks, partitioning, file systems
    Unix file management
  
5. File system analysis
    Creating a file system image
    Analyzing a file system image
    Deleted files
    File carving
  
6. Analyzing a compromised system
    Process handling
    Rootkits

[updated 26.02.2018]
Recommended or required reading:
Forensic Discovery. (Addison-Wesley Professional Computing) (hard cover)
by Daniel Farmer (author), Wietse Venema (author)
http://www.amazon.de/Forensic-Discovery-Addison-Wesley-Professional-Computing/dp/020163497X
  
File System Forensic Analysis. (soft cover) by Brian Carrier (author)
http://www.amazon.de/System-Forensic-Analysis-Brian-Carrier/dp/0321268172
 

[updated 26.02.2018]
Module offered in:
SS 2016, SS 2015
[Sat Nov 23 10:49:42 CET 2024, CKEY=kip, BKEY=ki, CID=KI601, LANGUAGE=en, DATE=23.11.2024]