Digital Forensics (4 Credits)

This is a PhD course given at the Department of Computer Science at Karlstad University in Sweden.

Course Responsible

Stefan Lindskog

Email: stefan.lindskog@kau.se

Aim and Scope

The aim of the course is to study state-of-the-art techniques for digital forensics analysis. Both host-based and network-based techniques will be covered in the course.

Prerequisites

The specific prerequisites are knowledge about operating systems, computer networks, and computer or network security.

Course Modules

The course is roughly divided into the following three modules:

• File system forensics (2 Credits)
• Networked-based forensics (1 Credit)
• Forensics analysis (1 Credit)

Literature

• B. Carrier. File System Forensics Analysis. Addison-Wesley, Upper Saddle River, NJ, USA, 2005.
  
  
• M. Karresand and N. Shahmehri. Oscar – File Type Identification of Binary Data in Disk Clusters and RAM Pages. In Proceedings of IFIP TC-11 International Information Security Conference (IFIP/SEC 2006), Volume 21, Pages 413-424, Karlstad, Sweden, 2006. Springer, New York, NY, USA.
  
  
• M. Karresand and N. Shahmehri. Oscar – Using Byte Pairs to Find File Type and Camera Make of Data Fragments. In Proceedings of the Annual Workshop on Digital Forensics and Incident Analysis, Volume 1, Pages 85-94, Pontypridd, Wales, UK, 2006. Springer-Verlag, London, UK.
  
  
• H. Berghel and D. Hoelzer. “Disk Wiping By Any Other Name: What does a disk wiper wipe when a disk wiper does wipe disks?”. Communication of the ACM 49(8):17-21, August 2006.
  
  
• K. J. Jones, R. Bejtlich, and C. W. Rose. Real Digital Forensics: Computer Security and incident Response. Addison-Wesley, Upper Saddle River, NJ, USA, 2006.

Schedule

• Preliminary schedule

Examination

• Responsible for one seminar
• Participation in at least 80% of the meetings
• Active participation in the discussions

Course Plan

• Course plan as PDF