|
|
Module code: KIB-ITF |
1V+1P (2 hours per week) |
2 |
Semester: 5 |
Mandatory course: no |
Language of instruction:
German |
Assessment:
Successful participation in the tutorial, oral examination
[updated 26.02.2018]
|
DFBI-344 (P610-0200) Computer Science and Web Engineering, Bachelor, ASPO 01.10.2018
, semester 6, optional course, informatics specific
KI690 (P221-0083) Computer Science and Communication Systems, Bachelor, ASPO 01.10.2014
, semester 5, optional course, technical
KIB-ITF Computer Science and Communication Systems, Bachelor, ASPO 01.10.2021
, semester 5, optional course, technical
KIB-ITF Computer Science and Communication Systems, Bachelor, ASPO 01.10.2022
, semester 5, optional course, technical
PIBWI54 (P221-0083) Applied Informatics, Bachelor, ASPO 01.10.2011
, semester 5, optional course, informatics specific
PIB-ITF Applied Informatics, Bachelor, ASPO 01.10.2022
, semester 5, optional course, informatics specific
PRI-ITF Production Informatics, Bachelor, SO 01.10.2023
, semester 5, optional course, informatics specific
|
30 class hours (= 22.5 clock hours) over a 15-week period. The total student study time is 60 hours (equivalent to 2 ECTS credits). There are therefore 37.5 hours available for class preparation and follow-up work and exam preparation.
|
Recommended prerequisites (modules):
None.
|
Recommended as prerequisite for:
|
Module coordinator:
Prof. Dr. Damian Weber |
Lecturer: Thorsten Wacker, M.Sc.
[updated 31.10.2017]
|
Learning outcomes:
After successfully completing this course, students will be able to use the system properties of an IT system to secure evidence that can be used in court after an IT security incident. To this end, they will apply best practices, compare the advantages and disadvantages, isolate problems that arise and investigate the usability of the secured data. They will be capable of interpreting the collected data and presenting the results convincingly to an independent authority.
[updated 26.02.2018]
|
Module content:
1. General information about the field Tools Literature 2. Introduction Definition of terms Motivation for authorities Motivation for companies 3. Principles of IT forensics Procedure model Digital traces Volatile data Interpreting data Interpreting time stamps 4. File system basics Hard disks, partitioning, file systems Unix file management 5. File system analysis Creating a file system image Analyzing a file system image Deleted files File carving 6. Analyzing a compromised system Process handling RAM Rootkits
[updated 26.02.2018]
|
Recommended or required reading:
Forensic Discovery. (Addison-Wesley Professional Computing) (hard cover) by Daniel Farmer (author), Wietse Venema (author) http://www.amazon.de/Forensic-Discovery-Addison-Wesley-Professional-Computing/dp/020163497X File System Forensic Analysis. (soft cover) by Brian Carrier (author) http://www.amazon.de/System-Forensic-Analysis-Brian-Carrier/dp/0321268172
[updated 26.02.2018]
|