Print as pdf if you want a pdf! If you want a nicer printout, click off the browser's automatically added header and footer.
Blekinge Institute of Technology
Department of Computer Science
Revision: 2
Reg.no: BTH-4.1.14-0428-2024
Course syllabus
Advanced Digital Forensics
Advanced Digital Forensics
7.5 credits (7,5 högskolepoäng)
Course code: DV2637
Main field of study: Computer Science, Software Engineering
Disciplinary domain: Technology
Education level: Second-cycle
Specialization: A1N - Second cycle, has only first-cycle course/s as entry requirements
Language of instruction: English
Applies from: 2024-04-02
Approved: 2024-04-02
1. Descision
This course is established by Dean 2023-04-18. The course syllabus is approved by Head of Department of Computer Science 2024-04-02 and applies from 2024-04-02.
2. Entry requirements
Admission to the course requires 120 credits of which 90 credits must be in a technical area of which 6 credits must be a completed course in Opearating Systems and 6 credits a completed course in Data Communication and Network Technologies or at least 120 credits, of which at least 90 credits are in a technical area, and a minimum of 2 years professional experience within an area related to software-intensive product and/or service development (shown by, for example, a work certificate from an employer).
3. Objective and content
3.1 Objective
Many companies and their IT systems are affected by advanced intrusions, various ransomware attacks and or thefts of both sensitive and secret information. In case of being compromised companies need to understand their weak points, ways of intrusion and attackers’ attributes.
The course focuses on developing the student's skills to systematically investigate and analyze all phases of complex cyber-attacks (so called Cyber Kill Chain) and to track the threat actor, discover exploited vulnerabilities so that companies can securely restore data and system integrity.
3.2 Content
- Digital forensics (DF) methodology, processes, and standards.
- Discover and preserve detailed tracks and artefacts in different OS.
- Methods and tools for network and email forensics.
- Methods and tools for memory analysis
- Methos and tools for analyzing mobile phones (mobile forensics)
- Cloud specific aspects of DF
- APT (Advanced Persistent Threats) and the seven steps of the Cyber Kill Chain
- Documentation and presentation of DF results that can be used in a criminal investigation.
4. Learning outcomes
The following learning outcomes are examined in the course:
4.1. Knowledge and understanding
On completion of the course, the student will know and understand:
- Explain standards and methods for DF.
- Explain how to prepare systems to secure traces in computers, networks, and clouds before a future attack.
4.2. Competence and skills
On completion of the course, the student will:
- Independently carry out a DF examination according to practice and standard
- Develop and maintain a DF capability within computer, network, and cloud infrastructure.
- Develop the ability to write a good DF report according to practice and standard so that it can used in a court of law.
- Assess which methods and techniques are suitable for acquiring, exploring, analyzing, and evaluating data and digital evidence in specific cases and/or specific digital environments.
5. Learning activities
Lectures contribute to the theoretical understanding required to complete the course and introduce current practice and standards in DF. Exercises and laboratory practice describe important concepts and are used to increase the students’ skills within practical DF work. Labs and study questions make it easier for course participants to acquire knowledge. Analytical thinking is also practiced in the laboratories as the course participant must draw conclusions based on the laboratory results. Course participants receive continuous feedback during their labs to support learning.
6. Assessment and grading
Modes of examinations of the course
| Code | Module | Credit | Grade |
| 2410 | Written examination | 1.5 credits | GU |
| 2420 | Laboratory session 1 | 1.5 credits | GU |
| 2430 | Laboratory session 2 | 1.5 credits | GU |
| 2440 | Laboratory session 3 | 1.5 credits | GU |
| 2450 | Laboratory session 4 | 1.5 credits | GU |
The course will be graded G Pass, UX Fail, supplementation required, U Fail.
The information before a course occasion states the assessment criteria and make explicit in which modes of examination that the learning outcomes are assessed.
An examiner can, after consulting the Disability Advisor at BTH, decide on a customized examination form for a student with a long-term disability to be provided with an examination equivalent to one given to a student who is not disabled.
7. Course evaluation
The course evaluation should be carried out in line with BTH:s course evaluation template and process.
8. Restrictions regarding degree
The course can form part of a degree but not together with another course the content of which completely or partly corresponds with the contents of this course.
9. Course literature and other materials of instruction
Cybercrime and Information Technology Theory and Practice: The Computer Network Infrastructure and Computer Security, Cybersecurity Laws, Internet of Things (IoT), an Mobile Devices. Alex Alexandrou. ISBN: 978-0-367-25157-4.
Fundamentals of Digital Forensics Theory, Methods, and Real-Life Applications. Second Edition. Joakim Kävrestad. ISBN 978-3-030-38953-6
This is not a legal document. If you would like a copy of the legal decision regarding this course plan, contact the registrar at Blekinge Institute of Technology.