Introduction into digital forensics analysis

The course is not on the list Without time-table
Code Completion Credits Range Language
NI-UFA Z 2 8B Czech
Garant předmětu:
Department of Information Security

The aim of the course is to introduce students to the issue of forensic analysis of personal computers and mobile devices. In particular, the correct procedures for data acquisition and information extraction depending on the device, operating system, type and method of data storage. Students will learn to identify and acquire data in compliance with generally accepted practices. They will learn how to select the correct procedure and tool to identify the required information including securing volatile and deleted data. They will find out how to locate and understand basic forensic artifacts by device, operating system and data type.


There are no prerequisites in the course, however, a basic knowledge of common operating systems, common file systems, and basic databases is an advantage.

Method of execution:

During the course, students are introduced to the basic phases of the digital forensics process. The course is completed by a practical test over a cross-cutting assignment covering the key aspects of the forensic analysis process.

Syllabus of lectures:
Syllabus of tutorials:

1.Introduction to the basic issues. Data integrity and chain of custody.

2.Tools for forensic data acquisition. 2. Acquisition methods based on the environment.

3.Methods of data storage. Artifacts of various file systems.

4.File header/footer. Artifacts of common operating systems.

5.Forensic data acquisition from mobile devices. Mobile device platforms.

6.Exploitation of SQLite databases. Android and iOS specific artifacts. JTAG and ISP.

7.Identifying and filtering user data. Metadata of most common application files.

8.Working efficiently with image and video files. Internet artifacts.

9.E-mail analysis. Instant messaging.

10.Data carving. Options for recovering deleted data. Volatile data.

11.Typical problems in the process of data acquisition and analysis. Reporting.

Study Objective:

Upon completion of the course, the student will be able to independently identify and forensically acquire basic digital evidence from common devices, analyze it and draw appropriate conclusions based on the evidence.

Study materials:

[1] WATSON, David Lilburn a Andrew JONES. Digital Forensics Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements. Syngress, 2013. ISBN 978-1597497428.

[2] REIBER, Lee. Mobile Forensic Investigation: A Guide to Evidence Collection, Analysis, and Presentation. Second edition. New York: McGraw-Hill Education, 2018. ISBN 978-1-260-13509-1.

[3] OETTINGER, William. Learn Computer Forensics: A beginner's guide to searching,

analyzing, and securing digital evidence. Packt Publishing, 2020. ISBN 1838648178.

Further information:
No time-table has been prepared for this course
The course is a part of the following study plans:
Data valid to 2023-08-30
Aktualizace výše uvedených informací naleznete na adrese https://bilakniha.cvut.cz/en/predmet7204006.html