The course gives the student both practical and theoretical knowledge of technologies, methods, models, laws/rules that apply at investigations of digital crimes or incidents.
For example the course covers the following:
- The history of forensics
- Digital forensics and digital evidence
- The investigation process of forensics/incident response
- Legislation and international cooperations in digital forensics
- Standards in the area and the requirements of an organisation that works with digital forensics or incident management
- Computer forensics
- Forensics for embedded systems and mobile units
- Network forensics
After passing the course, the student should be able to
- describe central concepts, models and methods in digital forensics and incident response
- describe the national and international contexts and the laws, regulations, and conventions that are negotiated and how these are applied
- describe differences and similarities between a forensic scenario and an incident response scenario
- apply known methods for data collection and analysis in given situations
- plan and carry out data collection and analysis, in order to run a forensic analysis or an incident analysis
- present and explain conclusions from a forensic analysis
- present and explain conclusions from an incident, as well as suggest future measures
- explain limitations with forensic analysis with regard to how certain conclusions can be drawn
- review critically and source-critically a forensic and incident response report
- evaluate when forensic work (particularly when it does not take place in connection with a crime scene investigation) has a negative effect on the personal integrity of individuals.
