After successful completion of the course, students are able to conduct digital forensic investigations and the necessary analysis steps, in particular with the special requirements regarding reproducibility. The data will not be modified during that analysis at all costs. This is true for both smartphones as well as file systems, computer systems, servers and network data. Students are empowered to prove that data has not been modified in any way during their analysis.
During the practical assigments participants will conduct anaylsis of artefacts in an autonomous and provable way, including documentation. Findings can be reproduced by external analysts, and are free of speculations and arguments which are not independently observable. The artefacts created like reports and analysis steps are theoretically usable in a court.
Forensics methods for: File systems, networks, operation systems, application software
Time line anylsises, standards and norms (RFC, NIST, ISO, legal basics, definitions).
The foundations are taught in blocked lectures. These foundations are discussed in the light of real-world examples during the lectures. We additionally foster discussion by using TUWEL as an online learning platform for our course. Theoretical foundations are finally applied to practical assignments (challenges).
ECTS Breakdown (3 ECTS = 75 hours):
Practical assignments and a written exams at the end.
Equivalent knowledge to the class "Introduction to Security" is mandatory. The class "Internet Security" is recommended.