(*)Students know on a theoretical level how to, respectively the basics steps to:
- Create images of hard disks/SSD (K3)
- Analyze the content of an image (K4)
- Collect data from live systems (K3)
- Assess the quality and evidentiary value of gathered data (K5)
- Assess the quality of an expertise (K5)
- Extract browsing data from disk images (K4)
- Extract data regarding selected activities in Windows from disk images (K4)
- Use carving software to reconstruct files/data (K3)
|
(*)Technical part:
- Forensic process: how to secure evidence; requirements for forensic investigation procedures
- Kinds and locations of IT evidence
- Web browsing activity: location, extraction methods, interpretation limitations
- Windows systems: location, extraction methods, interpretation limitations
- Secure destruction of data
- Carving: Methods and improvement for various file/content types
Legal part:
- Expertises (structure, analysis)
- Legal rules regarding evidence incl burden of proof
- Criminal law in the IT area, e.g. data destruction and computer fraud
|
