Checking date: 22/05/2025 22:27:07


Course: 2025/2026

Computer Forensic
(12402)
Master in Cybersecurity (Plan: 325 - Estudio: 288)
EPI


Coordinating teacher: PERIS LOPEZ, PEDRO

Department assigned to the subject: Computer Science and Engineering Department

Type: Electives
ECTS Credits: 3.0 ECTS

Course:
Semester:




Requirements (Subjects that are assumed to be known)
Does not apply.
Objectives
Course Objectives - To provide a comprehensive understanding of the foundations, methodologies, and procedures of digital forensic analysis. - To familiarize students with the forensic laboratory environment, specialized tools, and best practices for the acquisition, analysis, and preservation of digital evidence. - To develop students¿ skills in using specific tools for forensic analysis across various environments, including file systems, memory, networks, mobile devices, and the Internet. - To raise awareness of anti-forensic techniques and the importance of integrity and quality throughout the forensic process. - To equip students with the ability to write forensic reports that may serve as valid evidence in legal or disciplinary proceedings. Learning Outcomes Upon successful completion of the course, students will be able to: - Define and explain the fundamental concepts of digital forensic analysis and its relevance to cybersecurity and information systems management. - Identify and apply appropriate policies and procedures within a forensic laboratory setting. - Use forensic tools to accurately acquire, preserve, analyze, and interpret digital evidence in accordance with legal standards. - Conduct forensic analyses on various types of media and environments, including file systems, RAM, network traffic, online services, and mobile devices. - Detect and evaluate anti-forensic techniques that may compromise the integrity of evidence. - Produce clear, comprehensive, and legally sound forensic technical reports suitable for judicial or administrative contexts. - Understand the importance of quality assurance, traceability, and the chain of custody throughout the forensic investigation process.
Learning Outcomes
Description of contents: programme
Forensic analysis of information systems: 1. Introduction to forensic analysis 1.1. What is it? 1.2. Case examples 1.3. Key concepts 2. Forensic analysis lab 2.1. Lab description 2.2. Policies and procedures 2.3. Quality assurance 2.4. Tools 2.5. Evidences: gathering, analysis and custody 2.6. Forensic report 3. Forensics analysis tools 3.1. Forensic analysis of file systems 3.2. Forensic analysis of memory 3.3. Forensic analysis in computer networks 3.4. Forensic analysis related to Internet and e-mail 3.5. Forensic analysis of mobile devices 3.6. Anti-forensics tools and techniques
Learning activities and methodology
Learning activities: Theoretical lectures Practical lectures Mixed theoretical and practical lectures Laboratory practices Tutoring sessions Teamwork Individual work by the student In this subject, concepts will be applied live during the sessions. For this purpose, a set of exercises will be taken as a basis for each session. Students will have to develop several practical cases of forensic analysis. As part of their work, students may have to perform a critical analysis of other students' forensic reports. Particularly, the methodology is based on: - MD1. Lectures using computers in which key concepts are introduced and bibliography is pointed out. - MD2. Critical analysis of readings (articles in press, reports, manuals, papers, etc.) suggested by teachers. This may be used for a further discussion or to consolidate concepts. - MD3. Practical case and problems resolution, individually or in groups. - MD4. Presentation or discussion of related topics and practical cases. - MD5. Development of tasks and reports, individually or in groups.
Assessment System
  • % end-of-term-examination/test 10
  • % of continuous assessment (assigments, laboratory, practicals...) 90

Calendar of Continuous assessment


Basic Bibliography
  • Aaron Phillip; David Cowen, Chris Davis . Hacking Exposed: Computer Forensics (ISBN 0071626778). McGraw Hill Professional. 2009
  • Andy Jones and Craig Valli. Building a digital forensic laboratory. Syngress. 2011
  • Casey, E. . Handbook of Digital Forensics and Investigation (ISBN 0123742676). Academic Press. . 2009
  • Casey, Eoghan . Digital Evidence and Computer Crime, Third Edition. Elsevier. 2012
  • John Sammons. The basics of digital forensics. Syngress. 2012
  • K S Rosenblatt . High-Technology Crime: Investigating Cases Involving Computers. KSK Publications. 1995
  • Kruse, W. & Heiser, J. . Computer forensics: incident response essentials. Addison Wesley. 2002
  • Marcella, A. & Greenfield . Cyber forensics: A field manual for the collecting, examining, and preserving evidence of computer crimes. CRC Press. 2002
  • Shinder, D. Scene of the cybercrime: Computer forensics handbook. Syngress. 2002
  • US Department of Justice. Searching & seizing computers and obtaining electronic evidence in criminal investigations.. Computer crime & intellectual property section US DoJ. 2001
Recursos electrónicosElectronic Resources *
Additional Bibliography
  • Vrizlynn L.L. Thing, Kian-Yong Ng, Ee-Chien Chang . Live memory forensics of mobile phones. doi:10.1016/j.diin.2010.05.010. ISSN 1742-2876. 2010
(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN


The course syllabus may change due academic events or other reasons.