460-4135/01 – Forensic Analysis (FA)
Gurantor department | Department of Computer Science | Credits | 6 |
Subject guarantor | Ing. Jan Plucar, Ph.D. | Subject version guarantor | Ing. Jan Plucar, Ph.D. |
Study level | undergraduate or graduate | Requirement | Optional |
Year | 2 | Semester | winter |
| | Study language | Czech |
Year of introduction | 2020/2021 | Year of cancellation | |
Intended for the faculties | FEI | Intended for study types | Follow-up Master |
Subject aims expressed by acquired skills and competences
At the "Forensic Analysis" course, the student will become familiar with techniques in the field of investigation of cyber attacks and providing evidence. Methods for collecting the necessary evidence, prosecuting attackers, conducting a security audit, and correct methods for identifying traces of attackers in the event of an attack by an cyber attack will be explained. In the classroom, the student gets familiar with most of the latest tracking tools, software or hardware tools that you can use to find traces of attackers through data that remains on infected systems. We will be dedicated to recovering deleted, corrupted, or encrypted files, and to developing an audit to prevent future attacks of a similar type.
Teaching methods
Lectures
Tutorials
Project work
Summary
At the "Forensic Analysis" course, the student will become familiar with techniques in the field of investigation of cyber attacks and providing evidence. Methods for collecting the necessary evidence, prosecuting attackers, conducting a security audit, and correct methods for identifying traces of attackers in the event of an attack by an cyber attack will be explained. In the classroom, the student gets familiar with most of the latest tracking tools, software or hardware tools that you can use to find traces of attackers through data that remains on infected systems. We will be dedicated to recovering deleted, corrupted, or encrypted files, and to developing an audit to prevent future attacks of a similar type.
Compulsory literature:
Fundamental of Digital Forensics, Kavrestad, Joakim. 2020, SPRINGER NATURE.
Recommended literature:
Intelligence-Driven Incident Response: Outwitting the Adversary, Roberts, Scott J., 2017, O'Reilly Media.
Digital Forensics Basics: A Practical Guide Using Windows OS, Hassan, Nihad A., 2019. Apress
Digital Forensics and Incident Response: Incident response techniques and procedures to respond to modern cyber threats, 2nd Edition, Johansen, Gerard, 2020, Packt Publishing.
Additional study materials
Way of continuous check of knowledge in the course of semester
E-learning
Other requirements
Requirements replicate the requirements for a master's degree student in computer science.
Prerequisities
Subject has no prerequisities.
Co-requisities
Subject has no co-requisities.
Subject syllabus:
Syllabus of lectures
1. Introduction to digital forensic analysis
2. Digital forensic analysis technology (Cellebrite UFED, Oxygen Forensic Detective, Susteen Secure View, Micro Systemation XRY, ...)
3. Creation of evidence gathering environment, hardware tools
4. Methods and procedures for obtaining digital traces and providing evidence
5. Analysis of various types of evidence from digital media
6. Operating and file systems and startup processes
7. Recover deleted files and partitions on different operating systems
8. Techniques of steganography, detection of steganography, examination of graphic media
9. Techniques for breaking passwords and examining password-protected files
10. Various methods of ensuring the availability of logs and tools for their synchronization and storage, log research
11. Monitoring of web attacks
12. Detection of evidence from mobile devices
13. Anti-forensic techniques (data hiding, artifact wiping, trail obfuscation and attacks against computer forensics processes and tools, obfuscation, ...)
14. Elaboration of investigation and audit reports
Syllabus of tutorials
1. Introduction to digital forensic analysis and introduction of the laboratory
2. The process of forensic investigation of computer search and provision
3. Digital evidence and tools for obtaining it
4. Creation of own laboratory environment for providing evidence
5. Finding tracks and providing evidence in Windows OS
6. File systems and disc exploration
7. Data extraction and copying of analyzed environments
8. Recover deleted files and partitions
9. Steganography and its detection
10. Using tools for breaking passwords
11. Logging and analysis of network traffic and detection of attacks on wireless networks
12. Detection of attacks on web applications
13. Provision of e-mail communication, its investigation and detection of crime by e-mail
14. Elaboration of investigation reports
Project
The task of the students will be to analyze the provided virtual image of Windows system. The image prepared in this way will contain traces of a cyber attack. Student performs analysis according to instructions for elaboration of given version of assignment. The student will present the findings of the analysis in the form of an examination report.
Conditions for subject completion
Occurrence in study plans
Occurrence in special blocks
Assessment of instruction