460-4135/02 – Forensic Analysis (FA)

Gurantor departmentDepartment of Computer ScienceCredits6
Subject guarantorIng. Jan Plucar, Ph.D.Subject version guarantorIng. Jan Plucar, Ph.D.
Study levelundergraduate or graduateRequirementCompulsory
Year1Semesterwinter
Study languageEnglish
Year of introduction2020/2021Year of cancellation
Intended for the facultiesFEIIntended for study typesFollow-up Master
Instruction secured by
LoginNameTuitorTeacher giving lectures
PLU042 Ing. Jan Plucar, Ph.D.
Extent of instruction for forms of study
Form of studyWay of compl.Extent
Full-time Credit and Examination 2+2

Subject aims expressed by acquired skills and competences

At the "Forensic Analysis" course, the student will become familiar with techniques in the field of investigation of cyber attacks and providing evidence. Methods for collecting the necessary evidence, prosecuting attackers, conducting a security audit, and correct methods for identifying traces of attackers in the event of an attack by an cyber attack will be explained. In the classroom, the student gets familiar with most of the latest tracking tools, software or hardware tools that you can use to find traces of attackers through data that remains on infected systems. We will be dedicated to recovering deleted, corrupted, or encrypted files, and to developing an audit to prevent future attacks of a similar type.

Teaching methods

Lectures
Tutorials
Project work

Summary

At the "Forensic Analysis" course, the student will become familiar with techniques in the field of investigation of cyber attacks and providing evidence. Methods for collecting the necessary evidence, prosecuting attackers, conducting a security audit, and correct methods for identifying traces of attackers in the event of an attack by an cyber attack will be explained. In the classroom, the student gets familiar with most of the latest tracking tools, software or hardware tools that you can use to find traces of attackers through data that remains on infected systems. We will be dedicated to recovering deleted, corrupted, or encrypted files, and to developing an audit to prevent future attacks of a similar type.

Compulsory literature:

Fundamental of Digital Forensics, Kavrestad, Joakim. 2020, SPRINGER NATURE.

Recommended literature:

Intelligence-Driven Incident Response: Outwitting the Adversary, Roberts, Scott J., 2017, O'Reilly Media. Digital Forensics Basics: A Practical Guide Using Windows OS, Hassan, Nihad A., 2019. Apress Digital Forensics and Incident Response: Incident response techniques and procedures to respond to modern cyber threats, 2nd Edition, Johansen, Gerard, 2020, Packt Publishing.

Way of continuous check of knowledge in the course of semester

E-learning

Other requirements

Requirements replicate the requirements for a master's degree student in computer science.

Prerequisities

Subject has no prerequisities.

Co-requisities

Subject has no co-requisities.

Subject syllabus:

Syllabus of lectures 1. Introduction to digital forensic analysis 2. Digital forensic analysis technology (Cellebrite UFED, Oxygen Forensic Detective, Susteen Secure View, Micro Systemation XRY, ...) 3. Creation of evidence gathering environment, hardware tools 4. Methods and procedures for obtaining digital traces and providing evidence 5. Analysis of various types of evidence from digital media 6. Operating and file systems and startup processes 7. Recover deleted files and partitions on different operating systems 8. Techniques of steganography, detection of steganography, examination of graphic media 9. Techniques for breaking passwords and examining password-protected files 10. Various methods of ensuring the availability of logs and tools for their synchronization and storage, log research 11. Monitoring of web attacks 12. Detection of evidence from mobile devices 13. Anti-forensic techniques (data hiding, artifact wiping, trail obfuscation and attacks against computer forensics processes and tools, obfuscation, ...) 14. Elaboration of investigation and audit reports Syllabus of tutorials 1. Introduction to digital forensic analysis and introduction of the laboratory 2. The process of forensic investigation of computer search and provision 3. Digital evidence and tools for obtaining it 4. Creation of own laboratory environment for providing evidence 5. Finding tracks and providing evidence in Windows OS 6. File systems and disc exploration 7. Data extraction and copying of analyzed environments 8. Recover deleted files and partitions 9. Steganography and its detection 10. Using tools for breaking passwords 11. Logging and analysis of network traffic and detection of attacks on wireless networks 12. Detection of attacks on web applications 13. Provision of e-mail communication, its investigation and detection of crime by e-mail 14. Elaboration of investigation reports Project The task of the students will be to analyze the provided virtual image of Windows system. The image prepared in this way will contain traces of a cyber attack. Student performs analysis according to instructions for elaboration of given version of assignment. The student will present the findings of the analysis in the form of an examination report.

Conditions for subject completion

Full-time form (validity from: 2020/2021 Winter semester)
Task nameType of taskMax. number of points
(act. for subtasks)
Min. number of points
Credit and Examination Credit and Examination 100 (100) 51
        Credit Credit 45  20
        Examination Examination 55  20
Mandatory attendence parzicipation: Attendance at seminars is obligatory. Allowed absence is two seminars per semester. Students must hand in the seminar project to be able to take exam.

Show history

Occurrence in study plans

Academic yearProgrammeField of studySpec.ZaměřeníFormStudy language Tut. centreYearWSType of duty
2022/2023 (N0612A140005) Information and Communication Security IKB P English Ostrava 1 Compulsory study plan
2022/2023 (N0613A140035) Computer Science P English Ostrava 2 Optional study plan
2022/2023 (N0714A060021) Communication and Information Technology P English Ostrava 2 Optional study plan
2022/2023 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P English Ostrava 2 Optional study plan
2021/2022 (N0612A140005) Information and Communication Security P English Ostrava 2 Optional study plan
2021/2022 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P English Ostrava 2 Optional study plan
2020/2021 (N0612A140005) Information and Communication Security P English Ostrava 2 Optional study plan
2020/2021 (N2647) Information and Communication Technology (1801T064) Information and Communication Security P English Ostrava 2 Optional study plan
2020/2021 (N2647) Information and Communication Technology (2612T025) Computer Science and Technology P English Ostrava 2 Optional study plan

Occurrence in special blocks

Block nameAcademic yearForm of studyStudy language YearWSType of blockBlock owner