TalTech ÕIS

Computer Forensics

BASIC DATA

course listing

A - main register

course code

ICS0033

course title in Estonian

Arvutikriminalistika

course title in English

Computer Forensics

course volume CP

ECTS credits

3.00

to be declared

yes

assessment form

Pass/fail assessment

teaching semester

autumn

language of instruction

Estonian

English

Study programmes that contain the course

code of the study programme version

course compulsory

IVSB17/25

Structural units teaching the course

IC - IT College

Course description link

Timetable link

View the timetable

Version:

VERSION SPECIFIC DATA

course aims in Estonian

Arvutikriminialistikaga seotud tehniliste võtete ja reeglite tutvustumine ning tudengitele praktilise kogemuse andmine elektrooniliste andmete kogumisel ja analüüsil.

course aims in English

Introducing technologies and rules relevant to computer forensics and providing the students with hands-on experience in collecting and analyzing electronic data.

learning outcomes in the course in Est.

Kursuse lõpetanud tudengid:
- Teavad arvuti- ja arvutivõrkude kriminialistika põhitõdesid.
- Oskavad rakendada parimaid praktikaid infoturbe intsidendi käigus tõendite kogumisel.
- Teavad põhilisi seadusi ja reegeleid mis on seotud tõendite kogumisega arvutitest ja arvutivõrkudest.
- Seletada ning praktiliselt kasutada andmete salvestamise, andmete hõive ning andmete peitmisega seotud tehnikaid mis seotud arvutite ja arvutivõrkudega.

learning outcomes in the course in Eng.

Upon completion of this course students will be able to:
- Understand fundamentals of computer and network forensics.
- Execute best practices of incident response in evidence collection.
- Know basic legal framework requirements concerning evidence collection.
- Explain and make use of data storage, data access and data hiding options in computer and network forensics.

brief description of the course in Estonian

Arvutikriminalistika põhimõisted ja õiguslikud aspektid. Digitaaltõendite kogumine infoturbe intsidendi lahendamise käigus. Andmete peitmise metoodikad. Tõendite kogumine Windowsi, Apple'i ja UNIXi põhistest arvutitest. Mobiilseadmete arvutikriminalistika, tõendite kogumine Android põhistest seadmetest. Arvutivõrkude kriminalistika: NetFlow ja PCAP põhine tõendite kogumine ja andmete analüüs

brief description of the course in English

Basics of computer forensics and digital evidence handling. Legal aspects. Gathering the digital evidence during incident response. Data hiding methods. Collecting evidence from Windows based, Apple OS X based and UNIX based computers. Mobile device forensics, collecting data from Android based devices. Network forensics, NetFlow and PCAP based evidence collection

type of assessment in Estonian

type of assessment in English

independent study in Estonian

independent study in English

study literature

- Bill Nelson, Amelia Phillips, Christopher Steuart. Guide to Computer Forensics and Investigations, 4th Edition. 2009
- Douglas Schweitzer. Incident Response: Computer Forensics Toolkit. Wiley, 2003
- Warren Kruse, Jay Heiser. Computer Forensics: Incident Response Essentials, 1st Edition. Addison-Wesley, 2001, 2007

study forms and load

daytime study: weekly hours

2.0

session-based study work load (in a semester):

lectures

1.0

lectures

practices

1.0

practices

exercises

0.0