TalTech ÕIS

System Forensics

BASIC DATA

course listing

A - main register

course code

ITX8200

course title in Estonian

Arvutite ja seadmete analüüs

course title in English

System Forensics

course volume CP

4.00

ECTS credits

6.00

to be declared

yes

assessment form

Graded assessment

teaching semester

autumn - spring

language of instruction

Estonian

English

Study programmes that contain the course

code of the study programme version

course compulsory

IVCM25/25

yes

Structural units teaching the course

IT - Department of Software Science

Course description link

Timetable link

View the timetable

Version:

VERSION SPECIFIC DATA

course aims in Estonian

Anda teadmine kust ja kuidas otsida tõendeid erinevates süsteemides, analüüsida sobival detailsuse tasemel ja dokumenteerida tõendite kogumise ja analüüsi protsessi.

course aims in English

Give an understanding how and where to look for evidence in different systems, analyse it with necessary levels of granularity and documenting the evidence collection and analysis process.

learning outcomes in the course in Est.

- Oskab püstitada analüüsiks vajalikke hüpoteese
- Oskab teha sobivate meetoditega analüüsi erinevates operatsioonisüsteemides
- Oskab kasutada tõendite kogumise ja analüüsi vahendeid
- Oskab logide põhjal taastada süsteemi kasutamise ajalugu
- Oskab otsida ja taastada failisüsteemidest kustutatud infot ning säilitada tõendite ahel

learning outcomes in the course in Eng.

- Can form hypotheses for investigative analysis
- Knows how to perform proper forensic analysis by applying key analysis techniques covering different operating systems
- Is able to use freely available and open tools for evidence acquisitions and analysis
- Can establish last usage timeline trough system log and log footprints
- Can find some deleted data and keep the chain of evidence

brief description of the course in Estonian

Digitaalse analüüsi alused, mälu analüüs, struktureerimata analüüs. Failisüsteemid FAT , Fat32, NTFS , HPFS , Ext4 jt analüüsi perspektiivist. USB seadmete ja võrgufailisüsteemide analüüs. Stringiotsing, e-mail analüüs. Registrite ja logide analüüs. Veebisirvijate analüüs. Erinevate failide (dokumendid, pildid jt) ja meta-andmete analüüs. Nutitelefonide analüüsi alused. Ajajoone loomine ja analüüs.

brief description of the course in English

Digital forensics fundamentals tied to evidence acquisition, memory acquisition and unstructured analysis. File systems FAT , Fat 32 NTFS , HPFS , Ext4 in analysis perspective. USB device analysis, system and local domain file analysis. String search, data carving, and e-mail forensics. Registry and log files analysis. Web browser forensics. Different file content (documents, photos and so on) and metadata analysis. Smartphone forensics fundamentals. Timeline creation and analysis.

type of assessment in Estonian

eristav

type of assessment in English

independent study in Estonian

Aruanne ja ettekanne lisamaterjalide lugemise baasil.

independent study in English

Writing a report and present short overview about additional reading.

study literature

Kursuse veebilehel
Digital Forensics with Open Source Tools: Using Open Source Platform Tools by Cory Altheide and Harlan Carvey

study forms and load

daytime study: weekly hours

4.0

session-based study work load (in a semester):

lectures

2.0

lectures

practices

2.0

practices

exercises

0.0

exercises

lecturer in charge

LECTURER SYLLABUS INFO

semester of studies

teaching lecturer / unit

language of instruction

Extended syllabus

2024/2025 spring

Pavel Chikul, IT - Department of Software Science

English

ITX8200-eng.pdf

display more

Course description in Estonian

Course description in English