- Docente: Cesare Maioli
- Credits: 7
- SSD: IUS/20
- Language: Italian
- Teaching Mode: Traditional lectures
- Campus: Bologna
- Corso: First cycle degree programme (L) in Legal and IT Operator (cod. 0354)
Learning outcomes
At the end of the course students will have an understanding the broad meaning of computer forensics either from the technical view point and from the legal one. Students will learn the investigative tools and techniques used in computer forensics and will be introduced to the various file systems in use and discuss the implications of these systems on file retention and deletion. Students will study the issues of magnetic remanence associated with standard disk systems, and understand basic methods for complete removal of a file from a disk. Students as welll will study the structure and use of various disk buffers and caches, as implemented by common operating systems and discuss their impact on security. Students will know how to acquire data and preserve digital evidence, according to the standards required for presentation in an Italian trial. Students will have an understanding of how to conduct an investigation of electronic mail. Students will learn investigative reporting and how to write case summaries. Students will be introduced to procedures for interaction with law enforcement officials and representatives of various forces of the Italian investigative bodies.
Course contents
Review of the specific manifestations of cybercrime, including
hacking, viruses, and other forms of malicious software.
Methods to investigate cybercrime, focusing on requirements for
collection and reporting of evidence for possible use in criminal
cases.
Overview of the forensic relevance of encryption, the examination
of digital evidence for clues, and the most effective way to
present evidence and conclusions in a court of law. File systems in
use (FAT, NTFS, etc.). File retention and deletion. Magnetic
remanence associated with standard disk systems; basic methods for
complete removal of a file from a disk. The structure and use of
various disk buffers and caches, as implemented by common operating
systems (Linux). Hardware and software required for computer
forensics. Investigation of electronic mail.
Readings/Bibliography
CARRIER B., File system forensic analysis ,
Addison-Wesley, 2005
CASEY E. (editor), Handbook of Computer Crime
Investigation , Academic Press, 2002
KRUSE W. G. e J.G. HEISER, Computer Forensics, Incident
Response Essentials , Addison- Wesley, 2002
PROSISE C. e K. MANDIA, M. PEPE, Incident Response &
Computer Forensics , McGraw-Hill, 2003
Teaching methods
Lectures and seminars by experts
Assessment methods
Written examination and discussion of a project.
Teaching tools
Blackboard and slides; See also the site
www.informaticaforense.it
Office hours
See the website of Cesare Maioli