48651 - Computer Forensics

Course Unit Page

  • Teacher Cesare Maioli

  • Credits 7

  • SSD IUS/20

  • Teaching Mode Traditional lectures

  • Language Italian

Academic Year 2009/2010

Learning outcomes

At the end of the course students will have an understanding the broad meaning of computer forensics either from the technical view point and from the legal one. Students will learn the investigative tools and techniques used in computer forensics and  will be introduced to the various file systems in use and discuss the implications of these systems on file retention and deletion. Students will study the issues of magnetic remanence associated with standard disk systems, and understand basic methods for complete removal of a file from a disk. Students as welll will study the structure and use of various disk buffers and caches, as implemented by common operating systems and discuss their impact on security. Students will know how to acquire data and preserve digital evidence, according to the standards required for presentation in an Italian trial. Students will have an understanding of how to conduct an investigation of electronic mail. Students will learn investigative reporting and how to write case summaries. Students will be introduced to procedures for interaction with law enforcement officials and representatives of various forces of the Italian  investigative bodies.


Course contents

Review of the specific manifestations of cybercrime, including hacking, viruses, and other forms of malicious software.
Methods to investigate cybercrime, focusing on requirements for collection and reporting of evidence for possible use in criminal cases.
Overview of the forensic relevance of encryption, the examination of digital evidence for clues, and the most effective way to present evidence and conclusions in a court of law. File systems in use (FAT, NTFS, etc.). File retention and deletion. Magnetic remanence associated with standard disk systems; basic methods for complete removal of a file from a disk. The structure and use of various disk buffers and caches, as implemented by common operating systems (Linux). Hardware and software required for computer forensics. Investigation of electronic mail.

Readings/Bibliography


CARRIER B., File system forensic analysis , Addison-Wesley, 2005
CASEY E. (editor), Handbook of Computer Crime Investigation , Academic Press, 2002
KRUSE W. G. e J.G. HEISER, Computer Forensics, Incident Response Essentials , Addison- Wesley, 2002
PROSISE C. e K. MANDIA, M. PEPE, Incident Response & Computer Forensics , McGraw-Hill, 2003 

Teaching methods

Lectures and seminars by experts

Assessment methods

Written examination and discussion of a project.

Teaching tools

Blackboard and slides; See also the site www.informaticaforense.it

Office hours

See the website of Cesare Maioli