81676 - Digital Forensic

Course Unit Page


This teaching activity contributes to the achievement of the Sustainable Development Goals of the UN 2030 Agenda.

Quality education Gender equality Responsible consumption and production Partnerships for the goals

Academic Year 2021/2022

Learning outcomes

At the end of the course the students will know the main topics of digital forensics. Moreover, they have used several basic tools to manage some common scenarios: single device (computer, tablet, smartphone) and several kinds of file, networking (wireless and wired), e-mail and social media. The students will know the importance of the chain of custody and also the main procedures to acquire, conserve and analyze the data. The students will know both the importance of the final report and the conceptual instruments for its appropriate drafting

Course contents

Understanding the Digital Forensics Profession and Investigations
The Investigator's Office and Laboratory
Data Acquisition
Processing Crime and Incident Scenes
Working with Windows and CLI Systems
Current Digital Forensics Tools
Linux and Macintosh File Systems
Recovering Graphics Files
Digital Forensics Analysis and Validation
Virtual Machine Forensics, Live Acquisitions, and Network Forensics
E-mail and Social Media Investigations
Mobile Device Forensics
Cloud Forensics
Report Writing for High-Tech Investigations
Expert Testimony in Digital Investigations
Ethics for the Expert Witness


Hayes D.R., A Practical Guide to Digital Forensics Investigations, Pearson, 2021.

Quenau R., Esercizi di stile, Einaudi, 2014.

 Nelson B., Philips A., Steuart C., Guide to computer forensics and investigations (6-th ed.), Cengage, 2018 

ISO/IEC 27037:2012, Information technology - Security techniques - Guidelines for identification, collection, acquisition and preservation of digital evidence

ISO/IEC 27041:2015, Information technology - Security techniques - Guidance on assuring suitability and adequacy of incident investigative method 

ISO/IEC 27042:2015, Preview Information technology - Security techniques - Guidelines for the analysis and interpretation of digital evidence

ISO/IEC 27043:2015 Preview, Information technology - Security techniques - Incident investigation principles and processes

Teaching methods

Lessons and practice BYOD.

Assessment methods

The students are grouped together. Each group works on a case as expert either for one of the two parts or for the court. The topics have to be discussed in advance with the teacher. Each groups will produce a report. The report will be evaluated by cross-question with the other two groups. The report has to be submitted before a fixed deadline. The exam continues with an oral discussion of the main aspect of the work. The exam ends with an oral discussion on the main topics of the course.

Teaching tools


Office hours

See the website of Alessandro Amoroso