FI2AMCF75 Computer Forensics

FI2AMCF75 Computer Forensics

  • Course description
    • Course Code
      FI2AMCF75
    • Level of Study
      5.2
    • Program of Study
      Network and IT Security
    • Credits
      7.5
    • Study Plan Coordinator
      Benjamin Rosenlund
Teaching Term(s)
2025 Autumn
2026 Spring
About the Course

This topic will give students an introduction to forensic work on IT systems, handling of evidence and demands for documentation to build a case, either for the management in an organization or as a part of prosecution.

The aim of this course is to give students practical knowledge in computer related forensics, different types of hardware, software and procedures used to look for and secure evidence and leads. Basic knowledge about requirements for collecting and handling evidence, forensic reports and documentation is also an important part of ICT related security. 

Course Learning Outcomes
Knowledge

The candidate: 

  • has knowledge of applicable laws and concepts, theories, models processes, and tools related to incident response and digital forensics. 
  • attains the intrinsic ability to assess their own work in relation to the applicable norms and requirements as defined by the digital forensics discipline. 
  • is familiar with the history, traditions, distinctive nature and place in the society of cyber security incident response and are aware of the ethical and moral elements of computer/digital forensics. 
  • has insight into their personal opportunities for development related to security incident response and computer/digital forensics. 
Skills

The candidate: 

  • can explain their vocational choices in security incident response preparations, identification, containment, eradication and recovery. 
  • can reflect over their own vocational digital forensics practice and fine-tune it under supervision. 
  • can find and refer to helpful information and vocational material and assess its relevance to a incidence response and computer/digital forensics. 
  • can use modern open-source and proprietary tools and techniques used in digital forensics investigations. 
  • is aware of each phase of the cyber security incident response lifecycle and the response actions required at each stage. 
  • understands the functions of the various computer security incident response teams (CSIRT) and how each fit in an organisation’s incident response and digital forensics strategy. 
General Competence

The candidate: 

  • can plan and carry out vocational tasks and projects alone or as part of a group and in accordance with relevant ethical requirements and principles in computer/digital forensics. 
  • demonstrates the ability to contribute to organisational development through the of sound digital forensics and incident response plans. 
Learning Activities

Digital Learning Resources
The learning management system (LMS) is the primary learning platform where students access most of their course materials. The content is presented in various formats, such as text, images, models, videos or podcasts. Each course follows a progression plan, designed to lead students through weekly modules at their own pace. Exercises and assignments (individual or in groups) are embedded throughout the courses to support continuous practice and assessment of the learning outcomes.

Campus Resources
In addition to the digital learning resources, campus students participate in physical learning activities led by teachers as part of the overall delivery.

Guidance
Guidance and feedback from teachers support students' learning journeys, and may be provided synchronously or asynchronously, individually or in groups, via text, video or in-person feedback.

Assessments
Form of assessmentGrading scaleGroupingDuration of assessment
Course Assignment
Grade A-F
Individual
5 Hour(s)
Reading List

Teaching materials, reading lists, and essential resources will be shared in the learning platform and software user manuals where applicable.