FI2AMCF75 Computer Forensics
FI2AMCF75 Computer Forensics
- Course description
- Course codeFI2AMCF75
- Level of study5.2
- Program of studyNetwork and IT Security
- Credits7.5
- Course coordinatorJustine Moodley, Benjamin Rosenlund
This topic will give students an introduction to forensic work on IT systems, handling of evidence and demands for documentation to build a case, either for the management in an organization or as a part of prosecution.
The aim of this course is to give students practical knowledge in computer related forensics, different types of hardware, software and procedures used to look for and secure evidence and leads. Basic knowledge about requirements for collecting and handling evidence, forensic reports and documentation is also an important part of ICT related security.
The candidate:
- has knowledge of applicable laws and concepts, theories, models processes, and tools related to incident response and digital forensics.
- attains the intrinsic ability to assess their own work in relation to the applicable norms and requirements as defined by the digital forensics discipline.
- is familiar with the history, traditions, distinctive nature and place in the society of cyber security incident response and are aware of the ethical and moral elements of computer/digital forensics.
- has insight into their personal opportunities for development related to security incident response and computer/digital forensics.
The candidate:
- can explain their vocational choices in security incident response preparations, identification, containment, eradication and recovery.
- can reflect over their own vocational digital forensics practice and fine-tune it under supervision.
- can find and refer to helpful information and vocational material and assess its relevance to a incidence response and computer/digital forensics.
- can use modern open-source and proprietary tools and techniques used in digital forensics investigations.
- is aware of each phase of the cyber security incident response lifecycle and the response actions required at each stage.
- understands the functions of the various computer security incident response teams (CSIRT) and how each fit in an organisation’s incident response and digital forensics strategy.
The candidate:
- can plan and carry out vocational tasks and projects alone or as part of a group and in accordance with relevant ethical requirements and principles in computer/digital forensics.
- demonstrates the ability to contribute to organisational development through the of sound digital forensics and incident response plans.
In this course, the following teaching and learning methods can be applied, but are not limited to:
- Lecture: Educator-led presentations or activities providing knowledge, skills, or general competencies in the subject area.
- Group work: Collaborative activities where students work together to solve problems or complete tasks.
- Tutoring: One-on-one or small group sessions with an instructor for personalized guidance and support.
- Student presentations: Opportunities for students to demonstrate their understanding of course material by presenting to peers.
- Online lessons: Digital content delivered via an online learning platform.
- Guidance: Individualized advice and direction from instructors to support students in their learning journey.
- Workshops: Practical sessions focused on hands-on application of theoretical concepts or skills.
- Self-study: Independent study where students engage with course material on their own without any teacher support.
Teaching materials, reading lists, and essential resources will be shared in the learning platform and software user manuals where applicable.