Digital Forensic

Department: Department of Informatics
Faculty: Faculty of Information Technology
University: Institut Teknologi Sepuluh Nopember, Surabaya, Indonesia

Course: KI141442, Digital Forensics (Bachelor Program)
Credits: 3
Semester: 7
Lecturer: Hudan Studiawan, S.Kom, M.Kom (hudan[at]if.its.ac.id)

Course description:
Digital Forensics learns various forensic methods in file, operating system, web, computer networks, and on mobile devices as well as anti-forensic technique.

Course outcomes:
Students are able to apply the forensic method in files, operating system, web, computer networks, and on mobile devices as well as anti-forensic technique.

Discussion subjects:
1. The basic principles and methodologies of digital forensics
2. Introduction, search, and seizure of digital evidence
3. Techniques of data preservation
4. Forensic on operating system
5. Forensics on file
6. Forensics on the web
7. Forensic computer network
8. Forensics on mobile devices
9. Investigation of attacks on computer networks network
10. Anti-forensic techniques

Prerequisite:
Operating Systems, Computer Networks, dan Information and Network Security

Primary references:
Nelson, B., “Guide to Computer Forensics and Investigations”, Cengage Learning, 2009.
Casey, E., “Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet”, Academic Press, 2011.
Casey, E., “Handbook of Digital Forensics and Investigation”, Academic Press, 2009.
Sammons, J., “The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics”, Elsevier, 2012.

Supporting references:
Altheide, C., Carvey, H., “Digital Forensic with Open Source Tools”, Elsevier, 2011.
Hoog, A., “Android Forensics: Investigation, Analysis and Mobile Security for Google Android”, Elsevier, 2011.
Daniel, L., Daniel, L., “Digital Forensics for Legal Professionals Understanding Digital Evidence From The Warrant To The Courtroom”, Elsevier, 2011.


Course: KI142457, Topics In Digital Forensics (Master Program)
Credits: 3
Semester: 2
Lecturer:
Prof. Ir. Supeno Djanali, M.Sc, Ph.D (supeno[at]its.ac.id)
Hudan Studiawan, S.Kom, M.Kom (hudan[at]if.its.ac.id)

Course description:
It learns concepts of digital forensics. This includes computer forensics and network forensics.

Course outcomes:
Students understand the concept of digital forensics, including computer forensics and network forensics. Based on those concepts, students are able to develop a new technique, for both individual and in a group.

Discussion subjects:

  1. The concept of digital evidence: tangible evidence, best evidence, direct evidence, digital evidence.
  2. Methodology of forensic investigation: obtaining information, developing strategies, gathering evidence, analysis, reporting.
  3. Collection of evidence: physical tapping (cable, radio frequency, etc.), software to get the data (tcpdump, wireshark, etc)
  4. The concept of a file: file signature, forensic imaging, file allocation table (FAT), NTFS, volume, partition.
  5. Technical basics: packet analysis, flow analysis, evidence-based resource network (firewalls, proxies, routers, switches, server logs, etc.)

Primary references:
Cyber Forensics: From Data to Digital Evidence (Wiley Corporate F&A) by Albert J. Marcella Jr. and Frederic Guillossou (May 1, 2012).
Network Forensics: Tracking Hackers through Cyberspace by Sherri Davidoff and Jonathan Ham (Jun 23, 2012).
Introduction to Security and Network Forensics by William J. Buchanan (Jun 6, 2011).

Supporting references:
Digital Forensics and Cyber Crime: 4th International Conference, ICDF2C 2012, Lafayette, IN, USA, October 25-26. by Marcus K. Rogers and Kathryn C. Seigfried-Spellar (Oct 7, 2013)
Digital Forensics with Open Source Tools by Cory Altheide and Harlan Carvey (Apr 28, 2011).