Skip to main content
Skip header

Forensic Analysis

* Exchange students do not have to consider this information when selecting suitable courses for an exchange stay.

Course Unit Code460-4135/01
Number of ECTS Credits Allocated6 ECTS credits
Type of Course Unit *Optional
Level of Course Unit *Second Cycle
Year of Study *Second Year
Semester when the Course Unit is deliveredWinter Semester
Mode of DeliveryFace-to-face
Language of InstructionCzech
Prerequisites and Co-Requisites Course succeeds to compulsory courses of previous semester
Name of Lecturer(s)Personal IDName
PLU042Ing. Jan Plucar, Ph.D.
Summary
At the "Forensic Analysis" course, the student will become familiar with techniques in the field of investigation of cyber attacks and providing evidence. Methods for collecting the necessary evidence, prosecuting attackers, conducting a security audit, and correct methods for identifying traces of attackers in the event of an attack by an cyber attack will be explained. In the classroom, the student gets familiar with most of the latest tracking tools, software or hardware tools that you can use to find traces of attackers through data that remains on infected systems. We will be dedicated to recovering deleted, corrupted, or encrypted files, and to developing an audit to prevent future attacks of a similar type.
Learning Outcomes of the Course Unit
At the "Forensic Analysis" course, the student will become familiar with techniques in the field of investigation of cyber attacks and providing evidence. Methods for collecting the necessary evidence, prosecuting attackers, conducting a security audit, and correct methods for identifying traces of attackers in the event of an attack by an cyber attack will be explained. In the classroom, the student gets familiar with most of the latest tracking tools, software or hardware tools that you can use to find traces of attackers through data that remains on infected systems. We will be dedicated to recovering deleted, corrupted, or encrypted files, and to developing an audit to prevent future attacks of a similar type.
Course Contents
Syllabus of lectures

1. Introduction to digital forensic analysis
2. Digital forensic analysis technology (Cellebrite UFED, Oxygen Forensic Detective, Susteen Secure View, Micro Systemation XRY, ...)
3. Creation of evidence gathering environment, hardware tools
4. Methods and procedures for obtaining digital traces and providing evidence
5. Analysis of various types of evidence from digital media
6. Operating and file systems and startup processes
7. Recover deleted files and partitions on different operating systems
8. Techniques of steganography, detection of steganography, examination of graphic media
9. Techniques for breaking passwords and examining password-protected files
10. Various methods of ensuring the availability of logs and tools for their synchronization and storage, log research
11. Monitoring of web attacks
12. Detection of evidence from mobile devices
13. Anti-forensic techniques (data hiding, artifact wiping, trail obfuscation and attacks against computer forensics processes and tools, obfuscation, ...)
14. Elaboration of investigation and audit reports

Syllabus of tutorials

1. Introduction to digital forensic analysis and introduction of the laboratory
2. The process of forensic investigation of computer search and provision
3. Digital evidence and tools for obtaining it
4. Creation of own laboratory environment for providing evidence
5. Finding tracks and providing evidence in Windows OS
6. File systems and disc exploration
7. Data extraction and copying of analyzed environments
8. Recover deleted files and partitions
9. Steganography and its detection
10. Using tools for breaking passwords
11. Logging and analysis of network traffic and detection of attacks on wireless networks
12. Detection of attacks on web applications
13. Provision of e-mail communication, its investigation and detection of crime by e-mail
14. Elaboration of investigation reports

Project
The task of the students will be to analyze the provided virtual image of Windows system. The image prepared in this way will contain traces of a cyber attack. Student performs analysis according to instructions for elaboration of given version of assignment. The student will present the findings of the analysis in the form of an examination report.
Recommended or Required Reading
Required Reading:
Fundamental of Digital Forensics, Kavrestad, Joakim. 2020, SPRINGER NATURE.
Fundamental of Digital Forensics, Kavrestad, Joakim. 2020, SPRINGER NATURE.
Recommended Reading:
Intelligence-Driven Incident Response: Outwitting the Adversary, Roberts, Scott J., 2017, O'Reilly Media.

Digital Forensics Basics: A Practical Guide Using Windows OS, Hassan, Nihad A., 2019. Apress

Digital Forensics and Incident Response: Incident response techniques and procedures to respond to modern cyber threats, 2nd Edition, Johansen, Gerard, 2020, Packt Publishing.
Intelligence-Driven Incident Response: Outwitting the Adversary, Roberts, Scott J., 2017, O'Reilly Media

Digital Forensics Basics: A Practical Guide Using Windows OS, Hassan, Nihad A., 2019. Apress

Digital Forensics and Incident Response: Incident response techniques and procedures to respond to modern cyber threats, 2nd Edition, Johansen, Gerard, 2020, Packt Publishing.
Planned learning activities and teaching methods
Lectures, Tutorials, Project work
Assesment methods and criteria
Task TitleTask TypeMaximum Number of Points
(Act. for Subtasks)
Minimum Number of Points for Task Passing
Credit and ExaminationCredit and Examination100 (100)51
        CreditCredit45 20
        ExaminationExamination55 20