Ugo FIORE | DIGITAL FORENSICS

cod. 0522500100

DIGITAL FORENSICS

	0522500100
	COMPUTER SCIENCE
	EQF7
	COMPUTER SCIENCE
	2024/2025

CURRICULUM CYBERSECURITY

	YEAR OF DIDACTIC SYSTEM 2016
	SPRING SEMESTER

TEACHING UNITS

	SSD	CFU	HOURS	ACTIVITY	TYPE OF ACTIVITY
	INF/01	6	48	LESSONS	SUPPLEMENTARY COMPULSORY SUBJECTS

EXAMS

	Exam	Date	Session
	APPELLO PROF. FIORE	06/05/2025 - 11:30	SESSIONE ORDINARIA

	Objectives
	THE COURSE INTRODUCES STUDENTS TO THE FOUNDATIONS OF DIGITAL FORENSICS. KNOWLEDGE AND UNDERSTANDING STUDENTS WILL: •BE AWARE OF THE IMPORTANCE OF DIGITAL FORENSICS •BE AWARE OF THE RELATIONSHIPS BETWEEN IT AND FORENSICS •KNOWLEDGE OF THE BEST PRACTICES TO INCIDENT RESPONSE •KNOWLEDGE OF THE MAIN TOOLS AND TECHNIQUES FOR FORENSIC INVESTIGATION APPLYING KNOWLEDGE AND UNDERSTANDING STUDENTS WILL BE ABLE TO APPLY THE KNOWLEDGE OF TOOLS AND TECHNIQUES FOR CONDUCTING FORENSIC INVESTIGATIONS. MAKING JUDGEMENTS STUDENTS WILL BE ABLE TO: - CALIBRATE THE CHOICE OF DIGITAL TOOLS TO BE USED IN RELATION TO THE CHARACTERISTICS OF THE INDIVIDUAL CASE. - EVALUATE THE QUALITY AND COMPLETENESS OF THE RESULTS PROVIDED BY EACH OF THE DIGITAL TOOLS COMMONLY USED IN FORENSIC INVESTIGATION AND DECIDE WHETHER TO INVESTIGATE MANUALLY. COMMUNICATION STUDENTS WILL BE ABLE TO DRAFT A FORENSIC ANALYSIS REPORT. LEARNING SKILLS STUDENTS WILL BE ABLE TO CONTINUOUSLY UPDATE THEIR KNOWLEDGE BY CONSULTING THE DOCUMENTATION OF THE INVESTIGATION TOOLS AND CHECKING THEIR CORRECT FUNCTIONING.

THE COURSE INTRODUCES STUDENTS TO THE FOUNDATIONS OF DIGITAL FORENSICS.

KNOWLEDGE AND UNDERSTANDING
STUDENTS WILL:
•BE AWARE OF THE IMPORTANCE OF DIGITAL FORENSICS
•BE AWARE OF THE RELATIONSHIPS BETWEEN IT AND FORENSICS
•KNOWLEDGE OF THE BEST PRACTICES TO INCIDENT RESPONSE
•KNOWLEDGE OF THE MAIN TOOLS AND TECHNIQUES FOR FORENSIC INVESTIGATION

APPLYING KNOWLEDGE AND UNDERSTANDING
STUDENTS WILL BE ABLE TO APPLY THE KNOWLEDGE OF TOOLS AND TECHNIQUES FOR CONDUCTING FORENSIC INVESTIGATIONS.

MAKING JUDGEMENTS
STUDENTS WILL BE ABLE TO:
- CALIBRATE THE CHOICE OF DIGITAL TOOLS TO BE USED IN RELATION TO THE CHARACTERISTICS OF THE INDIVIDUAL CASE.
- EVALUATE THE QUALITY AND COMPLETENESS OF THE RESULTS PROVIDED BY EACH OF THE DIGITAL TOOLS COMMONLY USED IN FORENSIC INVESTIGATION AND DECIDE WHETHER TO INVESTIGATE MANUALLY.

COMMUNICATION
STUDENTS WILL BE ABLE TO DRAFT A FORENSIC ANALYSIS REPORT.

LEARNING SKILLS
STUDENTS WILL BE ABLE TO CONTINUOUSLY UPDATE THEIR KNOWLEDGE BY CONSULTING THE DOCUMENTATION OF THE INVESTIGATION TOOLS AND CHECKING THEIR CORRECT FUNCTIONING.

	Prerequisites
	THE COURSE REQUIRES A BASIC KNOWLEDGE OF OPERATING SYSTEMS, COMPUTER NETWORKS AND IT SECURITY FUNDAMENTALS

	Contents
	THE COURSE INCLUDES HOURS OF INSTRUCTION ORGANISED IN LECTURES AND PRACTICE. TOPICS: - INTRODUCTION AND COURSE OVERVIEW (2 H) - THE PHASES OF INVESTIGATION (2 H) - BASIC DIGITAL FORENSIC TOOLS (2 H) - METHOLOLOGIES FOR FORENSIC DATA ACQUISITION (4 H) - FILE AND DATA RETRIEVING (5 H) - FORENSICS ANALYSIS OF RAM MEMORY (5 H) - BASICS ON FILE FORENSIC ANALYSIS (1 H) - CONSTRUCTING A SYPER TIMELINE AND EXAMPLES (4 H) - FORENSIC ANALYSIS OF MICROSOFT WINDOWS® ARTIFACTS (6 H) - NETWORK TRAFFIC ACQUISITION AND FORENSIC ANALYSIS (3 H) - BASICS ABOUT ANTI-FORENSIC ANALISIS (2 H) LAB TOPICS: - USE OF DIGITAL FORENSICS TOOLS FOR ACQUISITION AND / OR RECOVERY OF INFORMATION IN MEMORY / DISK (4 H) - FORENSIC ANALYSIS OF NETWORK TRAFFIC (4 H) - DRAFTING OF A FORENSIC ANALYSIS REPORT (4 H)

Contents

THE COURSE INCLUDES HOURS OF INSTRUCTION ORGANISED IN LECTURES AND PRACTICE.
TOPICS:
- INTRODUCTION AND COURSE OVERVIEW (2 H)
- THE PHASES OF INVESTIGATION (2 H)
- BASIC DIGITAL FORENSIC TOOLS (2 H)
- METHOLOLOGIES FOR FORENSIC DATA ACQUISITION (4 H)
- FILE AND DATA RETRIEVING (5 H)
- FORENSICS ANALYSIS OF RAM MEMORY (5 H)
- BASICS ON FILE FORENSIC ANALYSIS (1 H)
- CONSTRUCTING A SYPER TIMELINE AND EXAMPLES (4 H)
- FORENSIC ANALYSIS OF MICROSOFT WINDOWS® ARTIFACTS (6 H)
- NETWORK TRAFFIC ACQUISITION AND FORENSIC ANALYSIS (3 H)
- BASICS ABOUT ANTI-FORENSIC ANALISIS (2 H)

LAB TOPICS:
- USE OF DIGITAL FORENSICS TOOLS FOR ACQUISITION AND / OR RECOVERY OF INFORMATION IN MEMORY / DISK (4 H)
- FORENSIC ANALYSIS OF NETWORK TRAFFIC (4 H)
- DRAFTING OF A FORENSIC ANALYSIS REPORT (4 H)

	Teaching Methods
	TEACHING ACTIVITIES WILL BE DIVIDED INTO: - LESSONS, WITH THE AID OF SLIDE AND / OR MULTIMEDIA MATERIAL (36/38 H) - LAB ACTIVITIES (4/6 H) - SEMINARS (4/6 H) FOR A TOTAL OF 48 HOURS AND 6 ECTS.

	Verification of learning
	THE ASSESSMENT WILL BE CARRIED OUT THROUGH AN ORAL INTERVIEW, FOR EACH STUDENT, AND WILL CONCERN ALL THE TOPICS OF THE COURSE OR WILL CONCERN THE PRESENTATION AND DISCUSSION OF AN ASSIGNED PROJECT ACTIVITY. STUDENTS WILL BE ASSESSED IN THIRTY (AND, WHERE APPROPRIATE, WITH HONOURS)

	Texts
	DIGITAL FORENSICS WITH KALI LINUX - PERFORM DATA ACQUISITION, DIGITAL INVESTIGATION, AND THREAT ANALYSIS USING KALI LINUX TOOLS, SHIVA V.N. PARASRAM, PACKT PUBLISHING - PRACTICAL WINDOWS FORENSICS, AYMAN SHAABAN, KONSTANTIN SAPRONOV, PACKT PUBLISHING, 2016 - DIGITAL FORENSICS, ANDRÉ ÅRNES (EDITOR), WILEY, 2017 - PRACTICAL DIGITAL FORENSICS, RICHARD BODDINGTON, PACKT PUBLISHING, 2016 - GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS (6° EDIZIONE), COURSE TECHNOLOGY PTR, 2018

Texts

DIGITAL FORENSICS WITH KALI LINUX - PERFORM DATA ACQUISITION, DIGITAL INVESTIGATION, AND THREAT ANALYSIS USING KALI LINUX TOOLS, SHIVA V.N. PARASRAM, PACKT PUBLISHING
- PRACTICAL WINDOWS FORENSICS, AYMAN SHAABAN, KONSTANTIN SAPRONOV, PACKT PUBLISHING, 2016
- DIGITAL FORENSICS, ANDRÉ ÅRNES (EDITOR), WILEY, 2017
- PRACTICAL DIGITAL FORENSICS, RICHARD BODDINGTON, PACKT PUBLISHING, 2016
- GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS (6° EDIZIONE), COURSE TECHNOLOGY PTR, 2018

Lessons Timetable

BETA VERSION Data source ESSE3 [Ultima Sincronizzazione: 2025-03-26]

Ugo FIORE | DIGITAL FORENSICS

DIGITAL FORENSICS

CURRICULUM CYBERSECURITY

TEACHING UNITS

PROFESSORS

EXAMS

SHEET

-

Ugo FIORE | DIGITAL FORENSICS