DFA

Digital Forensics Analysis

Objectives

Digital forensics is dedicated to the collection, identification, preservation, documentation, analysis and presentation of digital evidence from computers, data networks and other electronic devices. The digital forensics field can be divided into computer forensics, data networks forensics and mobile forensics. After completing this Curricular Unit, the student should be able to:

Identify the different types of forensic digital evidence.
Know the terminology, techniques and processes of digital forensic investigation, as well as the limitations of current techniques.
Collect digital evidence on storage media using appropriate and accepted investigative tools and techniques.
Understand the scientific method and the need for its use in digital forensic investigation.
Produce and interpret forensic analysis reports effectively.

Program

Introduction to digital forensic investigation: scientific method; privacy and ethics; technical concepts including volatility order
Obtaining evidence: first intervention procedures and equipment seizure; sources of evidence (storage media and hidden areas, data networks, live and mobile); storage media (including write blockers, integrity copy, collisions, and digital signatures)
Analysis of forensic images with Autopsy: unallocated and slack space in disks; files and metadata; search patterns; file extension mismatch; web browsing; E-mail clients; Windows OS artefacts
Documentation and report: digital forensics limitations (hidden information; evidence removal; records tampering); construction and interpretation of digital forensic reports; study cases

Bibliography

G. Gogolin. Digital forensics explained. CRC Press, 2021.
A. Årnes (Ed.). Digital forensics. John Wiley & Sons, 2017.
J. Sammons. The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics. 2nd edition. Amsterdam; Boston: Syngress, 2014.
J. Kävrestad. Fundamentals of Digital Forensics. Springer International Publishing, 2020.