Učni načrt predmeta

Predmet:
Digitalna forenzika
Course:
Digital Forensics
Študijski program in stopnja /
Study programme and level		 Študijska smer /
Study field		 Letnik /
Academic year		 Semester /
Semester
Informacijske in komunikacijske Napredne internetne tehnolog ije 1 2
Information and Communication Advanced Internet Technologi es 1 2
Vrsta predmeta / Course type
Izbirni
Univerzitetna koda predmeta / University course code:
IKT2-660
Predavanja
Lectures		 Seminar
Seminar		 Vaje
Tutorial		 Klinične vaje
work		 Druge oblike
študija		 Samost. delo
Individ. work		 ECTS
15 15 15 105 5

*Navedena porazdelitev ur velja, če je vpisanih vsaj 15 študentov. Drugače se obseg izvedbe kontaktnih ur sorazmerno zmanjša in prenese v samostojno delo. / This distribution of hours is valid if at least 15 students are enrolled. Otherwise the contact hours are linearly reduced and transfered to individual work.

Nosilec predmeta / Course leader:
doc. dr. Tomaž Klobučar
Sodelavci / Lecturers:
Jeziki / Languages:
Predavanja / Lectures:
slovenščina, angleščina / Slovenian, English
Vaje / Tutorial:
Pogoji za vključitev v delo oz. za opravljanje študijskih obveznosti:
Prerequisites:

Zaključen študijski program prve stopnje s področja naravoslovja, tehnike ali računalništva.

Student must complete first-cycle study programmes in natural sciences, technical disciplines or computer science.

Vsebina:
Content (Syllabus outline):

Uvod:
definicija osnovnih pojmov, tehnologija, zakonodaja, norme, trg; informacijski sistemi, varnost, kriminaliteta, protiukrepi, forenzika

Računalniška kriminaliteta:
narava in vrste računalniškega kriminala, motivacija kriminalnih dejanj; internetni kriminal, tehnološka umestitev in pregled, mrežni napadi in napadi na gostitelje, škodoželjno in vohunsko programje, zanikanje storitve, porazdeljeni napadi, piratstvo, zloraba zasebnosti, socialni inženiring, tehnološko vohunjenje, avtorske pravice, rasizem in ksenofobija; tehnološki protiukrepi

Zakonodajni vidiki računalniške kriminalitete:
pravne in izvršilne podlage, Evropska unija, ZDA; slovenska zakonodaja, primerjave z drugimi zakonodajami; praksa pravnih in izvršilnih vidikov v Sloveniji in tujini, povezovanje mednarodnih in nacionalnih institucij; varnostne politike in njihovo izvrševanje v podjetjih ter ustanovah

Digitalna forenzika:
dokaz v digitalni obliki, digitalna forenzika in operacijski sistemi, pomnilniške naprave, prenosni sistemi, aplikacije in mrežni sistemi; načela digitalne forenzike; metodologije digitalne forenzike

Osnovna orodja digitalne forenzike:
laboratorij za digitalno forenziko; osnovna komercialna in odprtokodna orodja

Praktični primeri uporabe orodij digitalne forenzike:
primeri uporabe orodij, npr. X-WAYS in SleuthKit

Introduction:
definition of basic concepts, technology, legislation, norms, market; information systems, security, computer crime, countermeasures, digital forensic

Computer crime:
nature and classification of computer crime, motivation for crime; computer crime, technological overview, network and host attacks, malicious software, denial of service, software piracy, intellectual property, privacy abuse, social engineering, corporate espionage, racism, xenophobia; technological countermeasures

Computer crime and legalization:
basic legalization documents and conventions, European Union, United states; Slovenian legislation compared to other legislations, legislation practice, national and international institutions cooperation, Corporate security policies

Digital forensics: ,
digital evidence, digital forensics methodologies, technology and legalization interrelations; digital forensic and operating systems, storage, mobile systems, applications and networked systems

Basic digital forensics tools:
digital forensic laboratory; basic commercial and open source forensic tools

Practical examples of digital forensics tools: examples of tool usage, e.g. X-WAYS and SleuthKit

Temeljna literatura in viri / Readings:

Izbrana poglavja iz naslednjih knjig: / Selected chapters from the following books:
- J. Kävrestad, Fundamentals of Digital Forensics, Theory, Methods, and Real-Life Applications, Springer, 2020, ISBN 978-3-030-38953-6
- S. Davidoff and J. Ham, Network Forensics: tracking hackers through cyberspace. Prentice Hall, 2012, ISBN-13: 978-0132564717
- R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition. Wiley Computer Publishing, 2008, ISBN 978-0470068526

Cilji in kompetence:
Objectives and competences:

Digitalna forenzika je znanost in umetnost zagotavljanja dokazov v digitalni obliki z zakonsko sprejemljivimi postopki in uporabo orodij digitalne forenzike, ki omogočajo preiskovalcu fizično in logično rekonstrukcijo kazensko odgovornih dejanj. V informacijski dobi je digitalna forenzika vedno pomembnejša zaradi široke uporabe informacijskih tehnologij tako v poslovnem svetu kakor tudi v zasebnem življenju.

Osnovni namen predmeta je posredovati študentom teoretična in praktična znanja s področja digitalne forenzike. Predstavljene bodo različne oblike računalniškega kriminala in motivi za kriminalna dejanja. Predstavljeni bodo predlagani in uveljavljeni postopki digitalne forenzike za zagotavljanje dokaza v digitalni obliki. Postopki bodo obravnavani z vidika trenutno veljavne nacionalne ter svetovne zakonodaje in prakse. V okviru predmeta bomo predstavili in praktično preskusili vrsto orodij digitalne forenzike.

Pridobljeno znanje bo omogočilo študentom nadaljnje raziskave in razvoj na področju digitalne forenzike, za katere pričakujemo, da se bodo začele že v okviru individualnega dela v okviru predmeta.

Digitalforensics is science and art of gathering chains of digital evidence through legally compliant procedures with usage of various forensic tools that enable the investigator to reconstruct criminally liable actions at the physical and logical levels. In the information age the digital forensics has increasingly important role with widespread usage of digital technologies both in business processes and private life.

The main objective of the course is to provide the students theoretical and practical knowledge in digital forensics. For this purpose the students will be introduced to various forms of computer crime and motivations of criminal activity. Current aspects of national and world wide legislation and practice will be discussed and related to digital forensics methodologies proposed and used for digital evidence provisioning. In the course a number of digital forensic tools will be presented and practically tested.

Gained knowledge will enable the students to continue research and development in the field, which is expected to be carried out already through individual work in the course.

Predvideni študijski rezultati:
Intendeded learning outcomes:

Študent, ki bo uspešno končal ta predmet, bo pridobil:
- Sposobnost analize, sinteze in predvidevanja rešitev ter posledic
- Obvladanje raziskovalnih metod, postopkov in procesov, razvoj kritične in samokritične presoje
- Sposobnost uporabe znanja v praksi
- Avtonomnost v strokovnem delu
- Razvoj komunikacijskih sposobnosti in spretnosti, posebej komunikacije v mednarodnem okolju
- Etična refleksija in zavezanost profesionalni etiki
- Kooperativnost, delo v skupini (in v mednarodnem okolju)

Predmet pripravlja študente, da bodo sposobni:
- razumeti in oceniti grožnje računalniškega kriminala,
- poznati in razumeti možnosti preprečevanja računalniške kriminalitete,
- razumeti postopke in metodologije zagotavljanje dokaza v elektronski obliki,
- izbrati in uporabljati orodja digitalne forenzike

Student who completes this course successfully will acquire:
- An ability to analyse, synthesise and anticipate solutions and consequences
- To gain the mastery over research methods, procedures and processes, a development of the critical judgement
- An ability to apply the theory in to a practice
- An autonomy in the professional work
- Communicational-skills development; particularly in international environment
- Ethical reflection and obligation to a professional ethics
- Cooperativity, team work (in international environment)

This course prepares students to be able to:
- Understand and evaluate computer crime threats
- Comprehend computer crime countermeasures
- Understand digital forensic procedures and methodologies for a digital evidence provisioning
- Select and use digital forensic tools

Metode poučevanja in učenja:
Learning and teaching methods:

Predavanja, seminar, konzultacije, individualno delo

Lectures, seminar, consultations, individual work

Načini ocenjevanja:
Delež v % / Weight in %
Assesment:
Seminarska naloga
25 %
Seminar work
Ustni zagovor seminarske naloge
25 %
Oral defense of seminar work
Ustni ali pisni izpit
50 %
Oral or written exam
Reference nosilca / Lecturer's references:
1. B. Jerman-Blažič, T. Klobučar, "Removing the barriers in cross-border crime investigation by gathering e-evidence in an interconnected society", Information & communications technology law. 2020, vol. 29, no. 1, pp. 66-81. ISSN 1360-0834.
2. B. Jerman-Blažič, T. Klobučar, "Investigating crime in an interconnected society: will the new and updated EU judicial environment remove the barriers to justice?"," International review of law computers & technology. 2020, vol. 34, no. 1, str. 87-107.
3. B. Jerman-Blažič, T. Klobučar, "A new legal framework for cross-border data collection in crime investigation amongst selected European countries", International journal of cyber criminology, 2019, vol. 13, no. 2, pp. 270-289, ISSN 0974-2891.
4. B. Jerman-Blažič, T. Klobučar, "Advancement in cybercrime investigation: the new European legal instruments for collecting cross-border E-evidence", v: A. Rocha (ur.), C. Ferras (ur.), M. Paredes (ur.). Information Technology Systems: proceedings of of ICITS 2019. Cham: Springer, 2019. Vol. 918, str. 858-867.
5. R. Kaur, D. Gabrijelčič, T. Klobučar, "Artificial intelligence for cybersecurity: literature review and future research directions", Information fusion. [Online ed.]. Sep. 2023, vol. 97, [article no.] 101804, str. 1-29.