Course

Syllabus

Locard’s exchange principle, code of ethics, digital forensic process models- Framework for digital forensic evidence collection with Chain of Custody (CoC), standard evidence collection procedures (SOP), Autopsy, Device/SSD forensics, File carving with fundamentals of host forensics for windows artifacts, registry and system log monitoring with auditing mechanisms. File system handling – reconstruction of files and directory structures on the FAT and NTFS timestamps, Password Cracking. Fundamentals of host forensics for UNIX derivatives – Linux operating system forensics, epoch formats and audit mechanisms, Mac forensics, Forensic analysis of database systems, and identifying database tampering. Slack and swap space forensics, Android and iOS forensics, memory, volatility and network forensics, wireless forensics, anti-forensics, steganography, email investigation, social media forensics, Cloud Forensics, Overwriting/Forging/Wiping/Destruction, IVR, DVR, NIST tools (CFReDS, CFTT, and NSLR). 

Self-study: OSINT, Online Anonymity and Rootkits, Financial Frauds, Espionage and Investigations, investigating copiers, AI-assisted trends in cyber forensics 

Prerequisites:

24CY602 Network Security 

Course Outcome

CO-PO Mapping

1. an Carrier, File System Forensic Analysis , Pearson, 2006. 
2. Nina Godbole, Sunit Belapure, Cyber security: understanding cybercrimes, computer forensics and legal perspectives, Wiley, 2011 
3. E. Casey, Handbook of Digital Forensics and Investigation , Academic Press, 2010. 
4. Marjie T. Britz, Computer Forensics and Cyber Crime , Pearson, 2012. 
5. David Cowen, Computer Forensics: A Beginners Guide , Mc Graw Hill Education, 2013. 
6. Bill Nelson, Amelia Phillips, Christopher Steuart, Guide to Computer Forensics and Investigations , 4th Edition, 2014.