In this course, students will learn the principles and techniques for digital forensics investigation and the spectrum of available forensics tools. They will learn about core forensic procedures to ensure court admissibility of evidence, as well as the legal and ethical implications. They will see how to perform a forensic investigation on both Unix/Linux and Windows operating systems with different file systems and be guided through forensic procedures and review and analyze forensics reports. The main objective of this course is to provide a practical study of digital forensics principles and techniques with emphasis on the forensics procedures and tools on both Unix and Windows systems from different aspects such as network, memory, image, and logs along with reviewing and analyzing the forensics reports.


Language: The class is taught in English.
Assistant: Select one student to manage, handle and collect the assignments, projects, and Lab activities.
MidTerm Examination: Written examination, (10%)
Final Examination: Written examination, (50%)
Courseworks: First coursework is compulsory + select one from number 2 or 3, (40%)
Coursework 1: 5 Courseworks (individual) (15% = 5 + 3%)
Coursework 2: A project by JAVA or Python (Group based) + Presentation, (25%=20% + 5%)