026DIFOM3

Digital forensics and incident management

Digital forensics is the practice of collecting, analyzing and reporting on digital data and events in a way that is legally admissible. It can be used in the detection and prevention of digital and cyber-crime and in any dispute where evidence is stored digitally. Digital forensics is simply the application of computer investigation and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crime or misuse, including but not limited to hacking, theft of trade secrets, theft of or destruction of intellectual property, and fraud. The course objective is to introduce: • The process of investigating cyber-crime, laws involved, and the details in seizing digital evidence • The different types of digital evidence, rules of evidence, digital evidence examination process, and electronic crime and digital evidence consideration by crime category • The roles of first responder, first responder toolkit, securing and evaluating electronic crime scene, conducting preliminary interviews, documenting electronic crime scene, collecting and preserving electronic evidence, packaging and transporting electronic evidence, reporting the crime scene • The process of investigating cyber and digital incidents such as hacking, e-fraud, data leakage, or evidences stored on digital media or devices • Log capturing techniques, log management, time synchronization, log capturing tools and SIEM solutions


Temps présentiel : 20 heures


Charge de travail étudiant : 30 heures


Méthode(s) d'évaluation : Examen final

Ce cours est proposé dans les diplômes suivants
 Master en systèmes et réseaux - option : sécurité de l'information