Dr. K.P. Chow
Mr. Raymond C.B. Chan
Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil proceedings. Digital forensics may also use in the private sector, such as internal corporate investigations or intrusion investigation.
The technical aspect of digital forensics and investigation is divided into several areas, relating to the type of digital devices involved, namely computer forensics, network forensics, forensic data analysis and mobile device forensics. The typical forensic process includes the seizure, forensic imaging (acquisition) and analysis of digital media and the production of a report.
| Course Learning Outcomes | Relevant Programme Learning Outcomes |
| CLO1. Able to master the basic techniques being used in today’s crime where computer or digital devices are being used. | PLO.6, 7, 8, 9, 10, 11, 12, 13 |
| CLO2. Able to master the key technologies about digital investigation and be able to contrast similar technologies. | PLO.3, 6, 7, 8, 9, 10, 11, 12, 13 |
| CLO3. Able to master the key technologies about digital forensics and be able to contrast similar technologies. | PLO.4, 5, 6, 7, 8, 9, 10, 11, 12 |
| View Programme Learning Outcomes | |
| Course Content | No. of Hours | Course Learning Outcomes |
| 1. Introduction to computer crime and digital evidence | 6 | CLO1 |
| 2. Digital investigation | 6 | CLO2 |
| 3. Computer and file systems forensics | 9 | CLO3 |
| 4. Network and applications forensics | 9 | CLO3 |
| Description | Type | Weighting * | Examination Period ^ | Course Learning Outcomes |
| Labs | Continuous Assessment | 20% | - | CLO2 |
| Homework | Continuous Assessment | 30% | - | CLO3 |
| Written exam covers all taught content in the course. | Written Examination | 50% | August 13 to 18, 2018 | CLO1 |
|
* The weighting of coursework and
examination marks is subject to approval ^ The exact examination date uses to be released when all enrolments are confirmed after add/drop period by the Examinations Office. Students must oblige to the examination schedule. Students should NOT enrol in the course if they are not certain that they will be in Hong Kong during the examination period. Absent from examination may result in failure in the course. There is no supplementary examination for all MSc curriculums in the Faculty of Engineering. For reference:
|
||||
- E. Casey, Digital Evidence and Computer Crime, Third Edition: Forensic Science, Computers, and the Internet
- S. Davidoff and J. Ham, Network Forensics: Tracking Hackers through Cyberspace
- C. Altheide, H. Carvey, Digital Forensics with Open Source Tools
| Date | Time | Venue | Remark | |
| Session 1 | 3 Jul 2018 (Tue) | 7:00pm - 10:00pm | CB-C | |
| Session 2 | 6 Jul 2018 (Fri) | 7:00pm - 10:00pm | CB-C | |
| Session 3 | 10 Jul 2018 (Tue) | 7:00pm - 10:00pm | CB-C | |
| Session 4 | 13 Jul 2018 (Fri) | 7:00pm - 10:00pm | CB-C | |
| Session 5 | 20 Jul 2018 (Fri) | 7:00pm - 10:00pm | CB-C | |
| Session 6 | 24 Jul 2018 (Tue) | 7:00pm - 10:00pm | CB-C | |
| Session 7 | 27 Jul 2018 (Fri) | 7:00pm - 10:00pm | CB-C | |
| Session 8 | 31 Jul 2018 (Tue) | 7:00pm - 10:00pm | CB-C | |
| Session 9 | 1 Aug 2018 (Wed) | 7:00pm - 10:00pm | CB-C | |
| Session 10 | 3 Aug 2018 (Fri) | 7:00pm - 10:00pm | CB-C | |
| CB - Chow Yei Ching Building | ||||
-
HKU Moodle:
http://moodle.hku.hk/course/view.php?id=58135
(Login using your HKU Portal UID and PIN)
- Please note that the instructor maintains and controls when to release the Moodle teaching website to students.
- Enrolled students should visit the Moodle teaching website regularly for latest announcements, course materials, assignment submission, discussion forum, etc.