Digital Forensics, Chain of Custody and eDiscovery

Learn forensic techniques to analyse and preserve digital evidence with integrity.

Key Details

This module is delivered in hybrid format, as a combination of online, in-person and self-learning activities. The module uses innovative hybrid learning methods that combine live (synchronous) and self-paced (asynchronous) activities, with particular focus on practical activities and real-world scenarios connected to cybersecurity. Expert tutors guide students through the material, ensuring a comprehensive learning experience.

This module aims to equip participants with a comprehensive understanding of digital forensic principles, models, and best practices, emphasizing the importance of evidence handling, documentation, and legal-ethical obligations. Toward this goal the module employs periodic quizzes, in-class participation and assignments.

Time commitment:

• Online activities: 7 hours
• In-person activities: 7 hours
• Self-learning: 28 hours
• Individual, team and guided projects and activities: 58 hours
• Total: 100 hours

Credit points: 4 ECTS

Grading:

• Lecture quizzes: 10%
• Seminar work: 10%
• Assignments: 30%
• Exam: 50% (scenario essay, practical exam)

Apply now

Subjects covered

Introduction

Digital forensics models and methodologies

Digital Evidence

Forensic Tools

Windows Forensics

Network Forensics

Mobile Device Forensics

Linux Forensics

Introduction to Electronic Discovery & Enterprise Search

Electronic Discovery Reference Model

Electronic Discovery Processes

Revision, catch-up and formative feedback

Apply now

Learning objectives

Apply best practices and standards to identify, acquire, and preserve digital evidence ensuring integrity and admissibility.

Utilize forensic tools such as drive imaging, password cracking, and log analysis tools to support investigation activities across different environments (Windows, Linux, mobile, network).

Conduct digital investigations by analyzing data structures, registry information, and network traces, interpreting encryption mechanisms, and recovering deleted files.

Develop detailed forensic reports, including findings, affidavits, and letters of report, aligned with legal and procedural requirements.

Implement eDiscovery workflows involving search, keyword matching, deduplication, TAR, and metadata management within eDiscovery platforms like Microsoft Purview or Google Vault.

Apply now

Module leaders

Răzvan is an Associate Professor at POLITEHNICA Bucharest, the Computer Science and Engineering Department. He is primarily interested in operating systems and security, with a penchant for teaching and mentoring.

Răzvan is leading community activities in POLITEHNICA, centered around cybersecurity and open source. He has led the Security Summer School, a yearly 5-week summer school that has been running for 12 years and has generated over 500 graduates in cybersecurity. He is involved in mentoring students in cybersecurity topics and organizing and supporting local and national CTF contents. On the open source side, Răzvan is lead the ROSEdu (Romanian Open Source Education) association, organizing extracurricular classes and projects dealing with open source and by supporting students to take part in Google Summer of Code.

Răzvan’s research focus is on systems and software security, particularly Apple iOS security, cyber-reasoning systems and the Unikraft unikernel in recent years.

Apply now