Student rights and obligations (login required)
Linköping University common rules and regulations (in Swedish)
Digital Forensics and Incident Response, 6 credits
Digital forensik och incidentrespons, 6 hp
TSIT14
Main field of study
Information Technology Computer Science and Engineering Computer ScienceCourse level
Second cycleCourse type
Programme courseExaminer
Jan-Åke LarssonDirector of studies or equivalent
Lasse AlfredssonEducation components
Preliminary scheduled hours: 40 hRecommended self-study hours: 120 h
Available for exchange students
YesECV = Elective / Compulsory / Voluntary
| Course offered for | Semester | Period | Timetable module | Language | Campus | ECV | |
|---|---|---|---|---|---|---|---|
| 6CDDD | Computer Science and Engineering, Master of Science in Engineering | 9 (Autumn 2025) | 1 | 3 | English | Linköping, Valla | E |
| 6CDDD | Computer Science and Engineering, Master of Science in Engineering (Secure Systems) | 9 (Autumn 2025) | 1 | 3 | English | Linköping, Valla | E |
| 6CMJU | Computer Science and Software Engineering, Master of Science in Engineering | 9 (Autumn 2025) | 1 | 3 | English | Linköping, Valla | E |
| 6CMJU | Computer Science and Software Engineering, Master of Science in Engineering (Secure Systems) | 9 (Autumn 2025) | 1 | 3 | English | Linköping, Valla | E |
| 6MCYS | Cybersecurity, Master's Programme | 3 (Autumn 2025) | 1 | 3 | English | Linköping, Valla | C |
| 6CITE | Information Technology, Master of Science in Engineering | 9 (Autumn 2025) | 1 | 3 | English | Linköping, Valla | E |
| 6CITE | Information Technology, Master of Science in Engineering (Secure Systems) | 9 (Autumn 2025) | 1 | 3 | English | Linköping, Valla | E |
Main field of study
Information Technology, Computer Science and Engineering, Computer ScienceCourse level
Second cycleAdvancement level
A1FCourse offered for
- Master of Science in Computer Science and Engineering
- Master of Science in Information Technology
- Master of Science in Computer Science and Software Engineering
- Master's Programme in Cybersecurity
Prerequisites
Computer networks, Ethical hacking
Intended learning outcomes
In the course the basic requirements for and limitations of digital forensics and how to be able to find and secure traces in digital systems, and evaluate digital evidenceis is taught.
After completing the course, the student must be able to:
- Define basic concepts and principles for digital forensics.
- Summarize, choose and use efficient methods to find and secure traces in digital systems.
- Describe principles, challenges, methods, and tools for handling cyber security incidents.
- Investigate the sequence of events in cyber security incidents from traces in digital systems.
- Present and evaluate digital evidence.
- Summarize relevant laws and how they influence choice of method and forensic argumentation in example cases.
- Exemplify the impact of digital forensics for a sustainable society in the sense of social and economic resilience against internal and external threats.
Course content
During the course the following subjects will be included:
- Network forensics
- Incident response
- Digital forensics on hardware
- Mobile forensics
- Memory forensics
- Forensics on image and video
- Log management, preserving evidence
- Particulars of SCADA environments and critical infrastructure
- Theoretical models
- Advanced and narrow topics, e.g., adversary simulation
- Laws and use of digital forensic material as evidence
Teaching and working methods
The course consists of lectures and a series of laborations
Examination
| LAB1 | Laboratory work | 4 credits | U, G |
| TEN1 | Written examination | 2 credits | U, 3, 4, 5 |
Grades
Four-grade scale, LiU, U, 3, 4, 5Other information
About teaching and examination language
The teaching language is presented in the Overview tab for each course. The examination language relates to the teaching language as follows:
- If teaching language is “Swedish”, the course as a whole could be given in Swedish, or partly in English. Examination language is Swedish, but parts of the examination can be in English.
- If teaching language is “English”, the course as a whole is taught in English. Examination language is English.
- If teaching language is “Swedish/English”, the course as a whole will be taught in English if students without prior knowledge of the Swedish language participate. Examination language is Swedish or English depending on teaching language.
Other
The course is conducted in such a way that there are equal opportunities with regard to sex, transgender identity or expression, ethnicity, religion or other belief, disability, sexual orientation and age.
The planning and implementation of a course should correspond to the course syllabus. The course evaluation should therefore be conducted with the course syllabus as a starting point.
The course is campus-based at the location specified for the course, unless otherwise stated under “Teaching and working methods”. Please note, in a campus-based course occasional remote sessions could be included.
Department
Institutionen för systemteknik| Code | Name | Scope | Grading scale |
|---|---|---|---|
| LAB1 | Laboratory work | 4 credits | U, G |
| TEN1 | Written examination | 2 credits | U, 3, 4, 5 |
There is no course literature available for this course in studieinfo.
Note: The course matrix might contain more information in Swedish.
I = Introduce, U = Teach, A = Utilize
| I | U | A | Modules | Comment | ||
|---|---|---|---|---|---|---|
| 1. DISCIPLINARY KNOWLEDGE AND REASONING | ||||||
| 1.1 Knowledge of underlying mathematics and science (G1X level) |
|
|
|
|||
| 1.2 Fundamental engineering knowledge (G1X level) |
|
|
X
|
LAB1
|
||
| 1.3 Further knowledge, methods, and tools in one or several subjects in engineering or natural science (G2X level) |
|
|
X
|
LAB1
|
||
| 1.4 Advanced knowledge, methods, and tools in one or several subjects in engineering or natural sciences (A1X level) |
|
X
|
X
|
LAB1
|
||
| 1.5 Insight into current research and development work |
X
|
|
|
LAB1
TEN1
|
||
| 2. PERSONAL AND PROFESSIONAL SKILLS AND ATTRIBUTES | ||||||
| 2.1 Analytical reasoning and problem solving |
|
X
|
X
|
LAB1
TEN1
|
||
| 2.2 Experimentation, investigation, and knowledge discovery |
|
|
X
|
LAB1
TEN1
|
||
| 2.3 System thinking |
|
X
|
X
|
LAB1
TEN1
|
||
| 2.4 Attitudes, thought, and learning |
|
X
|
X
|
LAB1
TEN1
|
||
| 2.5 Ethics, equity, and other responsibilities |
|
X
|
X
|
LAB1
TEN1
|
||
| 3. INTERPERSONAL SKILLS: TEAMWORK AND COMMUNICATION | ||||||
| 3.1 Teamwork |
|
|
X
|
LAB1
|
||
| 3.2 Communications |
|
|
X
|
LAB1
|
||
| 3.3 Communication in foreign languages |
|
|
X
|
LAB1
|
||
| 4. CONCEIVING, DESIGNING, IMPLEMENTING AND OPERATING SYSTEMS IN THE ENTERPRISE, SOCIETAL AND ENVIRONMENTAL CONTEXT | ||||||
| 4.1 External, societal, and environmental context |
|
X
|
X
|
LAB1
TEN1
|
||
| 4.2 Enterprise and business context |
|
X
|
|
TEN1
|
||
| 4.3 Conceiving, system engineering and management |
|
X
|
|
TEN1
|
||
| 4.4 Designing |
X
|
|
|
LAB1
TEN1
|
||
| 4.5 Implementing |
X
|
|
|
LAB1
TEN1
|
||
| 4.6 Operating |
|
X
|
X
|
LAB1
|
||
| 5. PLANNING, EXECUTION AND PRESENTATION OF RESEARCH DEVELOPMENT PROJECTS WITH RESPECT TO SCIENTIFIC AND SOCIETAL NEEDS AND REQUIREMENTS | ||||||
| 5.1 Societal conditions, including economic, social, and ecological aspects of sustainable development for knowledge development |
|
|
|
|||
| 5.2 Economic conditions for knowledge development |
|
|
|
|||
| 5.3 Identification of needs, structuring and planning of research or development projects |
|
|
|
|||
| 5.4 Execution of research or development projects |
|
|
|
|||
| 5.5 Presentation and evaluation of research or development projects |
|
|
|
|||
This tab contains public material from the course room in Lisam. The information published here is not legally binding, such material can be found under the other tabs on this page.
There are no files available for this course.