Digital Expertise

Major: Cyber Security
Code of subject: 8.125.00.M.29
Credits: 3.00
Department: Information Technology Security
Lecturer: Associate Professor, Candidate of Physical and Mathematical Sciences Voitusik S.S.
Semester: 3 семестр
Mode of study: денна
Learning outcomes: As a result of studying the discipline, the specialist should know: - methods and means of conducting digital expertise and investigations; - principles for building a model of digital investigation based on the concept of digital evidence; - the rights and responsibilities of experts; - the legal basis of digital expertise. The trained specialist should be able to: - build models of the digital investigation process; - to conduct professional interpretation of episodes of investigation; - reconstruct episodes with digital evidence; - apply scientific methods in conducting digital investigations.
Required prior and related subjects: Operating Systems. Network operating systems. Web programming. File systems. Windows. Unix. Macintosh. Internet vulnerabilities.
Summary of the subject: The basics of digital investigation and expertise. History of digital investigations. Digital proof. Principles of digital expertise. The problematic aspects of digital evidence. Digital evidence in the courtroom. Duties of experts. Levels of certainty in digital expertise. Direct and indirect evidence. Scientific proof. Presentation of digital evidence. Cybercrime from the point of view of law in the United States of America, the European Union, Ukraine. Digital Investigations. Conducting a digital investigation. Models of the digital investigation process. Application of scientific method in digital investigation. Security breach. Digital Investigations. Conducting a digital investigation. Treatment of a digital crime episode. Existing guides for the treatment of episodes of digital crime. Preparing for the treatment of a digital crime episode. An episode of a digital crime scene. Saving an episode of a digital crime. Reconstruction of an episode with digital evidence. The ambiguity of expert analysis. Victimology. Characteristics of a criminal episode. Threshold estimation. Computer intrusions. Purposes. Basic methods. Classic tactics. Digital proof as an alibi. Time as an alibi. Location as an alibi. Sexual offenses on the Internet. Cyber pursuit.
Assessment methods and criteria: Ongoing controls assess the performance of the practical training 30 points. The control measure of 70 points - a semester credit, is carried out in written-oral form. The credit for the oral examination is made by the student fixing the questions and assessing the answers on the examination sheet.
Recommended books: 1. Eoghan Casey; with contributions from Susan W. Brenner ... [et al.]. - 3rd ed. Digital Evidence and Computer Crime. Forensic Science, Computers and the Internet. 2011. P. 807. Published by Elsevier Inc. 2. B. Carrie. Forensic analysis of file systems. - St. Petersburg: Peter. 2007. 480 p.