top of page

Cyber Forensics

Course Code:


Course Credits:





Semester 6 (Elective 3)

About the Course:

Cyber Forensics course provides a deep understanding of the techniques to gather, protect and report the digital confirmations.

Course Objectives:

  • The Cyber Security issues, the Digital Forensics process and the Hard disk structure.

  • The process of Data Acquisition and the structure of FAT and NTFS file system on Windows operating system.

  • The Structure of Linux File system (EXT3/EXT4) and the file carving process.

  • The Android Mobile device forensics and Multimedia Steganography procedures.

  • The procedure for Email Forensics Analysis and Final report writing as per the court of law.

Course Outcomes:

At the end of this course, the student will be able to:

  • Understand the phases in Forensic Investigation process and make out the internal structure of HDD and booting process.

  • Use SleuthKit Library and Make an image of the Evidence with various open source tools and gain knowledge on FAT and NTFS file systems.

  • Analyse the Unix/Linux File systems with exercises and do file carving using open source tools.

  • Perform the Mobile device forensics and do Steganalysis for Multimedia forensics.

  • Do Email forensics and know how to write a good report to be submitted to the court of law.

Course Content:

Unit 1:

Introduction to Forensic Process - 10 Hours

Introduction to computer forensics, Forensics Investigation Process, Forensic Protocol for Evidence Acquisition, Digital Evidences, Types of computer forensics, Challenges in computer forensics, Understanding the Hard disks and File systems-HDD, SSD, Physical structure and Logical Structure of Hard Disk, Tracks, Sector, Cluster, Disk Partitions and Boot process, Open source tools.

Unit 2:

Data Acquisition and Windows File system Forensic Analysis - 12 Hours

Building a Forensics Work station with The Sleuth Kit, Case Study-Data Acquisition – Imaging using Access Data FTK Imager and Encase, Recovering files from the images using Encase, Examining FAT File system, Examining NTFS File system, Case study - NTFS Timestamp Analysis, Autopsy Tool Hands-on.

Unit 3:

Linux File system Analysis andFile Carving - 10 Hours

Unix/Linux file systems (Ext2/Ext3), Unix/Linux Forensic Investigation: Unix/Linux forensics, investigation steps and technologies, Case Study: Memory Acquisition of Linux System using LiME , Principles of file carving, Header/Footer carving, Bitfragment Gap carving, Case Study- Image File Foremost File Carving tool.

Unit 4:

Android Mobile device Forensics and Multimedia Forensics - 12 Hours

Mobile Device Forensic Investigation, Storage Location, Acquisition Methods, Data Analysis of Facebook, Whatsapp, Case study using Android Virtual Device, Steganography Techniques and Tools, Steganalysis Techniques and Tools, Case study-Steganalysis using OpenStego, Anti Forensics Practices-Data Wiping and Shredding, Trail Obfuscation, Encryption, Data Hiding, Case Study-Anti forensic detection using Stegdetect.

Unit 5:

Email Forensics and Investigative reports and Legal Acceptance - 12 Hours

Email Forensics, Recovering emails, Email Header Analysis, Case Study-e-Discovery from Enron Corpus, reparation work for report Writing, Structure of the report, Characteristics of a good report, Document design and good writing practices, Legal Acceptance, Case Study – Legal Acceptance in Autopsy tool, Incident Response process.


1: “Introductory Computer Forensics-A Hands-on practical Approach”, by Xiaodong Lin, Springer, 2018.

2: “Practical Cyber Forensics- An Incident-Based Approach to Forensic Investigations”, by Niranjan Reddy, A Press, 2019

Refrence Books:

1: “Digital Forensics Workbook_-Hands-on  Activities in Digital Forensics”, by Michael K Robinson, CreateSpace Independent Publishing Platform, 2015

Tools & Languages:

Open source tools on Forensics

bottom of page