Skip to main content

Syllabus — Digital Forensics and Incident Response

Year I, Part II — MSNCS, IOE Pulchowk, Tribhuvan University. 4 credits.

Chapter 1 — Introduction (12 marks)

  • 1.1 Introduction to digital forensics
  • 1.2 Digital evidence and legal admissibility
  • 1.3 Burden of proof
  • 1.4 Chain of custody of digital evidence
  • 1.5 Provisions related to digital evidence in the Evidence Act of Nepal
  • 1.6 Introduction to Incident Response, phases of incident response
  • 1.7 Reporting
  • 1.8 Common incident response frameworks — NIST, SANS
  • 1.9 Incident response plan, Incident response team

Chapter 2 — Disk and Filesystem Forensics (8 marks)

  • 2.1 Understanding storage devices and filesystem layout
  • 2.2 Forensic imaging and acquisition techniques
  • 2.3 Maintaining the integrity of media under analysis
  • 2.4 Locating and recovering deleted data
  • 2.5 Usage of common tools — Autopsy, SleuthKit, FTK

Chapter 3 — Memory Forensics (8 marks)

  • 3.1 Analysing memory (RAM) contents
  • 3.2 Importance of analysing memory contents in digital forensics
  • 3.3 Memory dump analysis with Volatility and Rekall

Chapter 4 — Network Forensics (6 marks)

  • 4.1 Network traffic capture and analysis with PCAP, Wireshark
  • 4.2 IDS, IPS systems for forensic analysis
  • 4.3 Detecting network attacks and traces and documenting for legal admissibility

Chapter 5 — Mobile Device Forensics (8 marks)

  • 5.1 Mobile device acquisition techniques (iOS, Android)
  • 5.2 Recovering SMS, call logs, GPS data, application data
  • 5.3 Usage of tools — Andriller, Cellebrite, Oxygen Forensics Suite

Chapter 6 — Cloud Forensics (6 marks)

  • 6.1 Introduction to digital forensics in the cloud environment
  • 6.2 Challenges in analysing digital evidence in the cloud environment
  • 6.3 Common practices and tools for digital forensic analysis in AWS, Azure, and GCP

Chapter 7 — Malware Analysis (6 marks)

  • 7.1 Introduction and importance of malware analysis in digital forensics
  • 7.2 Static, dynamic, and hybrid analysis
  • 7.3 Using tools — Cuckoo Sandbox, Ghidra, Volatility for malware analysis

Chapter 8 — Log Analysis (6 marks)

  • 8.1 Analysing system, application, and access logs
  • 8.2 Correlating logs with other system information for digital forensics
  • 8.3 Storing and retrieving logs for legal admissibility
  • 8.4 Common log formats, logging applications, and tools
· min read