IT Forensics Christoph Sorge

News

05.09.2019

Exam results

The results for the 2nd final exam should now be visible in the CMS. The exam inspection will take place in building C3.1, room 0.04.

04.09.2019

Exam inspection

The exam inspection of the 2nd exam will take place next Tuesday, 11:00 - 12:00; room TBA (most likely in building C3.1 or nearby).

07.08.2019

Exam Inspection

The exam inspection will be next monday (12th August), 10:00 a.m., building C3.1, Room 0.01.

Please do not forget your Student ID.

30.07.2019

Exam results

The exam results are now in the CMS. You should have received a corresponding e-mail.

A couple of remarks:

  • Apparently, all of you got an e-mail, including those who did not register for the exam. Sorry for that - of course, if you are not registered, this... Weiterlesen

The exam results are now in the CMS. You should have received a corresponding e-mail.

A couple of remarks:

  • Apparently, all of you got an e-mail, including those who did not register for the exam. Sorry for that - of course, if you are not registered, this means you have not failed.
  • You should be able to see the points you got for each task.
  • We do not guarantee that the points have been correctly entered into the CMS (though we did our best). We will double-check before uploading to LSF.
  • The statistics seem to include those who did not participate in the exam. In fact, of the 52 people that showed up, 38 passed the exam. There was one 1.0 and four times the grade 1.3.
25.07.2019

Additional exam information

The data and time for the re-exam have been fixed: September 2, 13:30, Günter-Hotz-Hörsaal (same time and place as the first exam - not a typo).

Both exams are scheduled to last 90 minutes.

18.07.2019

Exam Details

The main exam will take place on 26.07.2019, 13:30 at the Günter Hotz Lecture Hall (E 2.2). The use of cheat sheets is not allowed. Please be there at least 15 minutes ahead of time. The planned date for the reexam is 2.9.2019, but this is not fixed yet.
12.07.2019

Slides on Network Monitoring

Due to a misunderstanding, the slides for the network monitoring chapter were uploaded with a delay. They are now available in the CMS.

12.06.2019

No lecture tomorrow

The lecture tomorrow has to be cancelled. The tutorial will take place on Friday as usual.

01.06.2019

Lecture Instead Of Tutorial Next Week

Next week there will be an additional lecture in the tutorial slot. The solutions of the mid term will be discussed in two weeks.
31.05.2019

Reminder: (Voluntary) mid-term exam today

Just a quick reminder that we will have the mid-term exam in the tutorial today. The style is similar to the main exam, but participation is voluntary; it is mainly a tool for self-assessment.

22.05.2019

Exam registration deadline now strict

The dean for student affairs (in computer science) has asked the lecturers to communicate the following information (which applies to all lectures):

The deadline for registering for exams in lectures is now a strict deadline. Late registrations after the... Weiterlesen

The dean for student affairs (in computer science) has asked the lecturers to communicate the following information (which applies to all lectures):

The deadline for registering for exams in lectures is now a strict deadline. Late registrations after the deadline will only be processed by the study coordination in case of duly justified exceptions, such as illness.

16.05.2019

No Lecture Today and Information about the Tutorial tomorrow

As already mentioned last week, there will be no lecture today. 

Next week, the Tutorial will probably be swapped with the lecture, i.e. Tutorial on thursday and lecture on friday within the usual time slots.

In the Tutorial tommorrow, there will be... Weiterlesen

As already mentioned last week, there will be no lecture today. 

Next week, the Tutorial will probably be swapped with the lecture, i.e. Tutorial on thursday and lecture on friday within the usual time slots.

In the Tutorial tommorrow, there will be practical exercises again. We will need Volatility (https://www.volatilityfoundation.org/26) and the Test Image called "xp-laptop-2005-06-25.img" from this archive: https://www.cfreds.nist.gov/mem/memory-images.rar
 

10.05.2019

Practical Exercise Information

We will need two Test Images from https://www.cfreds.nist.gov/dfr-test-images.html for the exercises in the tutorial today, namely the first one "DFR-01" in NTFS and "DFR-11" in NTFS format. Here are the corresponding download links:
DFR-01:... Weiterlesen

We will need two Test Images from https://www.cfreds.nist.gov/dfr-test-images.html for the exercises in the tutorial today, namely the first one "DFR-01" in NTFS and "DFR-11" in NTFS format. Here are the corresponding download links:
DFR-01: https://www.cfreds.nist.gov/dfr-images/dfr-01-ntfs.dd.bz2

DFR-11: https://www.cfreds.nist.gov/dfr-images/dfr-11-mft-ntfs.dd.bz2

02.05.2019

Information about the Tutorial(s)

It has been decided that there will be no additional tutorial slot, therefore we relocate the tutorial to the lecture hall (0.05, CISPA) just like last week.

Concerning the tutorial tomorrow, there will be no practical exercise yet, this is postponed to next... Weiterlesen

It has been decided that there will be no additional tutorial slot, therefore we relocate the tutorial to the lecture hall (0.05, CISPA) just like last week.

Concerning the tutorial tomorrow, there will be no practical exercise yet, this is postponed to next week.

Best,

Nils

18.04.2019

Anecdote on forensic analysis of persistent data

For the German-speaking students, the anecdote on https://kanzleiundrecht.wordpress.com/2016/04/27/darf-es-etwas-weniger-sein/ shows how not to do computer forensics

Show all
 

IT Forensics

The lecture deals with finding and evaluating legal evidence in IT systems, both for criminal prosecution and civil action.

 

Focus areas include, among others:

 

Processes of IT forensics (with a focus on incident response)

Analysis of storage media and file systems

Retrieval and analysis of RAM contents (e.g., cold boot attacks)

Attacks on passwords

(Basics of) evidence in civial actions and criminal proceedings

Role of technical experts in court



Datenschutz | Impressum
Bei technischen Problemen wenden Sie sich bitte an die Administratoren