DIGITAL FORENSICS

Introduction to digital forensics. Data processing in legal issues.

a.1) Disk forensics.
a.1.1. Introduction, identification of evidences, data seizure and acquisition, authentication, processing and analysis, documenting the results. Maintaining the "Chain of Evidence".
a.1.2. Disk encryption, data encryption cracking, malicious use of encryption (ransomware).

a.2) Network forensics.
a.2.1. Data transmission protocols and web servers.
a.2.2. Data tapping strategies: eavesdropping by sniffing, router information processing, server logs analysis, wireless traffic collection and processing, eavesdropping by malware.
a.2.3. Intrusion detection.
a.2.4. Identity theft and phishing.
a.2.5. Anti-forensics strategies: encryption and obfuscation. The TOR protocol.

a.3) Multimedia forensics.
a.3.1. The acquisition of multimedia data. Digital camera and microphone models.
a.3.2. Image/Video source authentication from noise (PRNU) or firmware identification (CFA interpolation, compression strategies).
a.3.3. Multimedia data embedding: steganography and steganalysis, watermarking.
a.3.4. Image/Video tampering strategies. Advanced solutions for tampering detection: pixel-based, format-based, camera-based, physically-based, geometric-based.
a.3.5. Real cases examples.
a.3.6. Audio source authentication. Audio tampering and its detection.
a.3.7. Biometric traits. Facial recognition, voice identification, fingerprint analysis and matching. Image/video/audio quality enhancement for forensic investigation.

a.4) Social network forensics.
a.4.1. Data sharing and diffusion on social networks.
a.4.2. Social network data pool: social footprint, communication pattern, images and videos, activity, applications.
a.4.3. Strategies for user identification, localization (space and time), and profiling.


b.1) Cybercrimes
b.1.1. Fundamentals of criminal law: constitutional principles; definition of crime; essential elements of crime.
b.1.2. Sources of international and supranational law on the prevention and repression of cybercrime. The transnational character of cybercrime.
b.1.3. Definition of cybercrime; distinction between cybercrime in a narrow sense (computer crime) and cybercrime in a broader sense (computer-related crime).
b.1.4. Analysis of some types of cybercrimes, in particular: unauthorized access to computer or telecommunications systems; illicit possession and diffusion of access codes; illegal interception, interruption or hindrance of computer or telecommunications systems; damages to computer systems and data; phishing; computer-related fraud; theft or unlawful use of a digital identity; computer privacy violations; computer crimes of copyright infringement; cryptolocker ransomware; cyberbullying; cyberterrorism.
b.1.5. The criminal use of social media.
b.1.6. Peculiar problems concerning the criminal responsibility of the ISP.


b.2) Criminal Investigations
b.2.1. Features of digital investigations. Immateriality, transnationality, cooperation.
b.2.2. Types of digital investigations. Pretrial, reactive and proactive investigations.
b.2.3. Means for obtaining evidence. Inspections, searches, seizures, interceptions of conversations or communications.
b.2.4. Clone copy. Beat stream image.
b.2.5. The role of the digital forensics expert and the right of defence.