Students are expected to acquire: - knowledge of the legal requirements and safeguards characterizing the field of digital forensics and cybercrime - Understanding of international regulations and conventions relevant to cross-border cybercrime investigations. - Ability to assess and apply legal frameworks related to digital evidence admissibility in court.- Ability to stay updated on evolving legal standards and policies in relation to cybersecurity and digital forensics. - Proficiency in collaborating with legal professionals and technical experts to ensure compliance with digital forensic protocols and cybercrime laws in complex investigations. Moreover, from a technical point of view, they are expected to acquire - Knowledge of the general concepts, best practices and technical standards for computer forensics; - Knowledge of different domains in which computer forensics can be applied (e.g., network forensics, mobile forensics) and the technical expertise required to approach computer forensics in these domains; - Knowledge of the main phases of computer forensics to soundly acquire and preserve digital evidence; - Knowledge of how the processes of creation, manipulation, storage and transmission of the information in the digital world may inform computer forensics - Ability to apply the learned techniques with some commonly available tools.

- Knowledge of computer network architectures, TCP/IP, and HTTP. - Knowledge of network security protocols (e.g., IPSec, TLS, security mechanisms of HTTP, and SMTP). - Knowledge of the operating systems essentials (e.g., file management). - Knowledge of the main categories of attack against IT systems. - Knowledge of the main concepts (e.g., encryption and digest) and technologies (e.g., digital certificates, Virtual Private Networks, Firewall) for IT security. - Knowledge of the security architectures (e.g., for authentication). - Ability to analyze and interpret data from different sources and domains.

Part I Cybercrime and fundamental of digital forensics - Digital forensics and cybercrime definitions ( 0.5CFU) - Most relevant cybercrimes (1CFU) - Cybercrime and case studies: from cyberwarfare to corporate crimes (1CFU) - Best practices of Digital Forensics (bit stream copy and hash functions) (0.5CFU) - Future trends of cybercrime and digital forensics: generative AI and IoT (1CFU) Part II Computer forensics practice General concepts and practice for computer forensics (0.5CFU) - Definition and classification of computer forensics domains - Definition and classification of the main phases of computer forensics (e.g., acquisition, analysis) - Definition of the best practices for computer forensics analysis - Computer forensics standards Technical aspects of computer forensics (1.5CFU) - Definition and analysis of file system forensics (e.g., files recovery, metadata) - Definition and analysis of the memory forensics - Definition and analysis of the mobile forensics - Definition and analysis of the cloud forensics Anti-forensic techniques (0.5CFU) - Definition and analysis of methods to alter and destroy traces of data, making hard or impossible to find forensics evidence Novel trends in computer forensics (0.5CFU) - Definition and analysis of the most relevant innovations (e.g. generative AI) adopted in support of computer forensics Computer forensics tools (1CFU) - Application of the studied techniques using common tools (e.g., autopsy, common autopsy plug-ins) on selected use cases.

The course consists of classroom lectures (6.8 credits), where students are encouraged to actively contribute through discussions and group activities, fostering a collaborative learning environment. The lectures will cover theoretical and practical concepts, with a particular focus on digital forensics and cybercrime. Additionally, laboratories (1.2 credits) will provide hands-on experience, where students will experiment with the tools and techniques introduced during the lectures. In the labs, students will work on real-world case studies, presenting and discussing their proposed solutions with the instructors, encouraging critical thinking and problem-solving. This combination of lectures and labs ensures a comprehensive understanding of both the theoretical foundations and practical applications of the subject matter.

the teachers will provide the material (copies of slides and links to online resources) on the course website. Legal documents will be distributed to the students that will be used for the exercises. These documents will be anonymized in order to ensure compliance with data protection regulation. - Vaciago Giuseppe, Digital Forensics, Giappichelli, 2012, https://www.giappichelli.it/digital-forensics-e-book-9788834828052 - Javed, Abdul Rehman, et al. , A comprehensive survey on computer forensics: State-of-the-art, tools, techniques, challenges, and future directions., IEEE Access, 2022, https://ieeexplore.ieee.org/iel7/6287639/6514899/09678340.pdf - A.Yaacou Jean-Paul, N.Noura Hassan Salman Ola, Chehabc Ali, Advanced digital forensics and anti-digital forensics for IoT systems: Techniques, limitations and recommendations Internet of Things, Volume 19, August 2022, 100544, Elsevier, https://www.sciencedirect.com/science/article/abs/pii/S2542660522000464

Exam: Optional oral exam; Computer-based written test in class using POLITO platform;

Computer-based written test in class using POLITO platform; Optional oral exam; The written test will be taken using the Exams platform in a classroom. In case of technical problems, the students may be asked to write their test with pencil and paper. The test aims to evaluate the student's understanding of the topics discussed during the course and how much he applies the acquired notions to various cases. The test consists of a written test that may include open-answer and closed-answer questions or exercises to check that the student has acquired the expected learning outcomes both from the technical and legal parts. For the part about skills, the questions may be simple exercises or use cases related to the tools experimented with in the laboratories or analysis of legal use cases. The duration of the test is 1 hour and 30 minutes. Each question will specify the maximum grade that can be obtained. The final grade will be the sum of the grades assigned to the answers given to the questions. The test is closed-book, i.e. the student cannot consult any material during the test and cannot use any electronic device except the PC used for the test. The teachers will request an oral exam only if there are doubts about evaluating the written test. The oral exam will consist of additional questions to resolve the teachers' doubts about the evaluation. A sample exam test will be made available to the students through the Exercise platform. Homework: Optionally, the exam can be complemented by homework agreed upon with the teacher. This homework will focus on a specific topic among the presented course theory and practice, resulting in a report and an oral presentation. Report and presentation grades, whose maximum obtainable will be specified on a homework-specific basis, will be added to the written exam for the final grade. The maximum rating (30 cum laude) is given upon obtaining the maximum rating in the written work, or in any case exceeding the rating of 30 as the sum of the written test and homework.

In addition to the message sent by the online system, students with disabilities or Specific Learning Disorders (SLD) are invited to directly inform the professor in charge of the course about the special arrangements for the exam that have been agreed with the Special Needs Unit. The professor has to be informed at least one week before the beginning of the examination session in order to provide students with the most suitable arrangements for each specific type of exam.