logo-polimi
Loading...
Risorse bibliografiche
Risorsa bibliografica obbligatoria
Risorsa bibliografica facoltativa
Scheda Riassuntiva
Anno Accademico 2020/2021
Scuola Scuola di Ingegneria Industriale e dell'Informazione
Insegnamento 055812 - DIGITAL FORENSICS AND CYBERCRIME
Docente Zanero Stefano
Cfu 5.00 Tipo insegnamento Monodisciplinare

Corso di Studi Codice Piano di Studio preventivamente approvato Da (compreso) A (escluso) Insegnamento
Ing Ind - Inf (Mag.)(ord. 270) - MI (481) COMPUTER SCIENCE AND ENGINEERING - INGEGNERIA INFORMATICA*AZZZZ055812 - DIGITAL FORENSICS AND CYBERCRIME
Ing Ind - Inf (Mag.)(ord. 270) - MI (502) CYBER RISK STRATEGY AND GOVERNANCE*AZZZZ055812 - DIGITAL FORENSICS AND CYBERCRIME

Obiettivi dell'insegnamento

Cybercrime is one of the most significant, and by far the most prevalent threat to digital infrastructure. In this course we will analyze the main mechanism, characteristics and drivers of cybercrime (including its underground economy). We will then analyze the techniques for forensic analysis of digital devices (with a specific attention to the Italian legal context and two dedicated case studies, but with a general overview of methodologies applicable internationally). Network forensics and cloud forensics will also be introduced. Finally, since most cybercriminals try to directly monetize their attacks, attention will be devoted to fraud detection technologies, and to technologies for tracking movement of digital currencies and cryptocurrencies.


Risultati di apprendimento attesi

After passing the exam, the students will know the basics of underground economy, and the different dynamics and modus operandi of cybercriminals. They will also know the basic procedures and requirements of forensic analysis, both in a general and abstract way and in the particular case of the Italian legal framework. They will know the techniques to properly preserve and analyze digital evidence of various types and from various sources. They will understand the basics of antiforensic techniques.

They will be able to use forensic tools to acquire sources and analyze simple disk images.


Argomenti trattati
  1. Cybercrime
    1. General landscape and modus operandi of cyber criminals
    2. The underground economy and crime-as-a-service
    3. Financially-motivated malware
    4. Tracking cryptocurrency transactions in malware investigations
  2. Fraud detection and analysis
    1. Fraud: definitions, typical examples
    2. Detecting frauds: operational measures
    3. Machine learning techniques for fraud detection and analysis
    4. Case studies
  3. Digital forensics principles
    1. Forensic science: repeatability, falsifiability; Daubert test; Italian legal framework
    2. Digital Forensics phases
  4. Source acquisition
    1. Digital crime scene preservation principles
    2. Acquisition of digital media
    3. Acquisitions from network systems and from the cloud
    4. Acquisition of mobile devices
    5. Peculiarities and special cases
  5. Forensic analysis of mass storage
    1. Disk geometry, file systems, metadata
    2. Deleted files recovery (including carving and slack space)
    3. Repeatability of analysis and integrity preservation
    4. Forensic tool examples (with practical demonstrations)
    5. Anti-forensic techniques
  6. Digital investigations: evaluation of evidence and presentation
    1. Methodical doubts
    2. Analysis of common mistakes
    3. Aspetti di etica professionale


A small set (8 hrs) of optional classes in Italian will be dedicated to Italian legal principles to be applied in forensics: repeatability standards and the way analysis is performed in Italian courts, along with 2 case studies of Italian legal proceedings. 


Prerequisiti

Students should have attended a basic security course, such as "Computer Security" or "Cybersecurity technologies, procedures and policies". An understanding of file system principles and of basic networking technologies is helpful.


Modalità di valutazione

Written (or oral) theoretical exam on the subjects presented in the course. The exam may take the form of simple questions, or of basic cases presented with some questions to answer.


Bibliografia
Risorsa bibliografica facoltativaKeith J. Jones, Richard Bejtlich, Curtis W. Rose, Real Digital Forensics: Computer Security and Incident Response, Editore: Addison-Wesley, Anno edizione: 2005, ISBN: 978-0321240699

Software utilizzato
Nessun software richiesto

Forme didattiche
Tipo Forma Didattica Ore di attività svolte in aula
(hh:mm)
Ore di studio autonome
(hh:mm)
Lezione
30:00
45:00
Esercitazione
15:00
22:30
Laboratorio Informatico
5:00
7:30
Laboratorio Sperimentale
0:00
0:00
Laboratorio Di Progetto
0:00
0:00
Totale 50:00 75:00

Informazioni in lingua inglese a supporto dell'internazionalizzazione
Insegnamento erogato in lingua Inglese
Disponibilità di materiale didattico/slides in lingua inglese
Disponibilità di libri di testo/bibliografia in lingua inglese
Possibilità di sostenere l'esame in lingua inglese
Disponibilità di supporto didattico in lingua inglese
schedaincarico v. 1.6.8 / 1.6.8
Area Servizi ICT
19/09/2021