MPŠ MP&Scaron MP&Scaron MP&Scaron Avtorji

Jožef Stefan
Postgraduate School

Jamova 39
SI-1000 Ljubljana

Phone: +386 1 477 31 00
Fax: +386 1 477 31 10


Course Description

Digital Forensics


Information and Communication Technologies, second-level study programme


doc. dr. Tomaž Klobučar


Digital forensics is science and art of gathering chains of digital evidence through legally compliant procedures with usage of various forensic tools that enable the investigator to reconstruct criminally liable actions at the physical and logical levels. In the information age the digital forensics has increasingly important role with widespread usage of digital technologies both in business processes and private life.

The main objective of the course is to provide the students theoretical and practical knowledge in digital forensics. For this purpose, the students will be introduced to various forms of computer crime and motivations of criminal activity. Current aspects of national and world wide legislation and practice will be discussed and related to digital forensics methodologies proposed and used for digital evidence provisioning. In the course a number of digital forensic tools will be presented and practically tested.

Gained knowledge will enable the students to continue research and development in the field, which is expected to be carried out already through individual work in the course.


definition of basic concepts, technology, legislation, norms, market; information systems, security, computer crime, countermeasures, digital forensic

Computer crime:
nature and classification of computer crime, motivation for crime; computer crime, technological overview, network and host attacks, malicious software, denial of service, software piracy, intellectual property, privacy abuse, social engineering, corporate espionage, racism, xenophobia; technological countermeasures

Computer crime and legalization:
basic legalization documents and conventions, European Union, United states; Slovenian legislation compared to other legislations, legislation practice, national and international institutions cooperation, Corporate security policies

Digital forensics:
digital evidence, digital forensics methodologies, technology and legalization interrelations; digital forensic and operating systems, storage, mobile systems, applications and networked systems

Basic digital forensics tools:
digital forensic laboratory; basic commercial and open source forensic tools

Practical examples of digital forensics tools:
examples of tool usage, e.g. X-WAYS and SleuthKit

Course literature:

Selected chapters from the following books:

• E. Casey (Ed.), Handbook of Digital Forensics and Investigation. Elsevier Academic Press, 2009, ISBN: 978-0-12-374267-4
• S. Davidoff and J. Ham, Network Forensics: tracking hackers through cyberspace. Prentice Hall, 2012, ISBN-13: 978-0132564717
• K. J. Jones, R. Bejtlich and C. W. Rose. Real Digital Forensics: Computer Security and Incident Response. Addison Wesley, 2005, ISBN: 0321240693
• B. Carrier, File System Forensic Analysis. Addison Wesley, 2005, ISBN: 0-321-26817-2
• R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition. Wiley Computer Publishing, 2008, ISBN 978-0470068526

Significant publications and references:

• V. Jovanovikj, D. Gabrijelčič and T. Klobučar, “A conceptual model of security context,” International journal of information security, ISSN 1615-5262, vol. 13, no. 6, pp. 571-581, 2014
• B. Ivanc and T. Klobučar, “Attack modeling in the critical infrastructure = Modeliranje napadov v kritični infrastrukturi,” Elektrotehniški vestnik, ISSN 0013-5852. [Slovenska tiskana izd.], vol. 81, no. 5, pp. 285-292, 2014
• T. Klobučar, D. Gabrijelčič and V. Pagon, “Cross-border e-learning and academic services based on eIDs: case of Slovenia” in eChallenges 2014 : 29-30 October, 2014 Belfast, Ireland. Dublin: IIMC: = International Information Management Corporation, 8 pages, 2014
• P. Cigoj and T. Klobučar, “Cloud security and OpenStack,” in R. Trobec (Ed.), Proceedings of the 1st International Conference on CLoud Assisted ServiceS, Bled, Slovenia, October 22 -25: CLASS. 1st ed. Ljubljana: Univerza v Ljubljani, pp. 20-27, 2012
• V. Jovanovikj, D. Gabrijelčič and T. Klobučar, “Access control in BitTorrent P2P networks using the enhanced closed swarms protocol” in Netware 2011: August 21-27, 2011, Nice - Saint Laurent du Var, France. [S. l.], pp. 97-102, 2011
• D. Gabrijelčič, B. Semulič, B. Jerman-Blažič, T. Klobučar, V. Vehovar and I. Belič, Računalniška kriminaliteta v Sloveniji: analiza stanja in predlog ukrepov, 2006
• B. Jerman-Blažič (Ed.), W. Schneider (Ed.) and T. Klobučar (Ed.), Security and privacy in advanced networking technologies, (NATO science series, Series III, Computer and systems sciences, vol. 193). Amsterdam [etc.]: IOS Press, VIII, 250 pages, 2004. ISBN 1-58603-430-8
• A. Jerman-Blažič, T. Klobučar and B. Jerman-Blažič, “Long-term trusted preservation service using service interaction protocol and evidence records,” Comput. stand. interfaces. [Print ed.], vol. 29, no. 3, pp. 398-412, 2007
• T. Klobučar and B. Jerman-Blažič, “A formalization and evaluation of certificate policies,” Comput. commun.. [Print ed.], vol. 22, str. 1104-1110, 1999
• T. Klobučar and B. Jerman-Blažič, “An infrastructure for support of digital signatures,” Informatica (Ljublj.), vol. 23, spec. issue, no. 4, str. 447-481, 1999


Seminar work with oral defense (50%)
Oral or written exam (50%)

Students obligations:

Seminar work and oral defense of seminar work.