MPŠ MP&Scaron MP&Scaron MP&Scaron Avtorji

Jožef Stefan
Postgraduate School

Jamova 39
SI-1000 Ljubljana

Phone: +386 1 477 31 00
Fax: +386 1 477 31 10


Course Description

Digital Forensics II


Information and Communication Technologies, third-level study programme


doc. dr. Tomaž Klobučar


The main objective of this course is to present advanced issues of digital forensics.

Students should be able to:
• Apply digital forensics methodology
• Select and use appropriate digital forensics tools
• Take into account the requirements and problems of digital forensics in specific environments, e.g. in cloud computing or mobile systems
• Continue research and development work in the area of digital forensics


definition of basic concepts, digital forensics technology

Digital forensics:
digital evidence, digital forensics methodologies, technology and legalization interrelations; digital forensic and operating systems, storage, mobile systems, applications and networked systems

Advanced digital forensics tools:
digital forensic laboratory, mobile digital forensic systems; commercial and open source forensic tools for analyses of file, live, mobile and network systems, and applications; tools dependability.

Selected topics in digital forensics (e.g. cloud computing forensics)

Practical aspects and future trends:
practical examples of digital forensic investigations; Information systems research and technology trends, new markets; digital forensics research issues

Course literature:

Selected chapters from the following books:

• E. Casey (Ed.), Handbook of Digital Forensics and Investigation. Elsevier Academic Press, 2009, ISBN: 978-0-12-374267-4
• S. Davidoff and J. Ham, Network Forensics: tracking hackers through cyberspace. Prentice Hall, 2012, ISBN-13: 978-0132564717
• K. J. Jones, R. Bejtlich and C. W. Rose, Real Digital Forensics: Computer Security and Incident Response. Addison Wesley, 2005, ISBN: 0321240693
• B. Carrier, File System Forensic Analysis. Addison Wesley, 2005, ISBN: 0-321-26817-2

Selected papers from journals Digital Investigation, IEEE Security and Privacy, IEEE Network Security, International Journal of Digital Evidence, International Journal of Electronic Security and Digital Forensics, Journal of Digital Forensic Practice.

Significant publications and references:

• V. Jovanovikj, D. Gabrijelčič and T. Klobučar, “A conceptual model of security context,” International journal of information security, ISSN 1615-5262, vol. 13, no. 6, pp. 571-581, 2014
• B. Ivanc and T. Klobučar, “Attack modeling in the critical infrastructure = Modeliranje napadov v kritični infrastrukturi,” Elektrotehniški vestnik, ISSN 0013-5852. [Slovenska tiskana izd.], vol. 81, no. 5, pp. 285-292, 2014
• T. Klobučar, D. Gabrijelčič and V. Pagon, “Cross-border e-learning and academic services based on eIDs: case of Slovenia” in eChallenges 2014: 29-30 October, 2014 Belfast, Ireland. Dublin: IIMC: = International Information Management Corporation, 8 pages, 2014
• P. Cigoj and T. Klobučar, “Cloud security and OpenStack,” in R. Trobec (Ed.), Proceedings of the 1st International Conference on CLoud Assisted ServiceS, Bled, Slovenia, October 22 -25: CLASS. 1st ed. Ljubljana: Univerza v Ljubljani, pp. 20-27, 2012
• V. Jovanovikj, D. Gabrijelčič and T. Klobučar, “Access control in BitTorrent P2P networks using the enhanced closed swarms protocol” in Netware 2011: August 21-27, 2011, Nice - Saint Laurent du Var, France. [S. l.], pp. 97-102, 2011
• D. Gabrijelčič, B. Semulič, B. Jerman-Blažič, T. Klobučar, V. Vehovar and I. Belič, Računalniška kriminaliteta v Sloveniji: analiza stanja in predlog ukrepov, 2006
• B. Jerman-Blažič (Ed.), W. Schneider (Ed.) and T. Klobučar (Ed.), Security and privacy in advanced networking technologies, (NATO science series, Series III, Computer and systems sciences, vol. 193). Amsterdam [etc.]: IOS Press. VIII, 250 pages, 2004. ISBN 1-58603-430-8
• A. Jerman-Blažič, T. Klobučar and B. Jerman-Blažič, “Long-term trusted preservation service using service interaction protocol and evidence records,” Comput. stand. interfaces. [Print ed.], vol. 29, no. 3, pp. 398-412, 2007
• T. Klobučar and B. Jerman-Blažič, “A formalization and evaluation of certificate policies,” Comput. commun.. [Print ed.], vol. 22, str. 1104-1110, 1999
• T. Klobučar and B. Jerman-Blažič, “An infrastructure for support of digital signatures,” Informatica (Ljublj.), vol. 23, spec. issue, no. 4, str. 447-481, 1999


Seminar work with oral defense (50%)
Oral or written exam (50%)

Students obligations:

Seminar work and oral defense of seminar work.