ECOM6032 - E-discovery and digital forensics
Instructors Dr. KP Chow ( chow@cs.hku.hk )
Dr. Hilton Chan ( hilton@ecom-icom.hku.hk )
Dr. Frank Law ( franklaw@ecom-icom.hku.hk )
Syllabus This module will give the students an in-depth understanding of the current IT management and e-business litigation practices involving e-Discovery and Digital Forensics, and will help them to take a leading role in the management team to work with the legal counsel, auditor and department managers to prepare and implement an effective Incident Response Strategy to address various IT-business and legal problems in today’s global competition and innovation driven economy.
Objectives The objectives of this module is to provide the student a good understanding of how corporate computer data and electronic business records can be used as digital evidence in civil and criminal proceedings. When the organization encounters. The students will learn about the related IT legislations and the incident response and data management practices to protect all corporate digital assets. The internationally recognized computer forensics procedures and e-discovery practices will be discussed.
Learning outcomes

On completion of the module, the students should be able to:

  1. manage and handle IT incidents involving criminal or civil proceedings
  2. assist the corporate management to critical review the existing IT data management policies and Incident Response Strategy in compliance with the legal requirements, e.g. Evidence Ordinance and Personal Data Privacy Ordinance, and the best practices in computer forensics and e-discovery
  3. analyze different type of evidence
  4. handling digital evidence in accordance with the IT legislations in Hong Kong, and the international practices in computer forensics and e-discovery
  5. identify the pitfalls when handling corporate digital assets and evidence in day-to-day IT administration
  6. collect, analysis and present digital evidence in Court
  7. give evidence in Court as IT expert witness
  8. advise the corporate management, legal counsel and IT security specialist on legal matters involving electronic data
Prior knowledge expected None
Topics covered
  1. Fundamental Concepts and International Practices in Computer Forensics and e-Discovery
  2. The Impact of Computer Forensics and e-Discovery to IT Architecture and System Design, Data Management Policies, Incident Response Strategy, Business Contingency Planning, Electronic Transactions in e-Commerce, IT Security Countermeasures, System Administrators and End-users
  3. IT related legislations and case studies
  4. Standard Operating Procedure (SOP) in Computer Forensics
  5. e-Discovery and the Electronic Discovery Reference Model
  6. Identification and Presentation of Digital Evidence
  7. Various tools and utilities in Computer Forensics
  8. Different Approaches and Methods in performing Computer Forensics – Standalone Workstation, Computer Networks, Mobile Devices, etc.
  9. Future Challenges in Computer Forensics and e-Discovery
Teaching format 10 sessions of lectures
Assessment The assessment of the module will be 100% coursework.
Course materials Notes, with pre- and post-course reading lists of online reference materials.
Enrolment No add or drop after 15 May 2015.
Class quota Class size will be maintained at 60.
 
- Back -