Course Information
Description
This course provides a broad overview of computer forensics and investigation tools and techniques. All major personal computer operating system architectures and disk structures will be discussed, as well as what computer forensic hardware and software tools are available. The details of data acquisition, computer forensic analysis, email investigations, image file recovery, investigative report writing, and expert witness requirements. The course provides a range of laboratory and hands-on assignments that teach about theory as well as the practical application of computer forensic investigation. Open Source tools include: The Sleuth Kit, dd, Scalpel, etc.
Total Credits
3
Course Competencies
-
Explain DD and HelixAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about tools used to mine data and the effectiveness of these toolsyou utilize the dd utility to access data off of a deviceyou download a helix distribution and use it to access a systemyou create your own helix cdyou listen attentively during class
-
Compare grabbing and hashingAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about grabbing and hashing datayou utilize forensic utility tools to access hidden or deleted datayou listen attentively during class
-
Use Forensic ToolKit (FTK) ImagerAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about advanced tools that allow you to access data in FAT, NTFS, EXT 2 and 3 as well as HFS and HPFS file systemsyou utilize FTK to acquire locked system filesyou utilize FTK to hash physically or logically for verificationyou listen attentively during class
-
Explain chain of custodyAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about law and it's relationship with forensic datayou enter into class discussions about preserving computer data as evidenceyou enter into class discussions about acting as an expert witness in a case on computer datayou listen attentively during class
-
Compare file headers and type mismatchesAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about matching headers and file typesyou determine when data has mismatched headers and file typesyou listen attentively during class
-
Utilize autopsy to mine dataAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about open source digital investigation toolsyou utilize open source digital investigation tools to to analyze NTFS, FAT, Ext2, Ext3, UFS1, and UFS2 file systems and several volume system typesyou listen attentively during class
-
Use PyFlag to mine dataAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about log file analysis in forensic investigationsyou configure and utilize pyflag to analyze log filesyou listen attentively during class
-
Explain data chunkingAssessment Strategiesby completing lab manual assignmentusing a business scenarioby examinationCriterialab manual meets guidelines as specified by the instructoryou enter into class discussions about managing large files of datayou utilize data mining tools to access chunks of data on a RAID arrayyou listen attentively during class