10151133Computer Forensics
Course Information
Description
This course provides a broad overview of computer forensics and investigation tools and techniques. All major personal computer operating system architectures and disk structures will be discussed, as well as what computer forensic hardware and software tools are available. The details of data acquisition, computer forensic analysis, email investigations, image file recovery, investigative report writing, and expert witness requirements. The course provides a range of laboratory and hands-on assignments that teach about theory as well as the practical application of computer forensic investigation. Open Source tools include: The Sleuth Kit, dd, Scalpel, etc.
Total Credits
3
Course Competencies
-
Explain DD and HelixAssessment Strategiesby participating in the classby completing lab manual assignmentusing a business scenarioby examinationCriteriayou complete your lab manual assignment correctlyyou enter into class discussions about tools used to mine data and the effectiveness of these toolsyou utilize the dd utility to access data off of a deviceyou download a helix distribution and use it to access a systemyou create your own helix cdyou attend class regularlyyou arrive for class on timeyou listen attentively during class
-
Compare grabbing and hashingAssessment Strategiesby participating in the classby completing lab manual assignmentusing a business scenarioby examinationCriteriayou complete your lab manual assignment correctlyyou enter into class discussions about grabbing and hashing datayou utilize forensic utility tools to access hidden or deleted datayou attend class regularlyyou arrive for class on timeyou listen attentively during class
-
Use Forensic ToolKit (FTK) ImagerAssessment Strategiesby participating in the classby completing lab manual assignmentusing a business scenarioby examinationCriteriayou complete your lab manual assignment correctlyyou enter into class discussions about advanced tools that allow you to access data in FAT, NTFS, EXT 2 and 3 as well as HFS and HPFS file systemsyou utilize FTK to acquire locked system filesyou utilize FTK to hash physically or logically for verificationyou attend class regularlyyou arrive for class on timeyou listen attentively during class
-
Explain chain of custodyAssessment Strategiesby participating in the classby completing lab manual assignmentusing a business scenarioby examinationCriteriayou complete your lab manual assignment correctlyyou enter into class discussions about law and it's relationship with forensic datayou enter into class discussions about preserving computer data as evidenceyou enter into class discussions about acting as an expert witness in a case on computer datayou attend class regularlyyou arrive for class on timeyou listen attentively during class
-
Compare file headers and type mismatchesAssessment Strategiesby participating in the classby completing lab manual assignmentusing a business scenarioby examinationCriteriayou complete your lab manual assignment correctlyyou enter into class discussions about matching headers and file typesyou determine when data has mismatched headers and file typesyou attend class regularlyyou arrive for class on timeyou listen attentively during class
-
Utilize autopsy to mine dataAssessment Strategiesby participating in the classby completing lab manual assignmentusing a business scenarioby examinationCriteriayou complete your lab manual assignment correctlyyou enter into class discussions about open source digital investigation toolsyou utilize open source digital investigation tools to to analyze NTFS, FAT, Ext2, Ext3, UFS1, and UFS2 file systems and several volume system typesyou attend class regularlyyou arrive for class on timeyou listen attentively during class
-
Use PyFlag to mine dataAssessment Strategiesby participating in the classby completing lab manual assignmentusing a business scenarioby examinationCriteriayou complete your lab manual assignment correctlyyou enter into class discussions about log file analysis in forensic investigationsyou configure and utilize pyflag to analyze log filesyou attend class regularlyyou arrive for class on timeyou listen attentively during class
-
Explain data chunkingAssessment Strategiesby participating in the classby completing lab manual assignmentusing a business scenarioby examinationCriteriayou complete your lab manual assignment correctlyyou enter into class discussions about managing large files of datayou utilize data mining tools to access chunks of data on a RAID arrayyou attend class regularlyyou arrive for class on timeyou listen attentively during class