Standard Data

Course Title:

  Computer Forensics and Data Identification

Subject Code:

  CIS

Course Number:

  1219

Course Type:

  Newly Developed

Offered Online:

  Y

Course Description:

  This course provides a study of computer forensics techniques that will teach techniques needed to harvest, identify, and analyze data while maintaining the legal and ethical standards needed to produce evidence that is admissible in court. Topics include: computer forensics, ethical practices, sterile media, computer forensic tools, evidence collection, evidence analysis, and documentation.

Class Hours:

  4

Demo Lab Hours:

  4

Pract. Lab/O.B.I.Hours:

  0

Credit Hours:

  6

   

 Prerequisites

Prerequisites

CIS   103    

CIS   108    

CIS   122    

 Corequisites

Corequisites

Course Guide

Competency

After Completion the student will:

Class
Hours

Demo Lab
Hours

P.Lab/
O.B.I

Computer Forensics

2

2

0

      Data Collection

 

Define computer forensics and discuss data collection and forensics procedures.

      Investigation Plan

 

Establish the scope of the investigation.

 

Develop and implement an investigation plan.

Ethical Practices

2

2

0

      Ethical Standards & Procedures

 

Define ethical standards for computer forensics.

 

Discuss ethical procedures for collecting and displaying data.

Sterile Media

8

8

0

      Disk Imaging

 

Define sterile media and describe the use of disk imaging.

      Media Examination

 

Describe procedures for collecting an PC without compromising information during shutdown.

 

Describe the use of "carving" utilities.

 

Prepare media for examination.

Computer Forensics Tools

10

10

0

      Using Forensics Tools

 

Define computer forensics tools.

 

Discuss variouls computer forensics tools and identify the information that can be harvested.

 

Analyze various storage media to identify and collect data using forensics tools.

Evidence Collection

10

12

0

      Evidence Custody

 

Define evidence collection.

 

Discuss chain of custody and other legal requirements that apply to evidence collection.

 

Discuss the identification of evidence.

      Data Recovery

 

Recover simple deleted files.

 

Recover remnants of data from slack space and also from unallocated space.

 

Locate potential sources of evidence.

Evidence Analysis

4

4

0

      Extract Data

 

Define evidence analysis.

 

Convert extracted data into a format that can be easily read and used by investigators.

 

Identify date and time data was created and modified.

      Conduct Analysis

 

Examine metadata.

 

Accumulate information about the machine used to create data.

 

Conduct file signature analysis.

 

Conduct hash analysis.

 

Operating system and file system access techniques.

Documentation

4

2

0

      Requirements of Documentation

 

Define documentation and describe information that should be documented.

 

List rules for note-taking.

 

Describe requirements for preparing data to be turned over to investigators and lawyers.

 

Prepare complete documentation for sample cases.

Suggested Resources

Suggested Resources include textbooks shown below or most current edition.

Guide to Computer Forensics & Investigations, 3rd Edition, 2008 Nelson, Phillips, Enfinger, and Stuart ISBN 13-978-1-4180-6733-5