Oct 31, 2024  
2024-2025 College Catalog 
    
2024-2025 College Catalog

CIS 132 - Introduction to Computer Forensics

3 Credits, 3 Contact Hours
3 lecture periods 0 lab periods
Introduction to computer forensics which focuses on methods of detection and prevention of computer crime. Includes multidisciplinary nature of computer forensics; professional opportunities; computer investigations; operating systems introduction; the investigator’s office and laboratory; forensic tools; and digital evidence controls. Also includes processing crime and incident scenes; data acquisition; computing forensic analysis; e-mail investigations; recovering image files; investigative report writing; and expert witness testimony.

Recommendation: Basic knowledge of computers and how to download and install software is recommended before enrolling in this course.
Button linking to AZ Transfer course equivalency guide  

Course Learning Outcomes
  1. Describe the components and important areas of computer forensics.
  2. Discuss important events and the laws relating to cybercrime.
  3. Evaluate methods used in the collection and analysis of data.
  4. Evaluate current digital forensics tools.
  5. Demonstrate how to use software in the recovery of computer files and data.
  6. Evaluate the process involved in e-mail, social media, network, mobile device and cloud forensics. 
  7. Discuss the importance of Expert Testimony in Digital Investigations.

Outline:
  1. Multidisciplinary Nature of Computer Forensics
  2. Professional Opportunities in Computer Forensics
  3. Introduction to Computer Investigations    
    1. Preparing an investigation
    2. Systematic approach
    3. Gathering and analyzing data
    4. Completing and critiquing the case
  4. Operating Systems Introduction    
    1. The boot sequence and tasks
    2. Methods of disk partitioning
    3. Examining data
    4. Understanding boot tasks
  5. Operating Systems Introduction to Macintosh    
    1. Understanding the Macintosh file structure
    2. Macintosh boot tasks   
  6. Operating Systems Introduction to Linux    
    1. Boot processes
    2. Linux file structure
    3. Examining disks
  7. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP)    
    1. IP packets
    2. IP addressing
    3. Media Access Control (MAC) addresses
    4. IP and MAC address shortcomings
  8. The Investigator’s Office and Laboratory    
    1. Forensic lab certification requirements
    2. Certification/training requirements
    3. Physical layout of a forensics lab
    4. Forensics workstation hardware and software   
  9. Introduction to Computer Forensic Tools    
    1. National Institute of Standards and Technology (NIST) tools
    2. National Institute of Justice (NIJ) methods
    3. Command-line software tools
    4. Graphical User Interface (GUI) software tools
    5. Hardware tools   
  10. Digital Evidence Controls    
    1. Identifying and understanding digital evidence
    2. Processing and handling of digital evidence
  11. Processing Crime and Incident Scenes    
    1. Concepts and terms in warrants
    2. Securing a scene
    3. Sample investigations
  12. Data Acquisition    
    1. Determining the Best Acquisition Methods
    2. Disk Operating System (DOS) tools
    3. Windows tools
    4. Linux tools
  13. Computer Forensic Analysis    
    1. Using DriveSpy software to analyze computer data
    2. Using PDBlock and PDWipe software
    3. Using AccessData’s Forensic Toolkit
    4. Data hiding techniques
  14. E-Mail Investigations    
    1. IP protocols and email
    2. Understanding the client and server roles in email
    3. Email crimes and investigation   
  15. Recovering Image Files    
    1. Image file types
    2. Locating and recovering image files   
  16. Investigative Report Writing    
    1. Types of reports
    2. Report layout   
  17. Expert Witness Testimony    
    1. Preparing for testimony
    2. Testifying in court
    3. Testifying during cross-examination
    4. Depositions


Effective Term:
Fall 2023