Oct 20, 2021
CIS 132 - Introduction to Computer Forensics 3 Credits, 3 Contact Hours
3 lecture periods 0 lab periods
Introduction to computer forensics which focuses on methods of detection and prevention of computer crime. Includes multidisciplinary nature of computer forensics; professional opportunities; computer investigations; operating systems introduction; the investigator’s office and laboratory; forensic tools; and digital evidence controls. Also includes processing crime and incident scenes; data acquisition; computing forensic analysis; e-mail investigations; recovering image files; investigative report writing; and expert witness testimony.
Recommendation: Basic knowledge of computers and how to download and install software is recommended before enrolling in this course.
Course Learning Outcomes
- Describe the components and important areas of computer forensics.
- Relate the applicability of computer forensics to a variety of disciplines.
- Discuss important events and the laws relating to cybercrime.
- Compare basic computer operating systems, what they do, where and how they are used, and discuss some of their security shortcomings.
- Evaluate methods used in the collection and analysis of data.
- Demonstrate software in the recovery of computer files and data.
- Discuss the details of various types of computer attacks and how to prevent them (e.g., spyware, MAC address spoofing, virus types).
- Critique expert witness testimony.
- Multidisciplinary Nature of Computer Forensics
- Professional Opportunities in Computer Forensics
- Introduction to Computer Investigations
- Preparing an investigation
- Systematic approach
- Gathering and analyzing data
- Completing and critiquing the case
- Operating Systems Introduction
- The boot sequence and tasks
- Methods of disk partitioning
- Examining data
- Understanding boot tasks
- Operating Systems Introduction to Macintosh
- Understanding the Macintosh file structure
- Macintosh boot tasks
- Operating Systems Introduction to Linux
- Boot processes
- Unix/Linux file structure
- Examining disks
- Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP)
- IP packets
- IP addressing
- Media Access Control (MAC) addresses
- IP and MAC address shortcomings
- The Investigator’s Office and Laboratory
- Forensic lab certification requirements
- Certification/training requirements
- Physical layout of a forensics lab
- Forensics workstation hardware and software
- Introduction to Computer Forensic Tools
- National Institute of Standards and Technology (NIST) tools
- National Institute of Justice (NIJ) methods
- Command-line software tools
- Graphical User Interface (GUI) software tools
- Hardware tools
- Digital Evidence Controls
- Identifying and understanding digital evidence
- Processing and handling of digital evidence
- Processing Crime and Incident Scenes
- Concepts and terms in warrants
- Securing a scene
- Sample investigations
- Data Acquisition
- Determining the Best Acquisition Methods
- Disk Operating System (DOS) tools
- Windows tools
- Linux tools
- Computer Forensic Analysis
- Using DriveSpy software to analyze computer data
- Using PDBlock and PDWipe software
- Using AccessData’s Forensic Toolkit
- Data hiding techniques
- E-Mail Investigations
- IP protocols and email
- Understanding the client and server roles in email
- Email crimes and investigation
- Recovering Image Files
- Image file types
- Locating and recovering image files
- Investigative Report Writing
- Types of reports
- Report layout
- Expert Witness Testimony
- Preparing for testimony
- Testifying in court
- Testifying during cross-examination
Full Academic Year 2018-2019
Add to Portfolio (opens a new window)