Oct 05, 2022  
2021-2022 College Catalog 
2021-2022 College Catalog [ARCHIVED CATALOG]

Add to Portfolio (opens a new window)

CIS 132 - Introduction to Computer Forensics

3 Credits, 3 Contact Hours
3 lecture periods 0 lab periods

Introduction to computer forensics which focuses on methods of detection and prevention of computer crime. Includes multidisciplinary nature of computer forensics; professional opportunities; computer investigations; operating systems introduction; the investigator’s office and laboratory; forensic tools; and digital evidence controls. Also includes processing crime and incident scenes; data acquisition; computing forensic analysis; e-mail investigations; recovering image files; investigative report writing; and expert witness testimony.

Recommendation: Basic knowledge of computers and how to download and install software is recommended before enrolling in this course.

Course Learning Outcomes
  1. Describe the components and important areas of computer forensics.
  2. Relate the applicability of computer forensics to a variety of disciplines.
  3. Discuss important events and the laws relating to cybercrime.
  4. Compare basic computer operating systems, what they do, where and how they are used, and discuss some of their security shortcomings.
  5. Evaluate methods used in the collection and analysis of data.
  6. Demonstrate software in the recovery of computer files and data.
  7. Discuss the details of various types of computer attacks and how to prevent them (e.g., spyware,      MAC address spoofing, virus types).
  8. Critique expert witness testimony.

  1. Multidisciplinary Nature of Computer Forensics
  2. Professional Opportunities in Computer Forensics
  3. Introduction to Computer Investigations
    1. Preparing an investigation
    2. Systematic approach
    3. Gathering and analyzing data
    4. Completing and critiquing the case
  4. Operating Systems Introduction
    1. The boot sequence and tasks
    2. Methods of disk partitioning
    3. Examining data
    4. Understanding boot tasks
  5. Operating Systems Introduction to Macintosh
    1. Understanding the Macintosh file structure
    2. Macintosh boot tasks
  6. Operating Systems Introduction to Linux
    1. Boot processes
    2. Unix/Linux file structure
    3. Examining disks
  7. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP)
    1. IP packets
    2. IP addressing
    3. Media Access Control (MAC) addresses
    4. IP and MAC address shortcomings
  8. The Investigator’s Office and Laboratory
    1. Forensic lab certification requirements
    2. Certification/training requirements
    3. Physical layout of a forensics lab
    4. Forensics workstation hardware and software
  9. Introduction to Computer Forensic Tools
    1. National Institute of Standards and Technology (NIST) tools
    2. National Institute of Justice (NIJ) methods
    3. Command-line software tools
    4. Graphical User Interface (GUI) software tools
    5. Hardware tools
  10. Digital Evidence Controls
    1. Identifying and understanding digital evidence
    2. Processing and handling of digital evidence
  11. Processing Crime and Incident Scenes
    1. Concepts and terms in warrants
    2. Securing a scene
    3. Sample investigations
  12. Data Acquisition
    1. Determining the Best Acquisition Methods
    2. Disk Operating System (DOS) tools
    3. Windows tools
    4. Linux tools
  13. Computer Forensic Analysis
    1. Using DriveSpy software to analyze computer data
    2. Using PDBlock and PDWipe software
    3. Using AccessData’s Forensic Toolkit
    4. Data hiding techniques
  14. E-Mail Investigations
    1. IP protocols and email
    2. Understanding the client and server roles in email
    3. Email crimes and investigation
  15. Recovering Image Files
    1. Image file types
    2. Locating and recovering image files
  16. Investigative Report Writing
    1. Types of reports
    2. Report layout
  17. Expert Witness Testimony
    1. Preparing for testimony
    2. Testifying in court
    3. Testifying during cross-examination
    4. Depositions

Effective Term:
Full Academic Year 2018-2019

Add to Portfolio (opens a new window)