Evidence Imaging
Overview
1. Introduction of various systems where digital evidence can be gathered for forensic analysis
2. Different types of digital evidence
3. Evidence image creation using various tools such as EnCase, FTK and dd
4. File Recovery
5. Windows Registry evidence analysis
6. File and metadata analysis
7. Internet browser applications evidence
8. Windows log files analysis
9. File Carving
10. Introduction to network evidence gathering and analysis
11. Introduction to mobile data gathering and analysis
The methods of instruction for this course will include lectures, seminars, and hands-on exercises.
Assessment will be in accordance with the Douglas College Evaluation Policy.
Assignments and Labs |
10-25% |
Quiz(zes)* |
10-20% |
Midterm Examination* |
25-35% |
Final Examination* |
25-40% |
Total |
100% |
Some of these assessments may involve group work.
* Practical hands-on computer exam
In order to pass the course, students must, in addition to receiving an overall course grade of 50%, also achieve a grade of at least 50% on the combined weighted examination components (including quizzes, tests, exams).
Students may conduct research as part of their coursework in this class. Instructors for the course are responsible for ensuring that student research projects comply with College policies on ethical conduct for research involving humans, which can require obtaining Informed Consent from participants and getting the approval of the Douglas College Research Ethics Board prior to conducting the research.
At the end of this course, the successful student will be able to:
- Explain the process of digital evidence gathering, imaging and analysis
- Describe the different sources of forensic artifacts in a system and be able to gather them as evidence
- Use tools to create evidence imaging such as EnCase, FTK and dd
- Mount the evidence image to a system and recover files for further analysis
- Use tools to analyze windows registry and NTUSER.DAT file
- Perform file and metadata analysis
- Gather and analyze internet evidence from the browser’s history, cookie, temporary internet files and INDEX.DAT file
- Search and analyze information from the Windows log files
- Perform file carving from unallocated space on a hard drive
- Describe the process to gather evidence from network devices and smart phone
Michael K. Robinson. Digital Forensics Workbook. Latest Edition and/or other textbook/s approved by the department
Requisites
Prerequisites
Min grade C in CSIS 2260
Corequisites
Equivalencies
Courses listed here are equivalent to this course and cannot be taken for further credit:
- No equivalency courses
Course Guidelines
Course Guidelines for previous years are viewable by selecting the version desired. If you took this course and do not see a listing for the starting semester / year of the course, consider the previous version as the applicable version.
Course Transfers
These are for current course guidelines only. For a full list of archived courses please see https://www.bctransferguide.ca
Institution | Transfer details for CSIS 3160 |
---|---|
Athabasca University (AU) | AU COMP 2XX (3) |
Coast Mountain College (CMTN) | No credit |
College of New Caledonia (CNC) | CNC CSC 2XX (3) |
Columbia College (COLU) | COLU CSCI 2nd (3) |
Kwantlen Polytechnic University (KPU) | No credit |
LaSalle College Vancouver (LCV) | LCV VGP 2XX (3) |
Simon Fraser University (SFU) | No credit |
Thompson Rivers University (TRU) | TRU COMP 3XXX (3) |
University Canada West (UCW) | UCW CPSC 3XX (3) |
University of Northern BC (UNBC) | UNBC CPSC 299 (3) |
University of the Fraser Valley (UFV) | UFV CIS 2XX (3) |
Course Offerings
Winter 2025
CRN | Days | Instructor | Status | More details |
---|---|---|---|---|
CRN
17464
|
Wed | Instructor last name
Chou
Instructor first name
David
|
Course status
Waitlist
|
CSIS 3160 051 is restricted to students in the following programs: Computing Studies and Information Systems Diploma, PBD Computer & Info Systems (Data Analytics, Emerging Technology, and Cybersecurity), PDD Information & Communication Technology, and PDD Data Analytics.