Course
Discontinued
No
Course Code
CSIS 4150
Descriptive
Digital Forensics
Department
Computing Studies & Information Systems
Faculty
Commerce & Business Administration
Credits
3.00
Start Date
End Term
201820
PLAR
Yes
Semester Length
15 weeks
Max Class Size
Lecture: 35/Lab: 35
Contact Hours
Lecture: 2 Hours per week, Lab: 2 Hours per week, Total: 4 Hours per week
Method(s) Of Instruction
Lecture
Lab
Learning Activities
Lectures, seminars, demonstrations, and hands-on exercises in the lab
Course Description
This course will provide a foundation of concepts in digital forensics including theory, technical tools and methodologies employed in this area. It is aimed at students with limited or no prior exposure to digital forensics. The students are expected to have prior knowledge of networking and network security concepts.
The students will learn digital forensics concepts, tactical issues, the methodologies used, and the tools needed to perform forensics investigations. Digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet will be discussed. Students will get hands-on laboratory experience in using various digital forensic tools such as Autopsy/The Sleuth Kit, OSForensics, EnCase, FTK, Cellebrite, BlackLight or equivalent to apply the concepts learned in the course.
The students will learn digital forensics concepts, tactical issues, the methodologies used, and the tools needed to perform forensics investigations. Digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet will be discussed. Students will get hands-on laboratory experience in using various digital forensic tools such as Autopsy/The Sleuth Kit, OSForensics, EnCase, FTK, Cellebrite, BlackLight or equivalent to apply the concepts learned in the course.
Course Content
- Digital Forensics Profession and Investigations concepts.
- Data Acquisition and Evidence Discovery
- Digital Forensics Analysis and Validation.
- Current Digital Forensics Tools.
- Operating Systems Forensics
- Virtual Machine and Cloud Forensics.
- Live Acquisitions and Network Forensics.
- Email and Multimedia Investigations.
- Cell Phone and Mobile Device Investigations
- Anti-forensics methods/tools
Learning Outcomes
Upon successful completion of the course, the student will be able to:
- Describe the concept of digital forensics, and explain its utility in cyber security.
- Identify and summarize requirements, procedures and protocols involved to conduct a digital forensic investigation
- Demonstrate knowledge of the process of data acquisition, and identify digital evidence for forensic investigations
- Identify and demonstrate knowledge of file system, boot processes and registries for various operating systems.
- Use and apply various digital forensic tools to conduct forensic investigations including data acquisition, evidence discovery, validation, and analysis.
- Design, devise, implement and conduct forensic investigations with use-case scenarios involving multimedia, email, network, cloud, mobile, social networking and location-aware applications.
- Identify, describe and demonstrate knowledge of anti-forensic methods and tools.
Means of Assessment
Means of Assessment*
Participation |
0-5% |
Labs/Assignments/Project(s) |
20-30% |
Quiz(zes) |
10-20% |
Midterm Examination |
25-35% |
Final Examination |
25-35% |
Total |
100% |
*Some of these assessments may involve group work.
Textbook Materials
Textbook/Materials
Nelson, B., Phillips, A., and Steuart, C. Guide to Computer Forensics and Investigations. Latest edition.
OR
Other textbook approved by department
Recommended Reference (optional)
J. Sammons, The Basics of Digital Forensics, latest edition
Publisher: Syngress
Corequisites
Nil
Equivalencies
Nil
Which Prerequisite
Nil