Lectures, seminars, demonstrations, and hands-on exercises in the lab
The students will learn digital forensics concepts, tactical issues, the methodologies used, and the tools needed to perform forensics investigations. Digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet will be discussed. Students will get hands-on laboratory experience in using various digital forensic tools such as Autopsy/The Sleuth Kit, OSForensics, EnCase, FTK, Cellebrite, BlackLight or equivalent to apply the concepts learned in the course.
- Digital Forensics Profession and Investigations concepts.
- Data Acquisition and Evidence Discovery
- Digital Forensics Analysis and Validation.
- Current Digital Forensics Tools.
- Operating Systems Forensics
- Virtual Machine and Cloud Forensics.
- Live Acquisitions and Network Forensics.
- Email and Multimedia Investigations.
- Cell Phone and Mobile Device Investigations
- Anti-forensics methods/tools
Upon successful completion of the course, the student will be able to:
- Describe the concept of digital forensics, and explain its utility in cyber security.
- Identify and summarize requirements, procedures and protocols involved to conduct a digital forensic investigation
- Demonstrate knowledge of the process of data acquisition, and identify digital evidence for forensic investigations
- Identify and demonstrate knowledge of file system, boot processes and registries for various operating systems.
- Use and apply various digital forensic tools to conduct forensic investigations including data acquisition, evidence discovery, validation, and analysis.
- Design, devise, implement and conduct forensic investigations with use-case scenarios involving multimedia, email, network, cloud, mobile, social networking and location-aware applications.
- Identify, describe and demonstrate knowledge of anti-forensic methods and tools.
Means of Assessment*
|
|
Labs/Assignments/Project(s) |
20-30% |
Quiz(zes)** |
10-20% |
Midterm Examination** |
25-35% |
Final Examination** |
25-35% |
Total |
100% |
*Some of these assessments may involve group work.
**In order to pass the course, students must, in addition to receiving an overall course grade of 50%, also achieve a grade of at least 50% on the combined weighted examination components (including quizzes, tests, exams).
Textbook/Materials
Nelson, B., Phillips, A., and Steuart, C. Guide to Computer Forensics and Investigations. Latest edition.
OR
Other textbook approved by department
Recommended Reference (optional)
J. Sammons, The Basics of Digital Forensics, latest edition
Publisher: Syngress
Nil
Nil
Nil