Digital Forensics

Curriculum Guideline

Effective Date:
Course
Discontinued
No
Course Code
CSIS 4150
Descriptive
Digital Forensics
Department
Computing Studies & Information Systems
Faculty
Commerce & Business Administration
Credits
3.00
Start Date
End Term
202030
PLAR
No
Semester Length
15 weeks
Max Class Size
Lecture: 35/Lab: 35
Contact Hours
Lecture: 2 Hours per week, Lab: 2 Hours per week, Total: 4 Hours per week
Method(s) Of Instruction
Lecture
Lab
Learning Activities

Lectures, seminars, demonstrations, and hands-on exercises in the lab

Course Description
This course will provide a foundation of concepts in digital forensics including theory, technical tools and methodologies employed in this area. It is aimed at students with limited or no prior exposure to digital forensics. The students are expected to have prior knowledge of networking and network security concepts.
The students will learn digital forensics concepts, tactical issues, the methodologies used, and the tools needed to perform forensics investigations. Digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet will be discussed. Students will get hands-on laboratory experience in using various digital forensic tools such as Autopsy/The Sleuth Kit, OSForensics, EnCase, FTK, Cellebrite, BlackLight or equivalent to apply the concepts learned in the course.
Course Content
  1. Digital Forensics Profession and Investigations concepts.
  2. Data Acquisition and Evidence Discovery
  3. Digital Forensics Analysis and Validation.
  4. Current Digital Forensics Tools.
  5. Operating Systems Forensics
  6. Virtual Machine and Cloud Forensics.
  7. Live Acquisitions and Network Forensics.
  8. Email and Multimedia Investigations.
  9. Cell Phone and Mobile Device Investigations
  10. Anti-forensics methods/tools
Learning Outcomes

Upon successful completion of the course, the student will be able to:

  1. Describe the concept of digital forensics, and explain its utility in cyber security.
  2. Identify and summarize requirements, procedures and protocols involved to conduct a digital forensic investigation
  3. Demonstrate knowledge of the process of data acquisition, and identify digital evidence for forensic investigations
  4. Identify and demonstrate knowledge of file system, boot processes and registries for various operating systems.
  5. Use and apply various digital forensic tools to conduct forensic investigations including data acquisition, evidence discovery, validation, and analysis.
  6. Design, devise, implement and conduct forensic investigations with use-case scenarios involving multimedia, email, network, cloud, mobile, social networking and location-aware applications.
  7. Identify, describe and demonstrate knowledge of anti-forensic methods and tools.

 

Means of Assessment

Means of Assessment*

 

 

Labs/Assignments/Project(s)

20-30%

Quiz(zes)**

10-20%

Midterm Examination**

25-35%

Final Examination**

25-35%

Total

100%

*Some of these assessments may involve group work.

**In order to pass the course, students must, in addition to receiving an overall course grade of 50%, also achieve a grade of at least 50% on the combined weighted examination components (including quizzes, tests, exams).

Textbook Materials

Textbook/Materials

Nelson, B., Phillips, A., and Steuart, C. Guide to Computer Forensics and Investigations. Latest edition.

OR

Other textbook approved by department

 

Recommended Reference (optional)

J. Sammons, The Basics of Digital Forensics, latest edition

Publisher: Syngress

 

Prerequisites

Min grade C in (CSIS 2260 and CSIS 2270)

 

Corequisites

Nil

Equivalencies

Nil

Which Prerequisite

Nil