CMPS 3650 Digital Forensics (4)
Investigative techniques, evidence handling procedures, forensics tools,
digital crime reconstruction, incident response, ethics, and legal guidelines
within the context of digital information and computer compromises. Hands-on
case studies cover a range of hardware and software platforms and teach
students how to gather evidence, analyze evidence, and reconstruct incidents.
Prerequisite: None, but CMPS 2650 or equivalent experience in the Unix/Linux
command-line environment is strongly recommended
Experience in the Unix/Linux command-line environment is strongly recommended
Knowledge of how to install, configure, use, and troubleshoot Windows and/or Unix/Linux will be useful.
4 semester units. 3 units lecture (150 minutes), 1 unit lab (150 minutes).
Elective for CS
Incident Response and Computer Forensics, Second Edition by Chris Prosise,
Kevin Mandia, and Matt Pepe; McGraw-Hill; ISBN-13: 978-0072226966.
None
Melissa Danforth, Donna Meyers
This course covers the following ACM/IEEE CS2013 (Computer Science)
Body of Knowledge student learning outcomes:
CS-IAS/Digital Forensics
CS-IAS/Security Policy and Governance
CS-OS/Security and Protection
CS-SP/Professional Ethics
CS-SP/Security Policies, Laws and Computer Crimes
The course maps to the following performance indicators for Computer Science
(CAC/ABET):
- 3e. An understanding of professional, ethical, legal, security, and
social issues and responsibilities.
-
- 3i. An ability to use the current techniques, skills, and tools necessary
for computing practice.
-
Week | Chapter(s) | Topics |
1 | Chapter 9 |
Professional ethics, Legal foundations, Evidence handling |
2 | Chapters 1 and 2 |
Incident response overview |
3 | Chapters 3 and 4 |
Incident response stages: Prevent/Prepare, Detect, Respond |
4 | Chapter 4 |
Investigation steps, Preparation for evidence/data collection |
5 | Chapter 5 |
Collecting data/evidence from Windows systems |
6 | Chapter 6 |
Collecting data/evidence from Unix/Linux systems |
7 | Chapter 7 |
Collecting data/evidence from storage systems, Forensic duplication |
8 | Chapter 8 |
Collecting data/evidence from networks |
9 | Chapters 10 and 11 |
Analyzing evidence from storage systems |
10 | Chapter 12 |
Analyzing evidence from Windows systems |
11 | Chapter 13 |
Analyzing evidence from Unix/Linux systems |
12 | Chapter 14 |
Analyzing evidence from networks |
13 | Chapter 16 |
Analyzing evidence from network routers |
14 | Chapter 15 |
Analyzing executables and unknown files |
15 | Chapter 17 |
Reporting forensic discoveries, Remediation planning |
Not applicable to this course.
Melissa Danforth on 31 July 2014
Approved by CEE/CS Department on [date]
Effective Fall 2016