CSCD496 Computer Forensics
Room: CEB 233
Time: MTWF 12:00 - 12:50 pm
Instructor: Carol Taylor
Office: CEB 315
Bill Nelson, Amelia Phillips, Frank Enfinger, Christopher Stewart, Guide to Computer Forensics and
Investigations, 3rd Edition, Thomson Course Technology, 2008
This page covers administrative aspects of the course such as grading and course requirements.
Links are provided to assignments, labs, lecture notes and course relevant links.Please check the assignments
and course notes pages frequently since dates may change.
You are responsible for downloading the lecture notes, handouts and any supplemental reading
prior to class.
This course draws upon a range of disciplines including forensic and computer sciences,
law and behavioral science. The focus is on the needed knowledge and skills to identify and analyze
computer based evidence plus assemble evidence for possible prosecution of computer and other types of crime.
Specifically, students will learn:
- Computer Forensic Tools and Techniques:
To conduct investigations that provide evidence to support or refute wrongdoing in both civil and criminal
investigations. Determining how a system was penetrated and any damage to a system by intruders is also part of
- Investigative procedures: Procedural rules affecting collection and use of physical evidence. Court opinions defining the rules of search and seizure and admissibility of evidence and how this translates into forensic methodologies.
- Implications of related law: Principles of criminal law and procedure, preparation and presentation of evidence, examination of witnesses, and methods of legal research. Issues discussed concerning discovery, admissibility of scientific evidence, chain of custody, use of notes, etc.
- Ethics as related to computer security issues: Values, duties, social responsibility and obligations with respect to the exercise of computer forensic procedures.
This course is intended for students at the senior/graduate level. It is expected that students have a basic understanding of computer security but not necessarily any forensic background.
Ethics and Student Responsibility
Students are trusted with access to the practices, procedures and technologies
used to attack and protect valuable information assets and systems. This trust requires
a commitment to high moral and ethical standards.
We expect students to act as professionals and not abuse their knowledge to cause deliberate harm to others.
With successful completion of the course you should be able to:
Law and Ethics
- Discuss the 4th Amendment to the US Constitution and its application to computer / network search and seizure
- Discuss the implications of the Electronic Communications and Privacy Act, the US Patriot Act, US Federal and State guidelines
- Identify ethical/legal issues in software piracy, reverse engineering, music sharing, IP, patents, copyrights, etc.
- Apply the rules of evidence as they relate to an electronic crime scene and to obtaining digital evidence.
(i.e. recognize what can and can NOT be seized at an electronic crime scene.)
- Discuss the methods of ensuring the chain of custody of evidence.
Disk Forensics Fundamentals
- Distinguish the basics of NTFS vs. FAT32 vs. UNIX file systems and data storage
- Describe wide varieties of data storage devices, how they operate, and how these devices contain evidence
- Capture critical system information from computer disks
- Capture critical information from a network incident
Network Forensics Fundamentals:
- Describe the basics of good incident response techniques.
- Identify the footprint of an attack and how a perpetrator can be identified.
- Understand the challenges of network forensics vs. disk forensics.
Security, Management, and Forensics
- Describe the threats and vulnerabilities to which a computer system and/or network may be exposed
- Design policies and associated controls to assist in providing appropriate incident response.
- Identify IP, critical or confidential information from which a computer incident might arise.
Types of Assignments
- Labs - Begun in class or at home. Involves a write-up
- Exercises - Typical Homework, from Book or other sources
Write-ups of Speakers
- 1 well-written Paper worth as much as the midterm, OR
- Can perform an in-class demo or tutorial of a forensics technique or tool
- Part of your participation grade. Must attend most classes and will be evaluating speakers
15% Paper or Demo
10% Class Participation and In-class Exercises
Due Dates and Assignment Requirements
All assignments are due on the date specified for the assignment.
- Assignments will be typed except for neat hand drawn diagrams
- Students only do their own work except for group assignments
End of Syllabus