Room:  CEB 233
Time:  MTWF 12:00 - 12:50 pm
Instructor:  Carol Taylor
email: ctaylor4214@comcast.net
Office:  CEB 315    Phone:  509-359-6908

Text
Bill Nelson, Amelia Phillips, Frank Enfinger, Christopher Stewart, Guide to Computer Forensics and Investigations, 3rd Edition, Thomson Course Technology, 2008

Overview
This page covers administrative aspects of the course such as grading and course requirements. Links are provided to assignments, labs, lecture notes and course relevant links.Please check the assignments and course notes pages frequently since dates may change. You are responsible for downloading the lecture notes, handouts and any supplemental reading prior to class.

Important Links
Labs
Assignments
Course Notes
Relevant Links
Survey-Paper Instructions
Project Instructions

Course Description
This course draws upon a range of disciplines including forensic and computer sciences, law and behavioral science. The focus is on the needed knowledge and skills to identify and analyze computer based evidence plus assemble evidence for possible prosecution of computer and other types of crime. Specifically, students will learn:

• Computer Forensic Tools and Techniques: To conduct investigations that provide evidence to support or refute wrongdoing in both civil and criminal investigations. Determining how a system was penetrated and any damage to a system by intruders is also part of forensic investigations.
• Investigative procedures: Procedural rules affecting collection and use of physical evidence. Court opinions defining the rules of search and seizure and admissibility of evidence and how this translates into forensic methodologies.
• Implications of related law: Principles of criminal law and procedure, preparation and presentation of evidence, examination of witnesses, and methods of legal research. Issues discussed concerning discovery, admissibility of scientific evidence, chain of custody, use of notes, etc.
• Ethics as related to computer security issues: Values, duties, social responsibility and obligations with respect to the exercise of computer forensic procedures.

This course is intended for students at the senior/graduate level. It is expected that students have a basic understanding of computer security but not necessarily any forensic background.

Ethics and Student Responsibility
Students are trusted with access to the practices, procedures and technologies used to attack and protect valuable information assets and systems. This trust requires a commitment to high moral and ethical standards.
We expect students to act as professionals and not abuse their knowledge to cause deliberate harm to others.

Learning Objectives
With successful completion of the course you should be able to:

Law and Ethics

1. Discuss the 4th Amendment to the US Constitution and its application to computer / network search and seizure
2. Discuss the implications of the Electronic Communications and Privacy Act, the US Patriot Act, US Federal and State guidelines
3. Identify ethical/legal issues in software piracy, reverse engineering, music sharing, IP, patents, copyrights, etc.
4. Apply the rules of evidence as they relate to an electronic crime scene and to obtaining digital evidence. (i.e. recognize what can and can NOT be seized at an electronic crime scene.)
5. Discuss the methods of ensuring the chain of custody of evidence.

Disk Forensics Fundamentals

1. Distinguish the basics of NTFS vs. FAT32 vs. UNIX file systems and data storage
2. Describe wide varieties of data storage devices, how they operate, and how these devices contain evidence
3. Capture critical system information from computer disks
4. Capture critical information from a network incident

Network Forensics Fundamentals:

1. Describe the basics of good incident response techniques.
2. Identify the footprint of an attack and how a perpetrator can be identified.
3. Understand the challenges of network forensics vs. disk forensics.

Security, Management, and Forensics

1. Describe the threats and vulnerabilities to which a computer system and/or network may be exposed
2. Design policies and associated controls to assist in providing appropriate incident response.
3. Identify IP, critical or confidential information from which a computer incident might arise.

Types of Assignments

1. Homework
• Labs - Begun in class or at home. Involves a write-up
• Exercises - Typical Homework, from Book or other sources
2. Paper
• 1 well-written Paper worth as much as the midterm, OR
• Can perform an in-class demo or tutorial of a forensics technique or tool
3. Write-ups of Speakers
• Part of your participation grade. Must attend most classes and will be evaluating speakers

Grading
Undergraduate Students
   15% Midterm
   15% Final
   45% Homework
   15% Paper or Demo
   10% Class Participation and In-class Exercises

Due Dates and Assignment Requirements
All assignments are due on the date specified for the assignment.

Assignment Requirements

• Assignments will be typed except for neat hand drawn diagrams
• Students only do their own work except for group assignments

End of Syllabus