Download Computer Forensics

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Document related concepts
no text concepts found
Transcript
Purdue University Calumet
School of Technology
Course Syllabus
ITS 45200 - Computer Forensics
Credits and Contact Hours:
Pattern 2 hours lecture, 2 hours lab, 3 hours credit
Instructor’s or Course Coordinator’s Name:
Samuel Liles
Text Book, Title, Author and Year:
Carrier, Brian “File system forensic analysis” Addison-Wesley, 2005
Bunting, Steve “ENCE: The official EnCase Certified Examine Study Guide”, Sybex, 2008
Introduction to the Course:
This course covers the techniques used in the forensic analysis of computerized systems for gathering evidence
to detail how a system has been exploited or used. Extensive laboratory exercises are assigned.
Prerequisite ITS 35400
Course is required.
Specific Goals to the Course:
Upon graduation students will be able to:
1. List three types of legal systems used by countries in the world.
2. Describe how digital forensics fits with the other forensic disciplines.
3. Describe a method for capturing a disk drive as evidence and proving its integrity for legal evidence
purposes.
4. Explain the difference between the rules for a corporation seizing its property from an employee and law
enforcement’s seizing of property from a citizen.
5. Explain the concept of “reasonable expectation of privacy”, its relationship to corporate policy banners
displayed on workstations, and the use of email as evidence in the prosecution of an employee by the
corporation.
6. List the areas on a disk that could contain evidence that are not accessible through normal operating
system access.
7. List three methods for hiding information on a typical file system.
8. Explain why “free space” often contains interesting data.
9. Capture a forensic image of a disk drive and guarantee the integrity of the image using MD5 or SHA
signatures.
10. Perform a basic media analysis of a captured drive using a forensic toolkit.
Page 1 of 2
 Specific outcomes of instruction (e.g. the student will be able to explain the significance of current
research about a particular topic)-(ABET criteria l, m, c, k, n, d, f).
Course Delivery Methods (check all that apply):
X
X
□
□
□
□
Lecture
Laboratory
Online
Discussion groups
Projects
Other (explain)
Factors Used to Determine the Course Grade (check all that apply):
□ Quizzes
X Exams
X Homework
X Papers
X Lab Reports
X Class participation
□ How final grade is determined
Brief List of Topics to be Covered:
Legal systems
Digital forensics and its relationship to other forensic disciplines
Rules of evidence
Search and seizure
Digital evidence
Media analysis