Description
4 credit/unit hours – Four hours of lecture weekly; one term
Students will learn the fundamental principles of forensic science. This hands-on course covers the technical aspects of digital forensics including general forensic procedures, imaging, hashing, file recovery, file system basics, identifying mismatched file types, reporting, and laws regarding computer evidence. Students will also use open-source digital forensic software tools to conduct forensic examinations.
Learning Objectives
Upon completion of this course the student will be able to:
- Discuss the rules, laws, policies, and procedures that affect digital forensics;
- Perform the steps included in a digital investigation from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, and the completion of legal proceedings;
- Write professional quality reports that include both a summary report and a notes section, which describes the technical procedures used in the investigation;
- Identify important file metadata and apply their use in a forensic investigation; and
- Perform a forensic investigation on a forensic image, using various tools to recover evidence, resulting in a report documenting the investigation
Main Topics
1.0 Understanding the Digital Forensics Profession and Investigations
2.0 The Investigator’s Office and Laboratory
3.0 Data Acquisition
4.0 Processing Crime and Incident Scenes
5.0 Working with Windows and CLI Systems
6.0 Current Computer Forensics Tools
7.0 Linux Boot Processes and File Systems
8.0 Recovering Graphics Files
9.0 Digital Forensics Analysis and Validation
10.0 Virtual Machine Forensics, Live Acquisitions and Cloud Forensics
11.0 Email and Social Media
12.0 Mobile Device Forensics and the Internet of Anything
13.0 Cloud Forensics
14.0 Report Writing for High-Tech Investigations
15.0 Expert Testimony in Digital Forensic Investigations
16.0 Ethics for the Digital Forensic Examiner and Expert Witness