ISYS 377 CYBER FORENSICS COURSE SYLLABUS Spring 2014 Time: MW 1:00-2:15 p.m. Location: Hiner G14 Instructor: Dr. Glenn S. Dardick, Ph.D. Office Telephone: 434-395-2377 Office Location: Hiner G13 Office Hours: MW: By Appointment Course Description: This is a fundamental required course as part of an interdisciplinary curriculum that is very much in demand in today’s society. This course covers cyber forensics as part of one of the three academic areas in the interdisciplinary curriculum. The three areas covered are cyber security, cyber forensics, and cyber policy and law. This class covers methods and tools for gaining forensic information from computer systems and networks. It includes case studies of cybercrimes as well as the application and management of cyber forensics. The course introduces students to forensics tools using hands-on experience and the Internet. 3 credit. Prerequisites: ISYS 370 or CMSC 121 or permission of instructor. Required Text: This course requires a bundle of the following three textbooks. The ISBN for this bundle is 9781111124304. EC-Council series. Boston, MA: Cengage, 2010. Computer Forensics: Investigation Procedures and Response, 1st ed. ISBN-10: 1435483499. ISBN-13: 9781435483491. Computer Forensics: Hard Disk and Operating Systems, 1st ed. ISBN-10: 1435483502. ISBN13: 9781435483507. Computer Forensics: Investigating Data and Image Files, 1st ed. ISBN-10: 1435483510. ISBN13: 9781435483514. Materials: The student is required to have, and bring, a notebook computer. Course Objectives: Students completing this course will become familiar with the core digital forensics tools and the environment in which they are used. Students will also become familiar with rules of evidence, eDiscovery and various cyber laws relative to digital forensics. Course Contents: Computer Forensics and Investigation Processes. Computing Investigations. The Investigator's Office and Laboratory. Data Acquisitions. Processing Crime and Incident Scenes. Working with Windows and DOS Systems. Current Computer Forensics Tools. Computer Forensics Analysis. Virtual Machines, Network Forensics, and Live Acquisitions. E-mail Investigations. Mobile Device Forensics. Report Writing for High-Tech Investigations. Expert Testimony in High-Tech Investigations. 1 Ethics and High-Tech Investigations. Class Schedule: Class section meets for approximately 45 hours – 3 hours per week for 15 weeks. The attached table outlines the course schedule and content. Grading: The grade in this class will be determined using the following components. The component and weighting of each component is as follows: Final Exam Test1 Test2 Test3 Quizzes Assignments Project Total 15% 10% 10% 10% 18% 12% 25% 100% (15pts) (10pts) (10pts) (10pts) (18pts) (12pts) (25pts) (100pts) Grading: 90 – 100 80 - 89 70 - 79 60 - 69 under 60 A B C D F Attendance Policy: The attendance policy follows the guidelines stated in the Longwood Catalog which may be found at the following URL: http://www.longwood.edu/registrar/19343.htm#attendance According to the attendance policy, instructors have the right to lower a student's course grade, but no more than one letter grade, if the student misses 10% of the scheduled class meeting times for unexcused absences. Instructors also have the right to assign a course grade of "F" when the student has missed a total (excused and unexcused) of 25% of the scheduled class meeting times. Students must assume full responsibility for any loss incurred because of absence, whether excused or unexcused. All work missed because of absences will receive a grade of zero. Excused absences are those resulting from the student’s participation in a university-sponsored activity, from recognizable emergencies, or from serious illness. Make-ups: Missed quizzes cannot be made up and count as a 0. In exceptional cases such as medical emergencies, requests and acceptable justification for rescheduling of an exam may be made to Dr. Dardick at least 24 hours before the scheduled test date. Make-ups will be given at a time and in a form decided by the instructor. Honor Code: Students are encouraged to review the Longwood University Honor System detailed in the Undergraduate Catalog: “Students are expected to assume full responsibility for their actions and refrain from lying, cheating, stealing, and plagiarism.” Students must sign the Honor Pledge on all assignments and exams in this class. CBE Academic Dishonesty Policy: Cheating in any form will not be tolerated in the College of Business and Economics (CBE). If the instructor determines that a student has cheated on an assignment, the grade of “F” may be assigned for the entire course. “Cheating” is the use of unauthorized resources and/or work of another including but not limited to homework, tests, papers, presentations and exams. Unless specifically instructed otherwise, students are to assume that all coursework is to be the work of the individual student alone. If a student is unsure as to whether collaboration is permitted, the professor should be contacted in advance of performing the work. Tests and Quizzes: All tests and quizzes taken must be taken in the assigned classroom (or the Learning Center by prior arrangement). Test and quizzes will require a notebook computer able to connect to the Longwood network. It is the student’s responsibility to assure that their computer is set up correctly. Communications: We will be using the Longwood Canvas facilities and email. 2 Inclement Weather Policy: Check the Longwood Canvas system for notices and instructions concerning this class. In cases of inclement weather, commuter and campus based disabled students will be permitted to make decisions about whether or not to attend classes without penalty. If the University is open, it is expected that residence students will attend all classes being held that day. Learning Disabilities: Any student who feels that he or she may need accommodations based on a learning disability should make an appointment to discuss the disabilities with the instructor or the staff at The Office of Disability Resources (434-395-2391). Comments: The instructor reserves the right to make any appropriate and necessary changes to the class schedule and syllabus. Students are responsible for all materials covered in class as well as materials in the textbook. If you must be absent, the instructor assumes that you have obtained notes from a classmate. Any student having difficulty with the materials should make an appointment to see the instructor. CLASS SCHEDULE Wk Day Date 1 M 1/13 No class W 1/15 Introduction M 1/20 MLK Day – no class W 1/22 Introduction V1, Ch1: Computer Forensics in Today's World M 1/27 The Forensics Laboratory V1, Ch2: Computer Forensics Lab W 1/29 Investigations V1, Ch3: Computer Investigation Process V1, Ch4: First Responder Procedures M 2/3 Computer Hardware and Devices Assignment: Hardware W 2/5 Computer Hardware and Devices File Systems V2, Ch1: Understanding File Systems and Hard Disks V2, Ch2: Understanding Digital Media Devices M 2/10 Forensics Software Applications V3, Ch2: Data Acquisition and Duplication Assignment: Software W 2/12 Forensics Software Applications V2, Ch4: Windows Forensics I M 2/17 Forensics Software Applications V2, Ch4: Windows Forensics I W 2/19 M 2/24 Investigations V1, Ch5: Incident Handling W 2/26 Investigations V1, Ch6: Investigative Reports M 3/3 F 3/7 M 3/10 Investigations W 3/12 Windows Forensics 2 3 4 5 6 7 8 9 Topic Readings TEST 1 Spring Break Assignment: Testimony and Expert Witness Reports V2, Ch5: Windows Forensics II 3 10 11 12 13 14 15 16 M 3/17 Windows Forensics V2, Ch5: Windows Forensics II W 319 Windows Forensics V2, Ch5: Windows Forensics II M 3/24 Windows Forensics V3, Ch4: Recovering Deleted Files and Deleted Partitions W 3/26 M 3/31 File Systems W 4/2 Investigations V2, Ch3: Windows, Linux and Macintosh Boot Processes V2, Ch7: Application Password Crackers M 4/7 Graphics V3, Ch5: Image File Forensics W 4/9 Graphics V3, Ch1: Steganography M 4/14 File Systems V2, Ch6: Linux Forensics W 4/16 Forensic Software Applications V3, Ch3: Forensics Investigations Using EnCase M 4/21 W 4/23 Project F 5/2 3:00-5:30 p.m. – FINAL EXAM TEST 2 TEST 3 4