ISCS 377 CYBER FORENSICS
Semester: Fall 2015
Section/Days: 01, TR
Room/Time: Hiner G16, 11:00−12:15
Credit Hours: 3
Final Exam: Dec 8 Tue, 3:00–5:30 pm
Instructor: Linda Lau
E-mail: laulk@longwood.edu
Office: Hiner G13c
Office Hours: TR 8:30-9:30, 12:15-2:00,
Fri 10-45-11:45 am, and by appointment.
Office Phone: (434) 395-2778
BASIC COURSE INFORMATION
Required Course
Materials:
1. Guide to Computer Forensics and Investigations (with DVD), 5th ed. Cengage, 2015. ISBN
10: 1-285-06003-2. ISBN-13: 978-1-285-06003-3
2. A 16 GB USB or zip disk to store all your homework.
3. Install several forensic software from the Nelson’s DVD to your laptop.
4. Copy the student data files from Nelson’s DVD to your laptop.
Recommended Course None.
Materials:
Optional Course
Materials:
None.
Course Description:
This is a fundamental required course as part of an interdisciplinary curriculum that is very
much in demand in today’s society. This course covers cyber forensics as part of one of the
three academic areas in the interdisciplinary curriculum. The three areas covered are cyber
security, cyber forensics, and cyber policy and law. This class covers methods and tools for
gaining forensic information from computer systems and networks. It includes case studies of
cybercrimes as well as the application and management of cyber forensics. The course
introduces students to forensics tools using hands-on experience and the Internet. 3 credits.
Prerequisites:
ISYS 370 or CMSC 121 or permission of instructor.
Writing Intensive:
No
Speaking Intensive:
Yes
COURSE OBJECTIVES
Upon completion of this course, students will be able to:
1. Describe key terms and concepts relating to cyber security, cyber forensics, and cyber policy and
law.
2. Utilize core digital forensics tools and the environment in which they are used.
Page 1
3. Determine and differentiate rules of evidence, eDiscovery, and various cyber laws relative to digital
forensics.
OVERVIEW OF COURSE FORMAT
The course objectives are achieved through lectures, PPT slides, homework and lab assignments, and
class discussion. The course contents include the following topics:
 Computer Forensics and Investigation
 Virtual Machines, Network Forensics,
Processes
and Live Acquisitions
 Computing Investigations
 E-mail Investigations
 The Investigator's Office and Laboratory
 Mobile Device Forensics
 Data Acquisitions
 Report
Writing
for
High-Tech
Investigations
 Processing Crime and Incident Scenes
 Expert Testimony in High-Tech
 Working with Windows and DOS
Investigations
Systems
 Ethics and High-Tech Investigation
 Current Computer Forensics Tools
 Computer Forensics Analysis
STUDENT EVALUATION
Points possible
Getting Ready Assignments
Chapter Quizzes (16)
Test # 1 (Chap 1-4)
Test # 2 (Chap 5-8)
Test # 3 (Chap 9-12)
Final Exam (Chap 13-16)
4-5 Lab Assignments
2 Hands-on Projects (10% each)
Total
Grading Scale
Percent
0%
16%
10%
10%
10%
10%
24%
20%
100%
Percent Grade
93 – 100 A
90 – 92
A87 – 89
B+
83 – 86
B
80 – 82
B77 – 79
C+
Percent Grade
73-76
C
70-72
C67-69
D+
63-66
D
60-62
D< 60
F
GETTING READY ASSIGNMENTS: To help students get started with the course, students must
complete the following activities, which are required but will not earn you any points toward the course:
 Knowledge of Course Syllabus and Class Schedule Quiz: Students must be very familiar with
every component listed on the Course Syllabus because this is the contract between the
instructor and the students.
 Your Personal Blog: As an ice breaker, you will create a personal blog and share something
about yourself with your classmates. More information about this assignment is posted on
Canvas.
CHAPTER QUIZZES: To assess students’ understanding of the basic concepts and key terms in this
course, students must complete 16 chapter quizzes which are administered online via the Longwood Canvas
Learning Management System. The deadline for all quizzes is listed on the Class Schedule, and all quizzes
must be completed five minutes prior to the start of the class period for the next chapter. Each quiz consists
of 20 questions, which could be multiple-choice, true/false, or fill-in-the-blank, and with a time limit of 20
Page 2
minutes. Students must complete all quizzes by themselves, and all chapter quizzes are closed book and
closed notes.
THREE TESTS AND FINAL EXAM: Three tests and a final exam, which focus primarily on materials
covered in class and in the textbook, will be administered during the semester. The questions on the tests
and final exam will be taken from the materials covered in the textbook and in class. Students who cannot
take the scheduled tests must discuss with the instructor in advance. Makeup tests and exam will only be
given with prior notification and under extenuating and unavoidable circumstances. The burden of proof of
said circumstances is on the student. Makeup examinations will usually differ from the original exam, and
may be essay or oral. All tests and final exam are closed book, closed notes, and students must complete
them by themselves. All assignments must be completed five minutes before class time on the date
stipulated in the Class Schedule.
LAB ASSIGNMENTS: To provide students with hands-on practice, students must complete 4-5 lab
assignments listed in the Class Schedule, and all completed homework assignments must be submitted five
minutes before the next class period.
HANDS-ON PROJECTS: Students must complete two hands-on projects on their own. More details will
be posted on Canvas later in the semester.
COURSE POLICIES
COMMUNICATION POLICY: Students/Groups who need additional help with assignments should
make an appointment with the instructor in advance. Email is another means of communication in this class.
ATTENDANCE: The attendance policy follows the guidelines stated in the Longwood Catalog (read
http://www.longwood.edu/registrar/19343.htm#attendance). Students must assume full responsibility for
any loss incurred because of absence, whether excused or unexcused. All work missed because of absences
will receive a grade of zero. Excused absences are those resulting from the student’s participation in a
University-sponsored activity, from recognizable emergencies, or from serious illness. Students are
encouraged to participate actively in class discussion and presentation.
 Instructors may assign a grade of “0” or “F” on work missed because of unexcused absences.
 Instructors have the right to lower a student’s course grade, but no more than one letter grade, if
the student misses 10 percent of the scheduled class meeting times for unexcused absences.
 Instructors have the right to assign a course grade of “F” when the student has missed a total
(excused and unexcused) of 25 percent of the scheduled class meeting times.
HONOR CODE: All students must obey the Longwood Honor Code diligently. The Honor Code is based
on the need for trust in an academic community. Longwood’s Honor Code is a system developed by and
maintained for the welfare of its students, and all students should make sure that they read and understand
the provisions outlined on Longwood Web site (http://www.longwood.edu/studentconduct/12011.htm). All
work completed for this course will be considered pledged. However, students are strongly encouraged to
write the Pledge of Honor on every submitted assignment and tests: I have neither given or received help
on this work, nor am I aware of any infraction of the Honor Code. CHEATING IS ABSOLUTELY NOT
TOLERATED AT LONGWOOD UNIVERSITY.
CBE ACADEMIC DISHONESTY POLICY: Cheating in any form will not be tolerated in the College
of Business and Economics. If the instructor determines that a student has cheated on an assignment, the
Page 3
grade of “F” may be assigned for the entire course. “Cheating” is the use of unauthorized resources and/or
work of another including but not limited to homework, tests, papers, presentations and exams. Unless
specifically instructed otherwise, students are to assume that all coursework is to be the work of the
individual student alone. If a student is unsure as to whether collaboration is permitted, the professor should
be contacted in advance of performing the work. If a faculty member penalizes a student in a course for an
Honor Code violation, they should also bring formal charges against the student with the University Honor
Board.
INCLEMENT WEATHER POLICY: In cases of inclement weather, commuter and campus based
disabled students will be permitted to make decisions about whether or not to attend classes without
penalty. If the University is open, it is expected that residence students will attend all classes being held
that day. Canceled classes will not be rescheduled since students should utilize the canceled class period as
computer lab time.
INSTITUTIONAL AND ACADEMIC POLICIES AND RESOURCES
ACCOMMODATIONS: Any student who feels that s/he may need or wish reasonable accommodations
based on the impact of a physical, psychological, medical, or learning disability (e.g., note taking support,
extended time for tests, etc.) should contact the staff at The Office for Disability Services located at Graham
Hall, tel: 434-395-2391. The office will require appropriate documentation of disability. All information is
kept confidential.
WRITING CENTER: If a student wants help with writing, The Writing Center is very helpful.
(http://www.longwood.edu/academicsuccess/15878.htm).
COMPUTER HELP: If a student has technical issues and needs assistance, please contact the
Longwood Help Desk at (434) 395-4357 or helpdesk@longwood.edu. Please visit their webpage
(http://www.longwood.edu/usersupport ) for hours of operation and additional information.
MENTAL HEALTH: The Student Health and Wellness Center can help with mental health problems.
Please visit their website (http://www.longwood.edu/health/23517.htm ) to schedule an appointment. For
general counseling please visit The Counseling Center (http://www.longwood.edu/counseling/index.html)
to schedule an appointment.
TUTORING (OPTIONAL): The Center for Academic Success provides free tutoring for this class.
Please visit their website (http://www.longwood.edu/academicsuccess/ ) for more details. To request
a tutor, please go to http://www.longwood.edu/academicsuccess/15994.htm and fill out the form.
OTHER CLASS POLICIES AND INFORMATION
1. The instructor reserves the right to make any appropriate and necessary changes to the class
schedule and syllabus.
2. Students are responsible for all materials covered in class as well as materials in the textbook. If
you must be absent, the instructor assumes that you have obtained notes from a classmate. Any
student having difficulty with the materials should make an appointment to see the instructor.
3. Private conservations between students are disruptive and annoying to both the instructor and other
students. Therefore, students with disruptive and annoying behaviors are dismissed from class until
the behavior is under control.
Page 4
CLASS SCHEDULE
*All assignments are listed in the Class Schedule below, and are due 5 minutes before the next class
period.
Wk
Date
COURSE CONTENT – READING AND HOMEWORK ASSIGNMENTS
Introduction:
1. ISYS 377 Cyber Forensics Course
2. Longwood Canvas Orientation
3. Download student data files
Aug 25
Tue
Canvas Assignments [Due on August 27, Thursday]
1. Read the FAQ
2. Knowledge of Course Syllabus and Class Schedule Quiz
3. Create your Blog page
Appendix A Certification and Testing Processes for Computer Forensics
Appendix B Computer Forensics References
Appendix C Computer Forensics Lab Configuration
Appendix D DOS-Based Computer Forensics Tools
1
Chapter 1 Understanding the Digital Forensics Profession and Investigations, p. 1-62
1. Textbook:
 Read content materials, p. 1-50
 Review Chapter Summary, p. 50
 Review Key Terms, p. 51
 Review Questions, p. 53
Aug 27
 Review Hands-on Projects, p. 54
Thu
 Review Case Projects, p. 62
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 1 Quiz [Due on Sept 1, Tuesday]
Aug 31 5:00 p.m. – Last day to add/drop a course
2
Sep 1
Tue
Chapter 2 The Investigator’s Office and Laboratory, p. 63-88
1. Textbook:
 Read content materials, p. 63-84
 Review Chapter Summary, p. 85
 Review Key Terms, p. 85
 Review Questions, p. 86
 Review Hands-on Projects, p. 87
 Review Case Projects, p. 88
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 2 Quiz [Due on Sept 3, Thursday]
Page 5
Sep 3
Thu
Lab Demonstration: Build a Computer
Sep 7
Labor Day – No School
Sep 8
Tue
Chapter 3 Data Acquisitions, p. 89-132
1. Textbook:
 Read content materials, p. 89-125
 Review Chapter Summary, p. 126
 Review Key Terms, p. 127
 Review Questions, p. 129
 Review Hands-on Projects, p. 129
 Review Case Projects, p. 132
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 2 Quiz [Due on Sept 10, Thursday]
3
Sep 10
Thu
Chapter 4 Processing Crime and Incident Scenes, p. 135-180
1. Textbook:
 Read content materials, p. 99-132-172
 Review Chapter Summary, p. 173
 Review Key Terms, p. 174
 Review Questions, p. 175
 Review Hands-on Projects, p. 177
 Review Case Projects, p. 180
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 4 Quiz [Due on Sept 15, Tuesday]
3:30 pm Convocation
Sep 15
Tue
4
5
Sep 17
Thu
Lab 1 Forensic Software Installation
Test 1 (Chapters 1-4)
3:30 pm, Hiner 207 – Internship Seminar
Sep 22
Tue
Chapter 5 Working with Windows and DOS Systems, p. 183-236
1. Textbook:
 Read content materials, p. 183-236
 Review Chapter Summary, p. 237
 Review Key Terms, p. 239
 Review Questions, p. 242
 Review Hands-on Projects, p. 244
 Review Case Projects, p. 250
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 5 Quiz [Due Sept 24, Thursday]
Sep 24
Chapter 6 Current Digital Forensics Tools, p. 251-282
Page 6
Thu
1.
2.
Sep 29
Tue
6
Oct 1
Thu
Oct 5
7
Oct 6
Tue
Textbook:
 Read content materials, p. 251-272
 Review Chapter Summary, p. 273
 Review Key Terms, p. 274
 Review Questions, p. 275
 Review Hands-on Projects, p. 276
 Review Case Projects, p. 282
Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 6 Quiz [Due on Sept 29, Tuesday]
Lab 2 Hands-on Tutorials
Chapter 7 Linux and Macintosh File Systems, p. 285-316
1. Textbook:
 Read content materials, p. 285-308
 Review Chapter Summary, p. 309
 Review Key Terms, p. 310
 Review Questions, p. 312
 Review Hands-on Projects, p. 3146
 Review Case Projects, p. 316
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 7 Quiz [Due on Oct 6, Thursday]
12:00 noon – Grade estimate due
Chapter 8 Recovering Graphics Files, p. 317-357
1. Textbook:
 Read content materials, p. 317-348
 Review Chapter Summary, p. 349
 Review Key Terms, p. 350
 Review Questions, p. 351
 Review Hands-on Projects, p. 353
 Review Case Projects, p. 357
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 8 Quiz [Due on Oct 8, Thursday]
7 pm: EiR Speaker, Blackwell Ballroom, Rear Admiral J. Scott Burhoe, President of Fork Union
Military Academy, and former Superintendent of the U.S. Coast Guard Academy
Oct 8
Thu
8
Test 2 (Chapters 5-8)
3:30 pm, Hiner 207 – Internship Seminar
Oct 12FALL BREAK
13
Page 7
Oct 14
5:00 p.m. – Last day to withdraw from a course with a “W”
5:00 p.m. – Removal of Incompletes
Oct 15
Thu
Lab 3 Hands-on Tutorials
Oct 20
Tue
Chapter 9 Digital Forensics Analysis and Validation, p. 359-386
1. Textbook:
 Read content materials, p. 359-378
 Review Chapter Summary, p. 379
 Review Key Terms, p. 380
 Review Questions, p. 381
 Review Hands-on Projects, p. 383
 Review Case Projects, p. 386
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 9 Quiz [Due on Oct 22, Thursday]
Oct 22
Thu
Chapter 10 Virtual Machines, Network Forensics, and Live Acquisitions, p. 389-422
1. Textbook:
 Read content materials, p. 389-414
 Review Chapter Summary, p. 415
 Review Key Terms, p. 416
 Review Questions, p. 417
 Review Hands-on Projects, p. 419
 Review Case Projects, p. 422
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 10 Quiz [Due on Oct 27, Tuesday]
Oct 27
Tue
Chapter 11 E-mail and Social Media Investigations, p. 423-455
1. Textbook:
 Read content materials, p. 423-44
 Review Chapter Summary, p. 446
 Review Key Terms, p. 447
 Review Questions, p. 448
 Review Hands-on Projects, p. 451
 Review Case Projects, p. 455
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 11 Quiz [Due on Oct 29, Thursday]
Oct 29
Thu
Chapter 12 Mobile Device Forensics, p. 457-479
1. Textbook:
 Read content materials, p. 457-472
 Review Chapter Summary, p. 473
 Review Key Terms, p. 474
 Review Questions, p. 475
 Review Hands-on Projects, p. 477
 Review Case Projects, p. 479
9
10
Page 8
2.
11
12
Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 12 Quiz [Due on Nov 3, Tuesday]
Nov 2
Advising and Advanced Registration Begins
Nov 3
Tue
Work on Hands-on Project 1
Nov 5
Thu
Test 3 (Chapters 9-12)
Chapter 13 Cloud Forensics, p. 481-510
1. Textbook:
 Read content materials, p. 481-500
 Review Chapter Summary, p. 501
 Review Key Terms, p. 502
 Review Questions, p. 503
 Review Hands-on Projects, p. 505
 Review Case Projects, p. 510
Nov 10
2. Canvas:
Tue
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 13 Quiz [Due on Nov 12, Thursday]
Hands-on Project 1 due today
7 pm: EiR Speaker, Blackwell Ballroom, Rodney Blevins, Senior Vice-President and Chief
Information Officer, Dominion Resources, Inc.
Nov 12
Lab 4 Hands-on Tutorials
Thu
Nov 13 Advising Ends
13
Chapter 14 Report Writing for High-Tech Investigations, p. 511-534
1. Textbook:
 Read content materials, p. 511-527
 Review Chapter Summary, p. 528
 Review Key Terms, p. 529
 Review Questions, p. 529
Nov 17
 Review Hands-on Projects, p. 531
Tue
 Review Case Projects, p. 534
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 14 Quiz [Due on Nov 19, Thursday]
Chapter 15 Expert Testimony in Digital Investigations, p. 535-565
1. Textbook:
 Read content materials, p. 535-554
Nov 19
Thu
 Review Chapter Summary, p. 555
 Review Key Terms, p. 555
 Review Questions, p. 556
Page 9
2.
14
15
16


Canvas:



Review Hands-on Projects, p. 559
Review Case Projects, p. 565
Review Chapter Overview and Learning Objectives
Review PPT slides
Complete Chapter 15 Quiz [Due on Nov 24, Tuesday]
Nov 24
Lab 5 Report Writing
Tue
Nov 26
THANKSGIVING BREAK
Thu
Dec 1
Tue
Work on Hands-on Project 2
Dec 3
Thu
Chapter 16 Ethics for the Expert Witness, p. 565-598
1. Textbook:
 Read content materials, p. 565-592
 Review Chapter Summary, p. 593
 Review Key Terms, p. 594
 Review Questions, p. 594
 Review Hands-on Projects, p. 596
 Review Case Projects, p. 598
2. Canvas:
 Review Chapter Overview and Learning Objectives
 Review PPT slides
 Complete Chapter 16 Quiz [Due on Dec 3, Tuesday]
Dec 8
Tue
FINAL EXAM (Chapters 13-16): 3:00-5:30 p.m.
Hands-on Project 2 due today
Go to the ISCS 377 Cyber Forensics Fall 2015 Course Syllabus Page
Go to the Information Systems and Cyber Security Concentration Home Page
Go to the College of Business and Economics Home Page
Go to the Longwood University Home Page
If you have any comments, corrections or suggestions, please don't hesitate to
me at
laulk@longwood.edu or call me at 434-395-2778. Also, my office hours and class schedules are listed on
my homepage.
This page was last updated on August 23, 2015.
Page 10