Add to collection(s) Add to saved
  1. Social Science
  2. Law
  3. Forensic Science

CIS 4203 IT Forensics & Investigations Major Instructional Areas

advertisement 
 CIS 4203
IT Forensics & Investigations
Summer C
Course Abstract:
This course offers an introduction to system forensics investigation and response. Areas of study include
procedures for investigating computer and cybercrime, and concepts for collecting, analyzing, recovering,
and preserving forensic evidence.
Major Instructional Areas
1. Digital forensic investigations
2. Forensic environments and tools
3. Evidence collection and handling
4. Forensic reporting
5. Solving business challenges with forensic investigations
Course Objectives
1. Summarize the basic principles of computer forensics.
2. Summarize important laws regarding computer forensics.
3. Describe various computer crimes and how they are investigated.
4. Describe digital forensic methodology and labs.
5. Outline the proper approach to collecting, seizing, and protecting evidence.
6. Explain techniques for hiding and scrambling information as well as how data is recovered.
7. Summarize various types of digital forensics.
8. Explain how to perform a network analysis.
9. Describe incident and intrusion response.
Class Format: Undergraduate course is delivered asynchronously via Canvas. This class will
be taught completely online. There will be a number of hands-on exercises.
Professor:
Contact Info/Office Hours:
Shane Hartman
Email me anytime at: shartman@sar.usf.edu.
Required reading: System Forensics, Investigation, and Response By: Chuck Easttom
2nd edition Book + 1.5 version Lab Manual + Virtual Lab Access ISBN: 978-­‐1-­‐284-­‐05134-­‐6 Other Resources
Books, Professional Journals
Use the following author’s names, book/article titles, Web sites, and/or keywords to search for
supplementary information to augment your learning in this subject.
§
Altheide, Cory and Harlan Carvey. Digital Forensics with Open Source Tools, Syngress, 2011.
§
Anson, Steven, et al. Mastering Windows Network Forensics and Investigation, Sybex, 2012.
§
Chappell, Laura. Wireshark 101: Essential Skills for Network Analysis Paperback, Laura Chappell
University, 2013.
§
Clark, Richard A., et aland Robert Knake. CYBER WAR: The Next Threat to National Security
and What to Do About It, Ecco, 2012.
§
Davidoff, Sherri and Jonathan Ham. Network Forensics: Tracking Hackers through Cyberspace,
Prentice Hall, 2012.
§
Kruse, Warren G., et al. “Computer forensics; incident response essentials,” December 2001, vol.
25, Issue issue 4.
§
McCarthy, N.K., Matthew Todd, and Jeff Klaben. The Computer Incident Response Planning
Handbook: Executable Plans for Protecting Information at Risk, McGraw-Hill Osborne Media,
2012.
§
Vacca, John R. Computer and Information Security Handbook, Morgan Kaufmann, 2009.
Professional Associations
§
American Academy of Forensic Sciences
This organization provides an understanding of advanced science and its application to the legal
system.
http://www.aafs.org
§
Association of Digital Forensics, Security and Law (ADFSL)
This organization focuses on the academics and research of digital forensics, security, and law.
http://www.adfsl.org/
§
High Tech Crime Consortium
This organization assists law enforcement and corporate investigators in obtaining the knowledge
and skills needed to combat digital technology crime.
http://www.hightechcrimecops.org
§
High Tech Crime Investigation Association (HTCIA)
This organization facilitates voluntary exchange of data, information, experience, ideas, and
knowledge about methods, processes, and techniques relating to investigations and security in
advanced technologies.
http://www.htcia.org/
Other References
•
Berghel, Hal. “Hiding data, forensics, and anti-forensics,” 2007, http://www.berghel.net/coledit/digital_village/apr-07/dv_4-07.php
§
Computer Crime & Intellectual Property Section: United States Department of Justice
http://www.justice.gov/criminal/cybercrime/
§
Computer Forensics, Cybercrime and Steganography Resources
http://forensix.org
§
Digital Evidence
http://www.nist.gov/oles/forensics/digital_evidence.cfm
§
Digital Evidence in the Courtroom: A Guide for Law Enforcement and Prosecutors
http://www.nij.gov/pubs-sum/211314.htm
§
DoD Cyber Crime Center (DC3)
http://www.dc3.mil/dcita/dcitaAbout.php
§
Federal Rules of Evidence
http://www.law.cornell.edu/rules/fre/
§
FBI Laboratory: Computer Analysis and Response Team
http://www.fbi.gov/about-us/lab
§
Forensic Focus
http://www.forensicfocus.com
§
National Center for Forensic Science
http://www.ncfs.ucf.edu
§
National Institute of Justice: Forensic Examination of Digital Evidence: A Guide for Law
Enforcement
http://www.nij.gov/pubs-sum/199408.htm
§
SANS
http://www.sans.org
§
U.S. Immigration and Customs Enforcement Cyber Crimes Center (ICE)
http://www.ice.gov/cyber-crimes/
Information Search
Use the following keywords to search for additional online resources that may be used for supporting your work on the course assignments: §
Anti-forensics
§
Attacks
§
Chain of Custody
§
Computer Forensics
§
Cryptography
§
Cybercrime
§
Digital Forensics
§
E-mail Forensics
§
Evidence
§
Expert Testimony
§
Forensic Investigation
§
Forensics
§
Incident Recovery
§
Incident Response
§
Laws
§
Linux Forensics
§
Macintosh Forensics
§
Malware
§
Mobile Forensics
§
Network Analysis
§
Privacy Laws
§
Steganography §
System Forensics
§
Windows Forensics
Class Participation: Here is my official stance on the subject, as I have indicated to
Student Advising: ― This course is to be taken asynchronously. Part of the student’s grade
is based on class participation, evaluations, and ability to do the work.
Forensics is a hands-on discipline. While there is a fair amount of information to be
covered—most people learn this subject matter by being involved and engaged in activities.
Use the following advice to receive maximum learning benefits from your participation in this course:
DO
DON’T
§ Do take a proactive learning approach
§ Do share your thoughts on critical issues
and potential problem solutions
§ Do plan your course work in advance
§ Don’t assume there is only one correct answer to a question § Don’t be afraid to share your perspective on the issues analyzed in the course § Do explore a variety of learning
resources in addition to the textbook
§ Do offer relevant examples from your
experience
§ Do make an effort to understand different
§ Don’t be negative towards points of view that are different from yours § Don’t underestimate the impact of collaboration on your learning points of view
§ Do connect concepts explored in this
course to real-life professional situations
and your own experiences
§ Don’t limit your course experience to reading the textbook § Don’t postpone your work on the course deliverables – work on small assignment components every day Evaluation Criteria
The graded assignments will be evaluated using the following weighted categories: Category
Weight
Discussion
6%
Assignment
30%
Lab
20%
Project
24%
Exam
20%
TOTAL
100%
Grade Conversion
The final grades will be calculated from the percentages earned in the course, as follows: Grade
Percentage
Credit
A
90–100%
4.0
B+
85–89%
3.5
B
80–84%
3.0
C+
75–79%
2.5
C
70–74%
2.0
D+
65–69%
1.5
D
60–64%
1.0
F
<60%
0.0
Please note these very important class rules:
1. Academic honesty is mandatory. Cheating on tests (which means giving help or
receiving help from another student, or providing unattributed/plagiarized answers)
is grounds for expulsion from the class and receiving a double F, which will brand
your academic career in infamy forever. If you turn in work that references someone
else’s work and do not properly attribute it, this is plagiarism. It is also grounds for
receiving a double F in the course. This includes downloading source code from the
Internet. For example, if you borrow some script code to use in your project, and it is
copyrighted, you may not remove the header information and insert your own as if it
were original code. This is unethical and grounds for dismissal from the class. Please
be sure to review the university’s policy in the USFSM Undergraduate Catalog and
the USF Student Code of Conduct.
2. Assignments are due by the beginning of class on the due date assigned. I will not
accept any late assignments unless you have specifically made arrangements with
me beforehand. For example, emailing me at the end of the semester to request
turning in all of your missed homework because you had some illness will not work.
3. Religious Observances: The University recognizes the right of students and faculty to
observe major religious holidays. Students who anticipate the necessity of being
absent from class for a major religious observance must provide notice of the date(s)
to the instructor, in writing, by the second week of classes.
4. Disabilities Accommodation: Students are responsible for registering with the Office
of Students with Disabilities Services (SDS) in order to receive academic
accommodations. Reasonable notice must be given to the SDS office (typically 5
working days) for accommodations to be arranged. It is the responsibility of the
student to provide the instructor with a copy of the official Memo of Accommodation.
Contact Information: Pat Lakey, Coordinator, 941-359-4714, plakey@sar.usf.edu,
http://www.sarasota.usf.edu/Students/Disability
5. Academic Disruption: The University does not tolerate behavior that disrupts the
learning process. The policy for addressing academic disruption is included with
Academic Dishonesty in the catalog: USFSM Undergraduate Catalog
Occurrences of academic disruption will be addressed be the professor (depending on
the situation, the student may be asked to leave or security may be called).
Following the incident, the professor will establish with the student terms for
continued course participation, and the professor will also submit a report to the
dean. The consequences to the student can range from an administrative reprimand
to suspension from USF.
Most students are highly motivated to learn and do not need to be informed of these things,
but the 5% or so that want to get a free grade without doing any work need to be made
aware of these rules. If you do not think you can abide by these (in my opinion, completely
reasonable) rules, please do not take this course!
Blackboard (MyUSF): All of our tests and assignments will be submitted via Blackboard.
Students needing instruction in using Blackboard can use the following resources:
Tutorial: http://www.sarasota.usf.edu/Academics/DE/current_students.php
USF Sarasota-Manatee Distance Education
Dale Drees: 941-359-4215 ddrees@sar.usf.edu
Stephanie Fuhr 941-359-4295 sfuhr@sar.usf.edu
USF Tampa Academic Computing
Toll-free Helpline: 866-974-1222
Live online help: http://usfsupport.custhelp.com/app/chat/chat_launch
Contingency Plans
In the event of an emergency, it may be necessary for USFSM to suspend normal
operations. During this time, USFSM may opt to continue delivery of instruction through
methods that include but are not limited to: Blackboard, Elluminate, Skype, and email
messaging and/or an alternate schedule. It’s the responsibility of the student to monitor
Blackboard site for each class for course specific communication, and the main USFSM and
College websites, emails, and MoBull messages for important general information. The USF
hotline at 1 (800) 992-4231 is updated with pre-recorded information during an emergency.
Important dates:
May 12th – Summer C, first day of classes
May 26th – Memorial Day
July 4th – Independence Day
July 18th – Last Day of Classes
Course Schedule (tentative, subject to change):
Grading Category Activity Title
Week 1: Introduction to Forensics and Computer Crimes
Required Readings Discussion • Chapter 1, “Introduction to Forensics”
• Chapter 2, “Overview of Computer Crime”
Overview of Evidence and Digital Forensic Analysis Techniques
Lab Apply the Daubert Standard on the Workstation Domain
Week 2: Forensic Methods, Labs, and Future Trends
Required Readings Discussion • Chapter 3, “Forensic Methods and Labs”
• Chapter 14, “Trends and Future Directions”
• Chapter 15, “System Forensics Resources”
Certifications
Assignment Report Cybercrimes
Assignment Digital Forensic Firms
Assignment Denial of Service Tools
Lab Perform a Byte-Level Computer Audit
Week 3: Collecting, Seizing, and Protecting Evidence
Required Readings Assignment • Chapter 4, “Collecting, Seizing, and Protecting Evidence”
Digital Forensic Software or Equipment Proposal
Assignment The Cloud
or
Digital Forensic Conferences
Lab Create a Forensic System Case File for Analyzing Forensic
Evidence
Grading Category Activity Title
Week 4: Understanding Techniques for Hiding and Scrambling Information, and Recovering Data
Required Readings Discussion Chapter 5, “Understanding Techniques for Hiding and
Scrambling Information”
• Chapter 6, “Recovering Data”
Steganography and Its Implications for Security
Assignment Proper Methods for Recovering Data
Assignment Chain of Custody Roles and Requirements
Assignment Best Practices in Collecting Digital Evidence
Lab Uncover New Digital Evidence Using Bootable Utilities
Lab Automate Image Evaluations and Identify Suspicious or Modified
Files
•
Week 5: Windows Forensics
Required Readings Assignment • Chapter 8, “Windows Forensics”
Steganography Detection Tools
or
Data Recovery Plan
Lab Craft an Evidentiary Report for a Digital Forensic Case
Week 6: Linux Forensics
Required Readings Discussion • Chapter 9, “Linux Forensics”
Comparing Windows and Linux Forensics Investigations
Assignment Tools for Monitoring Changes to Files and Memory
Assignment Windows Forensics
Lab Apply Steganography to Uncover Modifications to an Image File
Project Project Part 1: Preparation (draft)
Grading Category Activity Title
Week 7: Macintosh, E-mail, and Mobile Forensics
Required Readings Discussion • Chapter 7, “E-mail Forensics”
• Chapter 10, “Macintosh Forensics”
• Chapter 11, “Mobile Forensics”
Comparing Windows and Macintosh Forensics Investigations
or
E-mail and the Law
or
The Issue of Monitoring
Assignment Linux Forensics
Lab Automate Digital Evidence Discovery Using Paraben’s P2
Commander
Week 8: Performing Network Analysis
Required Readings Assignment • Chapter 12, “Performing Network Analysis”
Macintosh Forensics
or
E-mail Presentation
or
Mobile Forensics
Assignment Data Doctor
Assignment Appropriate Traffic Analysis Tools
Lab Decode an FTP Protocol Session and Perform Forensic Analysis
Week 9: Incident and Intrusion Response
Required Readings Discussion • Chapter 13, “Incident and Intrusion Response”
Adding Forensics to Incident Response
Assignment Network Traffic Analysis Tool Evaluation
Lab Perform an Incident Response Investigation for a Suspicious
Logon
Project Project Part 2: Review Packet Capture (draft)
Project Project Part 3: Examine Forensic Image (draft)
Week 10: Review, Final Examination, Assignment and Project Submissions
Assignment Network Security Breaches
Project Investigate Evidence and Create a Report of the Findings
Grading Category Exam Activity Title
Final Examination
Related documents
Forensics – Chapters 1-3 Study Guide Helpers
Forensics – Chapters 1-3 Study Guide Helpers
Computer and Digital Forensics Industry Overview
Computer and Digital Forensics Industry Overview
Qualifying Digital Forensic Practitioners as Expert
Qualifying Digital Forensic Practitioners as Expert
Course Syllabus Forensics Mr. LaChausse Room 123 Office Hours
Course Syllabus Forensics Mr. LaChausse Room 123 Office Hours
Senior Software Engineer - Computer Science Job Board
Senior Software Engineer - Computer Science Job Board
Welcome Letter
Welcome Letter
Download
advertisement