CIS 293 – Digital Forensics III
SPRING QUARTER 2013 / ITEM 2608 / SECTION A / 5 CREDITS
SATURDAYS NOON – 5:15 PM 4/6/13 THROUGH 5/4/13
1. INSTRUCTOR
Steve Hailey: A+, AccessData Certified Examiner, CacheBack Certified Examiner (CBCE), Certified EC-Council
Instructor, Certified EC-Council Incident Handler, Certified Ethical Hacker (CEH), Certified Hacking Forensic
Investigator (CHFI), Certified Information Systems Security Professional (CISSP), CIW:Certified Trainer, CIW:ECommerce Designer, CIW:Foundations, CIW:Internetworking Professional, CIW:Security Analyst, CIW:Security
Professional, CIW:Server Administrator, CIW:Site Designer, CIW:Master Server Administrator, CIW:Master Site
Designer, Certified Personal Digital Assistant Examiner, Certified Technical Trainer, Computer Forensics Certificate:
Oregon State University, Digital Forensic Certified Practitioner, Forensic Computer Examiner, iNet+, Microsoft
Certified Systems Engineer (MCSE), Microsoft Certified Professional + Internet, Network+, Security+, Security
Certified Network Professional (SCNP).
2. PREREQUISITES
CIS 273 with a grade of at least 2.5 or instructor's permission.
3. INSTRUCTOR CONTACT INFORMATION / OFFICE HOURS / ADVISING
See the Information Security and Digital Forensics Website at INFOSEC.EDCC.EDU for current information. This
information is updated as the quarter progresses, so check prior to coming in to meet with the instructor. Information
on CIS Advising Day for the quarter should be available on the site as well. If you need advising, be sure to make an
appointment.
4. OPEN LABS – SNOHOMISH HALL ROOM 123
See the Information Security and Digital Forensics Website at INFOSEC.EDCC.EDU for current information. This
information is updated as the quarter progresses, so check prior to coming in to meet with the instructor.
5. CLASS MEETS ON SATURDAYS NOON – 5:15 PM IN SNOHOMISH HALL ROOM 123
Saturday April 6 2013
Saturday April 13 2013
Saturday April 20 2013
Saturday April 27 2013
Saturday May 4 2013
6. DATES TO BE AWARE OF
April 1:
Spring quarter classes begin
April 1:
Complete the Dream Scholarship Deadline
April 3:
Last day Web registration available for adding classes
April 5:
Last day for 100% refund
April 5:
Last day to drop classes online
April 12: Graduation application submission deadline
April 12: Last day to drop a class without a transcript entry
April 15: Late petition required to register unless otherwise posted in schedule
April 15: Foundation Scholarship Application Deadline
April 22: Last day for 50% refund
May 4:
FINAL EXAM, THIS CLASS
May 10: Non-instructional Day, No Classes, College Open
May 17: Last day to withdraw, add a continuous enrollment class, or change credit status
May 22: Registration for summer and fall quarters begins
May 27: Memorial Day: College Closed
June 10 : Web grading available to instructors through instructor briefcase
June 11: Final exams
June 14 : Last day of spring quarter
June 19: Grades are due
June 21: Grades available to students online
Page 1 of 10
7. STUDENT UNDERSTANDING – DIGITAL FORENSICS/INFORMATION SECURITY CLASSES
You will be using software tools and methods in your digital forensics and information security courses that could
constitute a criminal act if used inappropriately or for malicious purposes.
Malicious computing practices, commonly known as "hacking," are illegal. Hacking activities can include, but are not
limited to, conducting denial-of-service attacks; unauthorized access of computer systems and computing devices with
the intent to view, delete or deposit files; defeating an authentication mechanism; unauthorized “sniffing” or capturing
network traffic. In many countries and states, existing laws prohibit such activities, and you may be liable to criminal or
civil prosecution if you engage in such acts.
The digital forensics and/or information security course(s) that you are enrolled in has/have been developed for the
purposes of teaching how to protect computing resources from malicious computing practices, and/or how to
investigate possible misuse or criminal activity where computing devices are used. The goal of the digital forensics
and/or information security classes is not to instruct in how to engage in illegal behavior (e.g., "hacking," as defined
above). Edmonds Community College does not explicitly or implicitly encourage student to use any tools, skills or
knowledge they may obtain to conduct activities that are considered unethical and/or illegal. Edmonds Community
College actively discourages any malicious, unethical or illegal use of the knowledge gained from the courses you are
enrolled in.
Sniffing network traffic outside of instructor led or announced labs during class time is not allowed, nor is using
software to capture, display, and/or “crack” the passwords used by other students for their personal accounts such as
email.
8. STUDENT EXPECTATIONS – AT HOME LABS AND OPEN LAB TIME
There will be labs and assignments for your classes that you will be expected to complete at home for CIS 272, 273,
293, and 294. The setup for all classes will be similar. The digital forensics and data recovery classes are advanced
classes – it is expected that students are able to install, troubleshoot and maintain a computer with the required
software to complete all assignments.
Understand that you should have access to a computer at home in order to take the digital forensic and data recovery
classes, and that you are expected to be able to install operating systems and software, troubleshoot, maintain, and
otherwise keep your system running. If you do not possess the skills to do this at this time, it is not recommended that
you take the digital forensic or data recovery courses yet, and that you see Steve Hailey to be advised for proper
placement in classes that you need prior to taking the advanced courses.
If you do not have access to a computer at home, then you will need to come in to the Snohomish 123 lab during the
posted lab times and practice with the technologies and software covered in class in order to become proficient.
There are anywhere from 30 – 50 open lab hours scheduled per week, including hours on Sunday. To become
proficient in digital forensics, you must practice. Take advantage of the open labs times and the equipment and
software you have available to you!
9. HOME COMPUTER SETUP
Due to the nature of the classes and the types of labs that we will be doing, it is possible that you could damage or
render inoperable the operating system that you are using for the labs. To be successful in performing the labs at
home, it is highly recommended that you do the following:
1. Install Windows XP Professional and any software you will be using for your class on a removable or separate hard
drive. If you chose to use Windows Vista or Windows 7 for your classes, you are expected to be able to set it up
properly. Understand that hundreds of students have used Vista/Windows 7 for their classes successfully, and these
operating systems will work with the digital forensic and data recovery software if configured properly. You can obtain
a copy of Windows XP Professional, Vista, or Windows 7 at no cost through the Microsoft Developers Network
Academic Alliance. See the document named MSDNAA.pdf in the Course Materials section on Blackboard. DO
NOT USE “HOME” VERSIONS OF MICROSOFT OPERATING SYSTEMS FOR YOUR FORENSIC/DATA
RECOVERY WORKSTATION SETUP AT HOME.
2. Ghost the hard drive so that it can be easily restored. FREE SOFTWARE LIKE SYMANTEC GHOST
3. Use this hard drive for your classes. When performance slows or it is otherwise needed, restore the Ghost image to
this drive.
Page 2 of 10
Lastly, do not store any personal information on this drive, or any information that you cannot afford to lose. If using
this drive for homework or assignments, be sure to back up any data on a regular basis.
DO NOT PERFORM ANY LABS AT HOME ON A SYSTEM THAT CONTAINS INFORMATION YOU CANNOT LOSE,
OR THAT CONTAINS PERSONAL INFORMATION SUCH AS BANK ACCOUNT AND CREDIT CARD
INFORMATION. UNDERSTAND THAT EDCC IS NOT RESPONSIBLE FOR YOUR PERSONAL COMPUTER
SYSTEMS IN ANY WAY. ONLY PERFORM LABS USING THE REMOVABLE HARD DRIVE THAT HAS BEEN
SETUP SPECIFICALLY FOR YOUR CLASSES AS DESCRIBED ABOVE.
10. USE OF FORENSIC TOOLKIT AND RELATED SOFTWARE
You will need to install forensic software on your computer at home in order to successfully complete this class.
Please see the document on Blackboard named 1A.SoftwareInstall.pdf in the Course Materials section. The setup
for this class is the same as that for CIS 273 which you have already completed. As in CIS 273, you are expected to
have a functioning system in order to keep up with the assignments and coursework.
11. DONGLE CHECKOUT
You will be checking out a dongle your first class meeting. The dongle is your license for the forensic software, and will
allow you to use the software at home. In the Course Materials section on Blackboard you will find
B.DongleCheckout.pdf. Have this document printed out prior to class and bring it with you for the first class
meeting.
12. HOMEWORK EXPECTATIONS
All homework is due at the beginning of class on the date due. You are given plenty of time to complete the homework
assignments – manage your time appropriately and get your assignments in on time. I advise you to not wait until the
last minute to start on your homework.
A typical college course that runs twice a week during the normal quarter (not compressed or hybrid) consists of two
class meetings per week for approximately 11 weeks or 22 class meetings. This equates roughly to 5 ½ hours per
week of class time or approximately 60 hours, including labs and hands-on activities. We are going to have a total of
approximately 26 hours of time in class during the quarter. Your expectations should be to spend approximately 40 to
50 hours or more total time outside of class working on the assignments.
Homework will be assigned in accordance with the schedule in this syllabus, and due in accordance with the schedule
in this syllabus. It is your responsibility to know when homework is due and to turn it in on time. Any essays and
reports need to be typed and a professional business tone used. I expect the same quality of work that you would
provide an employer. Points will be taken off for sloppy work.
IF YOU ARE UNSURE OF WHAT IS EXPECTED OR HAVE QUESTIONS REGARDING ANY HOMEWORK
ASSIGNMENT, OBTAIN CLARIFICATION FROM YOUR INSTRUCTOR. THIS IS YOUR RESPONSIBILITY. DO
NOT WAIT UNTIL THE DAY BEFORE OR DAY OF AN ASSIGNMENT BEING DUE TO OBTAIN CLARIFICATION
ABOUT THE ASSIGNMENT.
13. HOMEWORK AND ASSIGNMENTS OVERVIEW FOR CIS 293
There will be three homework assignments, one in-class quiz, and a final exam this quarter. One of your homework
assignments will be completing a forensic analysis and submitting a forensic analysis report. The information you will
need to complete the forensic analysis report will be made available by April 11 2013.
Homework #1 will cover material and techniques learned in CIS 273. Homework #2 will cover the “Dickinson Case”
that we will be working on in class and will initialize the first class meeting. Homework #3 will be your forensic analysis
report, due on the last day of class. The in-class quiz will be a test of your ability to use a variety of forensic tools to
locate artifacts and information. The final exam will be a test of your combined knowledge from CIS 272 through CIS
293.
Page 3 of 10
14. LATE ASSIGNMENTS
Homework is due at the beginning of class on the dates listed in this syllabus. There is likely to be additional
assignments not listed in the syllabus at this time that you will need to know about.
Homework received after the due date up to one class late will be marked 20 points off. No homework will be
accepted that is turned in more than 1 (one) class meeting after it is due. To turn in homework late, you will
need a password to access the assignment on Blackboard. You will need to email the instructor for the
password – this is your responsibility. The forensic analysis report due on the last day of class will not be
accepted late.
Do not ask me to make exceptions to these rules. If you have a verifiable situation that is beyond your control such as
a death in the family, I will of course work with you. Situations of this nature will be handled on a case by case basis
with the final decision up to your instructor. Again, waiting until the last minute to start working on your homework is
not an excuse.
15. USE OF BLACKBOARD FOR HOMEWORK AND READING ASSIGNMENT SUBMISSIONS
Although announcements for homework and reading assignments will be posted to Blackboard and notifications sent
out to all students, you should check Blackboard periodically. It is recommended that you check Blackboard at
least two days prior to your class and one day prior to your class, paying special attention to the
Announcements and the Assignments sections – this is your responsibility. Anything posted to Blackboard will
be announced via the Announcements section, and a copy of the announcement sent to your email address. Make
sure that any emails from your instructor’s email address are not blocked or filtered out with your email.
When submitting your homework or reading assignment using Blackboard, do the following:
1. Prior to submitting the homework assignment, print and save a copy of your homework as a PDF. There is free
software to enable you to do this:
PDF24 Creator - http://en.pdf24.org/
2. After you submit an assignment, verify that it was accepted and scored. Do not wait until after the assignment is
due or until the end of the quarter. Do this for each assignment after it is submitted. Once you submit an assignment,
click on the VIEW MY GRADES link in Blackboard - this is your responsibility.
If there is a dispute concerning a homework or assignment submission, I will need to see the PDF.
16. HOMEWORK WILL NOT BE ACCEPTED THAT IS EMAILED TO ME
17. EXTRA CREDIT
Extra credit opportunities will be announced as class progresses. Not doing extra credit work will not adversely affect
your final grade. Any points earned from extra credit work will be applied to your final grade in the homework
category.
18. SCHEDULED TOPICS
I reserve the right to substitute and modify materials and or lecture topics as the class progresses.
19. MISSING CLASS
Unless you have a chronic or prolonged problem that will interfere with your ability to attend class and turn in your
homework, there is no need to present doctor's excuses, explain your absence, etc. Most of us at some point have a
circumstance or a priority that leads to a class absence. I do understand that emergencies arise and that people get
sick.
If you miss a homework handout or lecture for whatever reason, you are ultimately responsible for making
sure that you obtain the associated materials. You will need to talk to other students and obtain the lecture
notes/recordings. We will be covering information in class that is not in your texts, and you will be expected
to know the information. This is your responsibility.
Missing class and / or labs is not an adequate excuse for turning in material late, making up a quiz or exam, or
getting private tutoring from the instructor.
Page 4 of 10
20. INCOMPLETES
A grade of “I” or Incomplete is given at the discretion of the instructor and only when the student has done satisfactory
work but could not, for some unavoidable reason, complete some part of the coursework or take the final examination.
This grade will not be awarded if you decide not to come to class, are failing the class due to poor grades on
assignments, or fail to withdraw from class by the end of the seventh week of class (sixth week, summer quarter).
21. INSTRUCTOR INITIATED WITHDRAWAL
A grade of V is given if an instructor initiates a class withdrawal before the end of the quarter, often in consultation
with the student, but also if a student enrolls in a class, but never attends or stops attending class. A faculty member is
under no obligation to grant an instructor-initiated withdrawal.
22. WITHDRAWAL
A grade of W is given if a student formally requests a withdrawal by the end of the seventh week of class (sixth week
for summer quarter).
23.
CELL PHONES/PAGERS
Cell phones, smart phones, and pagers are not be used in my classes during class time. If you need to keep these
devices on, then use the vibrate setting. If you need to take an important call, please take your call outside the class.
24. BEING ON TIME
Being late can be disruptive to the class. Some class activities are time consuming and must be performed within a
prescribed timeframe. Being late can disrupt the ability of your peers to complete assignments in a timely manner.
Being late to a class will detract from your participation grade. We are all adults, and I expect you to be on time. If
you have a situation that causes you to be late, please discuss this with me. Students who are habitually late to class
or with turning in assignments will not be eligible for internship opportunities and extracurricular activities that I allow
students to participate in from time to time.
25. USE OF RECORDING DEVICES IN CLASS
If you are planning on using a recording device in class to record me or any other person, obtain approval first.
26. MY EXPECTATIONS FOR CLASS PARTICIPATION
I expect your attendance/participation each week. Grade performance is a demonstrated function of attendance,
preparation and participation. You can get behind very easily by missing classes, resulting in a poor understanding of
the material, which will show up as a poor grade for the class. Missing class and / or labs is not an adequate excuse
for turning in material late, making up a quiz or exam, or getting private tutoring from the instructor. You are expected
to be an active participant in each class meeting. Your grade can be positively affected if you regularly ask questions,
share observations, and contribute relevant personal experiences.
27. WORKING WITH LAB PARTNERS
You may be working with another student this quarter to complete the hands on assignments and some of the in-class
projects. I reserve the right to change your lab partner if I feel it is necessary. You will be expected to know all of the
information covered in the labs. I strongly suggest that you alternate with your lab partner periodically to maximize
your exposure to the software we will be using and the concepts covered in class.
28. CSFA CERTIFICATION TEST
This class will help prepare you to take the CSFA certification test. My students can take the CSFA certification test at
no cost. This test is to be considered an extracurricular activity and is not part of the requirements for passing this
class. If you are interested in taking the CSFA certification test, you must complete the FBI background check and
comply with the other requirements. For more information see:
www.cybersecurityforensicanalyst.com
Performing the FBI background check is your responsibility. This check must be completed prior to taking the test,
and will not guarantee that you will be allowed to take the test. I reserve the right to decide which students can take
the test, based primarily on the FBI background check results as well as performance in class.
Page 5 of 10
29. SNOHOMISH 123 INFORMATION SECURITY AND DIGITAL FORENSICS APPLIED TECHNOLOGY LAB
The classroom for all information security and digital forensic classes is now Snohomish 123 – this classroom is
owned by CIS (Computer Information Systems). When using the classroom and all equipment, you are expected to
follow the same guidelines that have been posted by Academic Computer Services – please see:
http://www.edcc.edu/acs/Policies.php
As well, please be aware of the following additions for our classroom:
DESKS: The desks in our classroom are all equipped with a monitor that disappears into the desktop. Unless
otherwise instructed, these are to be left up. If the monitors are to be put down, exercise care in doing so – do not
force the monitors. If you believe there is an obstruction that is preventing the monitor from being put down smoothly,
please let the instructor know.
PRINTER: We have our own printer in the classroom that does not require use of your EdPass to print. Printing
should be limited to that needed for your information security and digital forensic classes – do not use the printer for
volume printing or printing related to coursework for non-information security and digital forensic classes.
CLEAN ROOM EQUIPMENT: The clean room equipment in the rear of the classroom is to be operated only by
students that have been certified in its use by an instructor or lab assistant.
30. CLASS CONDUCT
I will not tolerate inappropriate conduct in my classroom. We are all adults, and I expect each one of us to behave like
one. The information security and digital forensics classes will be enjoyable, and you will be exposed to a wealth of
information that will help you to achieve your goals. We like to keep the classroom environment informal but
structured. Please observe the following ground rules in my classroom:







All participants are peers - we are here to help each other
Everyone participates – no observers
Only motivational and developmental feedback is allowed - feedback should be honest but helpful
Be open to feedback, don’t get defensive
Think of this class as an opportunity to take risks and explore how we can all achieve our goals
There are no absolutes – it’s O.K. to disagree
Show respect for each other
31. POLICY ON CHEATING
In the "real" world, most projects involve a cooperative effort to complete and are generally worked on by teams
versus a single individual. Cooperative effort includes helping each other to better understand how the tasks can be
accomplished, explanations or discussions of user interfaces, algorithms, theory, concepts, data structures and style.
It can include testing another person's work and offering suggestions for improvement or checking your results with
the results of someone else.
I will not tolerate cheating. Examples of what I consider cheating include (but are not limited to):
 Assignments that are copied in whole or part from another person.
 Assignments/writing that are plagiarized, such as copied verbatim from the web, books, magazine articles,
etc.
 Using any written or electronic materials to assist you in taking the final, unless otherwise authorized to do
so.
 Asking another student for answers.
 Working on an assignment with another student and submitting the same work.
Consequences of cheating include but are not limited to:
 Failing the course.
 Failing a particular assignment for all parties involved in cheating.
 Going on academic probation.
If you cheat and/or are dishonest, you will not be eligible for internships, taking the CSFA test, giving
presentations to the Washington State HTCIA, or any extracurricular activities that I schedule to give my
students work experience. Also, you will not be able to use me as a reference.
Page 6 of 10
32.
MAILING LIST
I maintain a mailing list of current and former students, and periodically send out emails on such topics as information
security and computer forensics issues, classes I’m giving, and students that have obtained certifications to name a
few. Participation is voluntary, and I do not disclose your email to other sources. Occasionally I have students assist
me in performing information security and computer forensics work in relation to my business – CyberSecurity
Institute. This gives students an opportunity to put their skills to use in the real world, as well helping to enhance their
resume. Information on these opportunities is passed via the mailing list. If you want to participate, send an email to
infosec-subscribe@stevesmailinglists.com. You must subscribe to the list; I cannot do this for you. Participation is
voluntary, and you can unsubscribe at any time you choose.
33. LINKEDIN
If you are member of Linkedin, you are invited to join the following groups if appropriate for the course you are enrolled
in:
EdCC Digital Forensics Program (students enrolled in any digital forensics course)
http://www.linkedin.com/groups?gid=124364
EdCC Information Security Program (students enrolled in any information security course)
http://www.linkedin.com/groups?gid=124365
Study Group For The CyberSecurity Forensic Analyst (CSFA) (students planning to take the CSFA)
http://www.linkedin.com/groups?gid=127384
CyberSecurity Academy Clients and Alumni (all students are invited to join)
http://www.linkedin.com/groups?gid=4719536
CyberSecurity Institute Clients and Alumni (all students are invited to join)
http://www.linkedin.com/groups?gid=123760
Digital Forensics Training (all students are invited to join)
http://www.linkedin.com/groups?gid=153874
34. CSFA CERTIFICATION TEST
This class will help prepare you to take the CSFA certification test, although it is not recommend that you take the test
until you have finished CIS 293. My students can take the CSFA certification test at no cost. This is to be considered
an extracurricular activity and is not part of the requirements for passing this class. If you are interested in taking the
test, you must complete the FBI background check and comply with the other requirements. For more information
see:
www.cybersecurityforensicanalyst.com
Performing the FBI background check is your responsibility. This check must be completed prior to taking the test,
and will not guarantee that you will be allowed to take the test. I reserve the right to decide which students can take
the test.
35. EMERGENCY SCHOOL CLOSURE
In case of an emergency closure, please access the following web site for information: http://www.schoolreport.org/
and or call this phone number: 425-640-1459.
36. ONLINE, HYBRID, AND BLACKBOARD-ENHANCED CLASSES
Successful completion of student responsibilities in this class requires access to Blackboard via an Internet browser.
Information available via Blackboard will be announced via an email to the class distribution list – it is your
responsibility to assure that you have a current and valid email address registered. Instructions for access to
BlackBoard may be located online at the following address: http://online.edcc.edu/study/Bb_login.html
Toll-free technical support (24/7 service) at supportcenteronline.com/ics/support/default.asp?deptid=746
37. DISABILITY STATEMENT
If you require an accommodation for a disability, please contact Services for Students with Disabilities, WDY 114,
(425) 640-1320 or ssdmail@edcc.edu.
Page 7 of 10
38. EVALUATION
The table below shows the criteria and weighting used to arrive at your final grade.
Description
Individual Work (review questions and
exercises – homework – quizzes)
Final Exam
Total Percentage
% of
Total
70
30
100
39. EXPLANATION OF GRADING
 Individual Work: All individual work will be totaled up, averaged, and weighted at 70% of your total grade. Not
turning in an assignment will result in a grade of zero for the assignment.
 Final Exam: The Final Exam will be weighted as 30% of your total grade.
GRADING TABLE
Grade
4.0=95%
3.9=94%
3.8=93%
3.7=92%
3.6=91%
3.5=90%
3.4=89%
3.3=88%
3.2=87%
3.1=86%
3.0=85%
Points /Percentages Letter Grades
2.9=84% 1.8=73% A = 4.0 - 3.9
2.8=83% 1.7=72% A- = 3.8 - 3.5
2.7=82% 1.6=71% B+ = 3.4 - 3.2
2.6=81% 1.5=70% B = 3.1 - 2.9
2.5=80% 1.4=69% B- = 2.8 - 2.5
2.4=79% 1.4=68% C+ = 2.4 - 2.2
2.3=78% 1.4=67% C = 2.1 - 1.9
2.2=77% 1.3=66% C- = 1.8 - 1.5
2.1=76% 1.2=65% D+ = 1.4 - 1.2
2.0=75% 1.1=64% D = 1.1 - 0.9
1.9=74% 1.0=63% D- = 0.8 - 0.7
40. ABOUT YOUR GRADES
You are being graded on the quality of your work, not on your effort. The following describes my expectations for each
grade:
4.0 = Exemplary work. Consistently produced perfect or near-perfect quality on all assignments, labs, and the final
exam. Is an active participant in the class. I would be proud to show off this work to other instructors or employers or
write a recommendation letter for students receiving a 4.0 grade in this course.
3.5 – 3.9 = Excellent Work. Most assignments were perfect or near perfect, but perhaps could have been a little
more polished to be exemplary. May have missed some points due to late submissions, low final score, attendance,
etc.
3.0 – 3.4 = Above Average Work. Most work was very good, but the quality was not consistent, or needed more
work in order to be excellent. Met all of the objectives of the class, and demonstrated a solid understanding of the
material. May have missed some points due to late submissions, low final score, attendance, etc.
2.0 – 2.9 = Average Work. Met all of the objectives of the class, but no more. Demonstrated understanding of most
of the material, but may have missed some important concepts. Missed some points due to excessive absences, late
or missing assignments, low final score, etc.
Below 2.0 = Below Average Work. Did not meet expectations or objectives of the class. Did not demonstrate
understanding of the material or missed a significant amount of points due to excessive absences, late or missing
assignments, low final score, etc.
Page 8 of 10
41. OVERALL COURSE OBJECTIVES








Demonstrate methods to use VMware/Virtual PC as a forensic analysis tool. [REASON]
Utilize common forensic tools to process a case from start to finish. [REASON]
Create a comprehensive forensic analysis report. [COMMUNICATE]
Develop and use regular expressions to increase search effectiveness. [REASON]
Create and verify hash sets of various formats, including Hashkeeper, NSRL, and FTK. [REASON]
Describe a code of ethics and conduct related to the information security and digital forensics professions.
[COMMUNICATE]
Identify standards of professionalism and ethical behavior for information security and digital forensics
professionals, and apply these standards successfully to ethical dilemmas. [ACT]
Create a list of issues related to computer privacy and document how to address them technically and
ethically. [REASON]
SCHEDULE
CLASS MEETING:
APRIL 6 2013
TOPICS/CLASS MATERIAL: Dongle Checkout
Forensic Process Review – Analysis of Static Media
Forensic Analysis Reports
Dickinson Scenario Provided
BRING THUMB DRIVE OR DVD YOU WILL NEED 2 GB OF SPACE
ASSIGNMENTS:
Syllabus Review due by 6:00 PM April 9 2013
Homework #1 available - due by the start of class April 13 2013
LEARNING OBJECTIVES:
1. Articulate the general steps to process a static case involving Microsoft Windows
2. Articulate the required elements for a forensic analysis report
CLASS MEETING:
APRIL 13 2013
TOPICS/CLASS MATERIAL: Forensic Process Review – Analysis of Static Media
Forensic Analysis Report Scenario Provided
Windows Event Logs
Windows Registry Review
ASSIGNMENTS:
Homework #1 due by the start of class
Chain Of Custody Needs To Be Signed Today
Refer to the CIS 293 Case Scenario on Blackboard
This will be posted by April 11 2013
Draft Forensic Analysis Report
Due April 27 2013 – Bring To Class
Refer to the CIS 293 Case Scenarios on Blackboard
Final Forensic Analysis Report / Services Agreement / Invoice / COC
Due May 4 2013
Refer to the CIS 293 Case Scenario Document on Blackboard
LEARNING OBJECTIVES:
1. Articulate the general steps to process a static case involving Microsoft Windows
2. Articulate the required elements for a forensic analysis report
Page 9 of 10
CLASS MEETING:
APRIL 20 2013
TOPICS/CLASS MATERIAL: Forensic Analysis Reports
Analysis of the Dickinson Case
ASSIGNMENTS:
Homework #2 available - due by the start of class April 27 2013
IN-CLASS QUIZ
LEARNING OBJECTIVES:
1. Articulate the general steps to process a static case involving Microsoft Windows
2. Articulate the required elements for a forensic analysis report
CLASS MEETING:
APRIL 27 2013
TOPICS/CLASS MATERIAL: Review
Regular Expressions
Creating A Custom KFF
DRAFT REPORT REVIEWS WITH CLASS
INDIVIDUAL DRAFT REPORT REVIEWS
BRING A HARD COPY OF YOUR DRAFT REPORT TO CLASS. THE INSTRUCTOR
WILL BE SPENDING BETWEEN 5-10 MINUTES WITH EACH STUDENT GOING
OVER THE DRAFT REPORTS
ASSIGNMENTS:
Your Final report is due by the start of class next Saturday
LEARNING OBJECTIVES:
1. Articulate the general steps to process a static case involving Microsoft Windows
2. Articulate the required elements for a forensic analysis report
CLASS MEETING:
MAY 4 2013
TOPICS/CLASS MATERIAL: IN-CLASS FINAL EXAM
ASSIGNMENTS:
FINAL FORENSIC ANALYSIS REPORTS DUE
Page 10 of 10