Add to collection(s) Add to saved
  1. No category

CFRS 790 - Office of the Provost

advertisement 
George Mason University – Graduate Council
Graduate Course Approval Form
All courses numbered 500 or above must be submitted to the Graduate Council for final approval after approval by the
sponsoring College, School or Institute.
Graduate Council requires submission of this form for a new course or any change to existing courses. For a new course,
please attach a copy of the syllabus and catalog description (with catalog credit format, e.g. 3:2:1). The designated
representative of the College, School or Institute should forward the form along with the syllabus and catalog description, if
required, as an email attachment (in one file) to the secretary of the Graduate Council. A printed copy of the form with
signatures and the attachments should be brought to the Graduate Council meeting. Please complete the Graduate Course
Coordinator Form if the proposed changes will affect other units.
Note: Colleges, Schools or Institutes are responsible for submitting new or modified catalog descriptions (35 words or
less, using catalog format) to Creative Services by deadlines outlined in the yearly Catalog production calendar.
Please indicate: New____X___
Modify_______
Delete_______
Department/Unit: _Electrical and Computer Engineering_____ Course Subject/Number: CFRS 790_________
Submitted by: ____Jeremy Allnutt_______ Ext: _3969__________ Email: _jallnutt@gmu.edu_____________
Course Title: _____Advanced Computer Forensics________________________________________________________
Effective Term (New/Modified Courses only): _Spring 2009___
Credit Hours: (Fixed) _3__
(Var.) ______ to ______
Final Term (deleted courses only):____________
Grade Type (check one):
__X__
_____
_____
Regular graduate (A, B, C, etc.)
Satisfactory/No Credit only
Special graduate (A, B, C, etc. + IP)
Repeat Status*(check one): __X NR-Not repeatable ____ RD-Repeatable within degree ____ RT-Repeatable within term
*Note: Used only for special topics, independent study, or internships courses
Total Number of Hours Allowed: _______
Schedule Type Code(s): 1.__X_ LEC=Lecture SEM=Seminar STU=Studio INT=Internship IND=Independent Study
2.____ LAB=Lab RCT=Recitation (second code used only for courses with Lab or Rct component)
Prereq _X__ Coreq ___ (Check one):______________________________________________________________
____ CFRS 660, CFRS 661, and CFRS 663 ______________________________________________________
Note: Modified courses - review prereq or coreq for necessary changes; Deleted courses - review other courses to correct prereqs that list the deleted course.
Description of Modification (for modified courses):____________________________________________________________________
Special Instructions (major/college/class code restrictions, if needed):____Minimum of 18 credit hours completed in the
MS in Computer Forensics Program prior to registering______________________________________
Department/Unit Approval Signature: _________________________________________ Date: ___________
College/School Committee Approval Signature: __________________________________ Date: ___________
Graduate Council Approval Date: ____________ Provost Office Signature: ________________________________
George Mason University
Graduate Course Coordination Form
Approval from other units:
Please list those units outside of your own who may be affected by this new, modified, or deleted course. Each of these units must
approve this change prior to its being submitted to the Graduate Council for approval.
Unit:
Head of Unit’s Signature:
Date:
Unit:
Head of Unit’s Signature:
Date:
Unit:
Head of Unit’s Signature:
Date:
Unit:
Head of Unit’s Signature:
Date:
Unit:
Head of Units Signature:
Date:
Graduate Council approval: ______________________________________________ Date: ____________
Graduate Council representative: __________________________________________
Date: ____________
Provost Office representative: ____________________________________________
Date: ____________
Course Proposal Submitted to the Graduate Council
by
The Volgenau School of Information Technology and Engineering
1. COURSE NUMBER AND TITLE:
CFRS 790 Advanced Computer Forensics (3:3:0)
Course Prerequisites:
CFRS 660, CFRS 661, and CFRS 663; minimum of 18 credit hours completed in the MS in
Computer Forensics program prior to registration.
Catalog Description:
Provides the capstone course for the Master of Science in Computer Forensics program. To be
taken in the last year prior to the completion of degree requirement, CFRS 790 will integrate the
concepts and practices developed within the Computer Forensics program. Students will be
exposed to case studies and will be required to conduct computer forensic investigations of
digital media, intercepted packet switched data, and multi-source log information in order to
successfully complete each case study.
2. COURSE JUSTIFICATION:
Course Objectives:
At the conclusion of this course, the student will be able to conduct a full computer forensic
exam utilizing all of the tools and techniques and apply all of the processes and procedures
presented in the computer forensic program. This will be accomplished through the use of case
studies offered in a full computer forensic laboratory environment. Each case study will require
research and forensic analysis resulting in a written report. For each case study, students will be
selected to give oral presentations. Every student will be required to give at least two oral
presentations.
Course Necessity:
Since the explosion of the Internet with the World Wide Web, our increasingly internetworkdependent society has been under attack by those who would subvert the Internet for political,
economic, and/or personal gain. The field of network forensics represents how intercepted digital
evidence is used to document, identify, and successfully prosecute those who would exploit
computer networks. Viruses, trojans, worms, root kits, buffer overflows, and other malicious
code permeate society, and network forensics provides the tools and techniques to determine and
document what happened. This course will coalesce and bring together what is needed for
today’s computer forensic examiner.
Course Relationship to Existing Programs:
No other program at George Mason University offers a course similar to CFRS 790.
Course Relationship to Existing Courses:
CFRS 790 builds on the work laid out in CFRS 660 (Network Forensics), CFRS 661 (Digital
Media Forensics), and CFRS 663 (663 Intrusion Detection and Forensics). These three courses
were previously taught as TCOM 660, TCOM 661, and TCOM 662, respectively.
3. APPROVAL HISTORY:
ECE Department
Date:
IT&E Graduate Committee
Date:
IT&E Dean
Date:
4. SCHEDULING AND PROPOSED INSTRUCTORS:
Semester of Initial Offering:
Fall 2010
Proposed Instructors:
Proposed Instructors: Dr. Anne Marchant, Dr. Jeremy Allnutt, Mr. Robert Osgood,
Dr. Aleksander Lazarevich, Dr. Thomas Shackelford, and other suitably qualified
faculty.
5. TENTATIVE SYLLABUS: See below
(a) Syllabus
Week 1
Course overview: Introduction to the course and review of computer forensic tools and techniques.
Case Study 1 is presented for discussion and evaluation.
Week 2
Case Study 1 discussion. Application of tools and techniques to Case Study 1 examined.
Week 3
Case Study 1 due. Case Study 1 presentations given. Case Study 2 is presented for discussion and
evaluation.
Week 4
Case Study 2 discussion. Application of tools and techniques to Case Study 2 examined.
Week 5
Case Study 2 due. Case Study 2 presentations given. Case Study 3 is presented for discussion and
evaluation
Week 6
Case Study 3 discussion. Application of tools and techniques to Case Study 3 examined.
Week 7
Case Study 3 due. Case Study 3 presentations given. Case Study 4 is presented for discussion and
evaluation
Week 8
Case Study 4 discussion. Application of tools and techniques to Case Study 4 examined
Week 9
Case Study 4 due. Case Study 4 presentations given. Case Study 5 is presented for discussion and
evaluation
Week 10
Case Study 5 discussion. Application of tools and techniques to Case Study 5 examined
Week 11
Case Study 5 due. Case Study 5 presentations given. Case Study 6 is presented for discussion and
evaluation
Week 12
Case Study 6 discussion. Application of tools and techniques to Case Study 6 examined
Week 13
Case Study 6 due. Case Study 6 presentations given. Case Study 7 is presented for discussion and
evaluation
Week 14
Case Study 7 discussion. Application of tools and techniques to Case Study 7 examined
Week 15
Case Study 7 due. Case Study 7 presentations given.
(b) Required Reading and Reference Material
There will be no required text per se; however students will be responsible for research that will
come from the following sources, as a minimum:
Real Digital Forensics; Jones, Bejtlich, and Rose; Addison Wesley; ISBN 0321240693
Wireshark & Ethereal; 1st Edition, Orebaugh, Ramirez, Beale; Syngress; ISBN 1597490733
Mastering Windows Network Forensics and Investigation; Anson, Bunting; Sybex;
9780470097625
Incident Response & Computer Forensics; Mandia, Prosise, Pepe, Osborne; ISBN 007222696X
Guide to Computer Forensics & Invesgtigations Second Edition; Nelson, Phillips, Enfinger,
Stuart; Thomson Course Technology; ISBN 0-619-21706-5
File System Forensics Analysis; Brian Carrier; Addison Wesley; ISBN 0-321-26817-2
(c) Student Evaluation Criteria
Case Studies (Written Assignments):
80%
Oral Presentations:
20%
Note:
An example of a case study would be similar to that shown below.
Case Study:
Opto-Medtronics Inc. (Opto-Med) is a publicly traded company specializing in optics used in the
medical industry. Unknown to most people, Opto-Med, has a division located in Vienna, Virginia that is
dedicated to the U. S. Defense Department. Specifically, the Spatial Support Division develops, builds,
and maintains the optics that is equipped on Predator and Global Hawk surveillance drones. These
optical systems are the most sophisticated in the world and classified Top Secret. All development and
manufacturing work is performed in a secure facility (SCIF) at Vienna, Virginia.
During a routine security sweep of the SCIF, security personnel found a small digital camera under some
papers in a work area. Personal cameras of any kind are forbidden in the SCIF. The security personnel
reviewed the contents of the camera which revealed numerous photos of the DoD optics manufacturing
processes. The security personnel in their zeal to report this incident to the Chief Security Officer (CSO)
somehow damaged the camera.
You are a computer forensics examiner working for Mason-Forensics (Ma-For), a small computer
company based in Fairfax, Virginia that recently entered into a contract with Opto-Med to provide
computer forensic services. You and your fellows examiners are former civilian government and
military and all possess the appropriate clearances.
The CSO contacts you and requests that you respond immediately to the Vienna, Virginia office. The
CSO provides the damaged camera to you and requests that you:
-Recover the data that is located on the SD card inside the camera
-Identify the owner of the camera if possible.
Deliverables:
1) Prepare and engagement letter to be signed by the CSO that:
- Specifically identifies what is required of you
- Specifically identify what is required of Opto-Med
2) Prepare a chain of custody for items provided to you by Opto-Med
3) Prepare a list of investigative steps that you will take in this matter to include:
-What non-technical investigative steps do you will take
-What technical investigative steps you will take
Related documents
CFRS 760 - Office of the Provost
CFRS 760 - Office of the Provost
Forensics – Chapters 1-3 Study Guide Helpers
Forensics – Chapters 1-3 Study Guide Helpers
National Doctoral Programme of Musculoskeletal Disorders and
National Doctoral Programme of Musculoskeletal Disorders and
Computer and Digital Forensics Industry Overview
Computer and Digital Forensics Industry Overview
Qualifying Digital Forensic Practitioners as Expert
Qualifying Digital Forensic Practitioners as Expert
External Graduate Coursework Form
External Graduate Coursework Form
Download
advertisement