CPSC 6159
Computer Forensics
Instructor(s): Dr. Jianhua YANG
Office: CCT440
Department phone: (706) 568-2410
Office Hours: TBA
e-mail address: yang_jianhua@ColumbusState.edu
homepage: http://csc.ColumbusState.edu/yang
Office phone: (706) 507-8180
Department FAX: (706) 565-3529
Description of Course:
(Prerequisite:
Basic
knowledge
of
Operating System and Networks). This course is about conducting a
thorough investigation into a Windows network. The course mainly focuses on how to
analyze Windows memory, registry, log files and executable files for incriminating
evidence in a networked environment. The course also explains live data acquisition from
a Windows computer.
Required Textbook(s):
1. Windows Forensic Analysis, DVD Toolkit, 2nd Edition, (ISBN-13: 978-1-59749422-9), By Harlan Carvey
Reference Textbook(s):
2. Mastering Windows Network Forensics and Investigation by Steven Anson
and Steve Bunting
Required platform and other material:
Windows 7/XP and Internet connection (If you use any other OS, you must be
prepared for troubleshooting by yourself).
2. Other necessary materials will be declared later in class.
1.
Course Objectives
1. Students will have an understanding of Microsoft network structure, Windows port
services and some of Windows main vulnerabilities.
2. Students will learn to acquire and analyze live volatile data (i.e., data in RAM)
from a Windows computer.
3. Students will learn how to analyze different sectors of a Windows computer
(mainly Windows 7/XP and older) in a networked environment.
4. Students will learn to effectively search Windows memory and registry for
evidence.
5. Students will learn to analyze different log files and executable files.
6. Students will learn how to detect rootkits and how to prevent rootkits installation.
7. Students will learn how to effectively document the process of investigation along
with the findings.
Course Contents:
1. Data collection and immediate response
2. Volume shadow copies
3. Registry analysis
4. File analysis
5. Malware detection
6. Time line and application analysis
Instructional Methods and Techniques
1. The class will be taught online. Learning sessions will usually be conducted via
lecture notes uploaded in D2L. See
http://cs.columbusstate.edu/Academics/Online/OnlineInfo.asp for information on
taking an online course.
2. Tegrity is also used for Assignment feedback, comments, and lab demonstrations.
Tegrity can be accessed using the same credential as D2L.
How to Access the Course
This course is being offered through D2L.
Once you've entered D2L, you will see a list of courses you have access to. The CPSC
6159 course is listed as "Computer Forensics." If you don't see the course in the list,
please e-mail me immediately.
How This Course Will Work
This course will consist of readings, assignments, “lab” assignments, a final project and
one examination. On a weekly basis, you will need to:
1. review the week's lesson;
2. complete the readings from the textbook;
3. complete the assignments;
Rule of Assignments:
1. An assignment will contain hands-on assignments, questions on those
assignments and other general questions to test your knowledge on that week’s
reading lessons.
2. You do NOT need to attach screen shots of your hands-on work unless you are
specifically asked to do so.
3. You need to write the answers of assignment questions in enough details. Do not
assume I know what you want to mean.
4. No late assignment will be accepted unless there is a medical reason.
5. Assignments must be submitted through D2L drop-box. It is your responsibility to
work ahead of time and ensure timely submission in proper place.
6. If you submit assignments via e-mail, timely grading of those assignments cannot
be guaranteed (unless there is any medical reason). If you submit assignments in
my CougarNet account, assignments may get misplaced. I will not take
responsibility of any lost assignment that was not submitted through assignment
drop-box.
Rule for Examination:
1. You will take one midterm examination.
2. The rules and requirements of proctoring will be published within the first week of
class.
Discussions:
1. There will be threaded discussions to interact with other classmates and the
instructors.
2. The topic of discussion can be anything you want to share with your classmates.
However, the focus of these discussions will be to discuss any problem that you
encounter while taking this course. For example, if you have problem
downloading or installing specific forensic software, you may create a discussion
thread and ask for suggestion from your classmates. If you think there is a wrong
question in an assignment, you may create a threaded discussion. However you
are not allowed to discuss any examination question. Any issue with the
examination will be discussed only via e-mail exchange with the instructor (and
only with the instructor).
3. These discussions will be reviewed by the instructor. But they will not be graded.
Rule for Final Project: Instructions will be provided later.
Student Responsibilities
As a student in this course, you are responsible to:
 manage your time and maintain the discipline required to meet the course
requirements,
 complete all readings,
 complete all assignments,
 decide on and coordinate a final project with the instructor, and
 read any e-mail sent by the instructor and respond accordingly.
“I didn’t know” is not an acceptable excuse for failing to meet the course requirements. If
you fail to meet your responsibilities, you do so at your own risk.
Instructor Responsibilities
As your instructor in this course, I am responsible to:
 post weekly lessons outlining the assignments for the week,
 read all responses to discussion questions and comment if necessary,
 grade assignments, midterm and the final project, and post scores within one week
of the end of the week in which they are submitted, and

read any e-mail sent by the you and respond accordingly within 48 hours.
Course Evaluation (tentative):
Chapter Tests: 20%
Hands-on lab assignments: 40%
Final Exam: 30%
Term paper: 10%
Grades may be determined according to this scale:
A 90% - 100% B 80% - 89%
C 70% - 79% D 60% - 69%
Course Assistance
Student assistants in the Computer Center can help you with basic computer–related
problems (such as logging on to the network, saving your work, etc.), but they are not
trained to help you with your assignments. We have several tutors at the Department of
Computer Science who can help you with programming assignments. Their schedule is
posted at the department office. You can always contact me during the posted office
hours or by appointment. The best way to get in touch with me is by e–mail at
yang_jianhua@columbusstate.edu.
Dropping the Course
We hope that you will complete the course and profit from it. If it is necessary for you to
withdraw from the course during the semester, you must follow all official CSU
procedures for withdrawing. It is not sufficient to notify the instructor; you must use the
ISIS system and withdraw officially. For details on how to withdraw from a course, see
the web page
http://aa.columbusstate.edu/advising/w.htm#Withdrawal%20from%20a%20Course.
I would appreciate it if you were first to consult with me before starting the procedure for
withdrawing from the course. In some cases, we can agree on an arrangement that will
allow you to complete the course with minor adjustments.
Academic Honesty
Academic dishonesty includes, but is not limited to, activities such as cheating and
plagiarism (http://aa. columbusstate.edu/advising/a.htm#Academic Dishonesty/Academic
Misconduct). It is a basis for disciplinary action. Any work turned in for individual credit
must be entirely the work of the student submitting the work. All work must be your
own. You may share ideas but submitting identical assignments (for example) will be
considered cheating. You may discuss the material in the course and help one another
with debugging; however, any work you hand in for a grade must be your own. A simple
way to avoid inadvertent plagiarism is to talk about the assignments, but don't read each
other's work or write solutions together unless otherwise directed. For your own
protection, keep scratch paper and old versions of assignments to establish ownership,
until after the assignment has been graded and returned to you. If you have any questions
about this, please see me immediately. For assignments, access to notes, the course
textbooks, books and other publications is allowed. All work that is not your own,
MUST be properly cited. This includes any material found on the Internet. Stealing or
giving or receiving any code, diagrams, drawings, text or designs from another person
(CSU or non-CSU, including the Internet) is not allowed. Having access to another
person's work on the computer system or giving access to your work to another person is
not allowed. It is your responsibility to keep your work confidential.
No cheating in any form will be tolerated. Penalties for academic dishonesty may include
a zero grade on the assignment or exam/quiz, a failing grade for the course, suspension
from the Computer Science program, and dismissal from the program. All instances of
cheating will be documented in writing with a copy placed in the Department's files.
Students will be expected to discuss the academic misconduct with the faculty member
and the chairperson. For more details see the Faculty Handbook: http://aa.
columbusstate.edu/faculty/FacHandbook0203/sec100.htm#109.14 and the Student
Handbook: http://sa.columbusstate.edu/handbook/handbook2003.pdf
ADA Accommodation Notice
If you have a documented disability, as described by the Rehabilitation Act of1973 (P.L.
933-112 Section 504) and the Americans with Disabilities Act (ADA)and subsequent
amendments and would like to request academic and/or physical accommodations, please
contact the Office of Disability Services in the Schuster Student Success Center (room
221), 706-507-8755, as soon as possible. Course requirements will not be waived, but
reasonable accommodations may be provided as appropriate. It is then your
responsibility to contact and meet with the instructor. It is also your responsibility
to present the instructor with a letter from the Center for Academic Support.
Without this letter detailing the required accommodations, the instructor cannot
help you. The Center for Academic Support can assist you and the instructor in
formulating a reasonable accommodation plan and provide support in developing
appropriate accommodations for your disability. Course requirements will not be waived
but accommodations may be made to assist you to meet the requirements. Technical
support may also be available to meet your specific need. For more information on
services and support available, refer to
http://uc.columbusstate.edu/disability_services.htm.