UMUC-Europe Syllabus

MyUMUC

WebTycho

UMUC Europe Home

Undergraduate Programs

Portal

Syllabi | Generic |

UMUC-Europe Syllabus UMUC-EUROPE GRADUATE PROGRAMS

Common Syllabus for INFA 650

Course Title:

COMPUTER FORENSICS

Required Texts and Readings:

Anson, S. et al. (2007). Mastering Windows Network Forensics and Investigation New York, NY: John Wiley & Sons, Inc. ISBN: 0470097620. Nelson, B. et al. (2008).Guide to Computer Forensics and Investigations (3^rd ed). Boston: Thomson Course Technology. ISBN: 1418067334. American Psychological Association. (2001). Publication manual of the American Psychological Association (5^th ed.). Washington, D.C.: APA. ISBN: 1-55798-791-2

Supplementary Readings:

Kruse II, W.G. et al. (2002). Computer Forensics: Incident Response Essentials. New York: Addison-Wesley. ISBN: 0-201-70719-5. Solomon, M., Broom, N., and Barrett, D. (2004) Computer Forensics JumpStart. Sybex. All graduate students should be prepared to utilize the UMUC online library. The library contains a large number of full text academic journals that are free of charge and immediately available. The library homepage also contains a number of links related to improving students' research and writing skills.

Recommended Journals:

Publications of the various professional societies (such as ACM -- the Association for Computing Machinery, the IEEE Computing Society, and the various management professional societies) are strongly recommended. In addition, there are many trade journals (such as eWEEK) that IT professionals should become familiar with, many of these being published both weekly and on-line.

Course Description:

Prerequisite: ITEC 620, MSIT 620 or MSIT 640. An introduction to the fundamental concepts behind the collection and analysis of the digital evidence left behind in a digital crime scene. Topics include the identification, preservation, collection, examination, analysis, and presentation of evidence for prosecution purposes. Discussion also covers the laws and ethics related to computer forensics and challenges in computer forensics. Network forensics is briefly explored.

Course Goals:

Upon successful completion of this course, the student should understand and be able to apply knowledge concerning: Collection and analysis of digital evidence present in a digital crime scene. Presentation of digital evidence for prosecution purposes. Laws and ethics pertaining to computer, digital, and network forensics. Challenges and limitations of computer, digital, and network forensics. Current and emerging issues and trends in computer, digital, and network forensics.

Course Objectives:

At the end of the course, students should be able to: Define computer forensics, digital forensics, and network forensics. Explain computer/technology law related to computer forensics, digital forensics, and network forensics. Discuss major legal issues related to criminal prosecution and civil actions. Explain the importance of ethics and professional conduct in a digital forensic investigation. Explain the rules for digital evidence. Apply a systematic approach to an investigation. Demonstrate a proper course of action for conducting a digital forensics investigation. Describe guidelines for acquiring digital evidence at a computer incident or crime scene. Explain Chain of Custody in the context of an actual case. Illustrate methods of digital evidence identification, acquisition, authentication, examination, analysis, and presentation. Develop a written report that outlines the evidence admissible in a court of law, identifies the source of that evidence, and produces a timeline for that evidence.

Grading Information:

Final grades will be calculated as follows: Homework exercises: 15% Mid-term examination: 25% Final examination: 25% Research Paper: 25% Oral Presentation: 10% According to the Graduate School grading policy, the following symbols and scale are used: A = excellent (90-100) B = good (80-89) C = passing (70-79) F = failure (less than 70) The grade of "B" represents the benchmark for the Graduate School. It indicates the student has demonstrated competency in the subject matter of the course, i.e., has fulfilled all course requirements on time, has a clear grasp of the full range of course materials and concepts, and is able to present and apply these materials and concepts in clear, reasoned, well-organized and grammatically correct responses, whether written or oral. Only students who full meet this standard and, in addition, who demonstrate exceptional comprehension and application of the course subject matter, merit an "A." Students who do not meet the benchmark standard of competency fall within the "C" range or lower. They, in effect, have not met graduate level standards. Where this failure is substantial, they earn an "F."

Course Requirements:

The course requirements are as follows: Homework Exercises. Students are required to complete six homework exercises designed to reinforce concepts examined in the lectures and readings. Examinations. A midterm and final examination will be given. Research Paper. A research paper of 20 - 25 pages is required. Topics will be selected by each student from a list of sample topics provided by the instructor or on any other topic relevant to the area of computer forensics. Students will submit to the instructor a short (not to exceed a single-page) typewritten research proposal which identifies the selected topic and outlines the proposed research effort. This is due no later than the third class period. Oral Presentation. Each student will give a brief oral presentation describing the results of his/her research to the rest of the class. (Online students will post their presentations, including graphics and notes, in a Conference topic area to be designated by the instructor).

Description of Course Requirements:

Successful graduate students in American universities dedicate approximately three hours of preparation/study time for every hour spent in the face-to-face classroom. Thus, the following course requirements were developed on the assumption that students would be prepared to spend approximately 150 hours of their own time working on them. In an 8-week term, that is the equivalent of a half-time job. Most 10-week graduate distance education courses require at least 15 hours per week of dedicated time, plus time spent in the virtual classroom. STATEMENT ON WRITING REQUIREMENTS: Effective managers and leaders are also effective communicators. Written communication is an important element of the total communication process. The Graduate School recognizes and expects exemplary writing to be the norm for course work. To this end, all analyses and papers must demonstrate graduate level writing ability and comply with the format requirements of the Publications Manual of the American Psychological Association. All writing assignments will be graded on the basis of content, logic, analysis, mechanics, organization, and research. Careful attention should be given to source citations, proper listing of references, the use of footnotes, and the presentation of tables and graphs. Work submitted online should follow standard procedures for formatting and citation. POLICY ON ACADEMIC INTEGRITY: Academic integrity is central to the learning and teaching process. Students are expected to conduct themselves in a manner that will contribute to the maintenance of academic integrity by making all reasonable efforts to prevent the occurrence of academic dishonesty. Academic dishonesty includes (but is not limited to) obtaining or giving aid on an examination, having unauthorized prior knowledge of an examination, doing work for another student, and plagiarism of all types. PLAGIARISM: Plagiarism is the intentional or unintentional presentation of another person's idea or product as one's own. Plagiarism includes, but is not limited to the following: copying verbatim all or part of another's written work; using phrases, charts, figures, illustrations, or mathematical or scientific solutions without citing the source; paraphrasing ideas, conclusions, or research without citing the source; and using all or part of a literary plot, poem, film, musical score, or other artistic product without attributing the work to its creator. Students can avoid unintentional plagiarism by following carefully accepted scholarly practices. Notes taken for papers and research projects should accurately record sources of material to be cited, quoted, paraphrased, or summarized, and papers should acknowledge these sources in footnotes. The penalties for plagiarism include a zero or a grade of F on the work in question, a grade of F in the course, suspension with a file letter, suspension with a transcript notation, or expulsion. Resubmission of course work from previous classes (whether or not taken at UMUC, UMUC-Europe or BSU), partially or in its entirety, is not acceptable in this course and will result in an automatic failure on the assignment. DISABLED STUDENTS: Students with disabilities who need to register or request services should contact the Staff Support Team four to six weeks in advance of registration to request and register for services. COURSE EVALUATIONS: Feedback on each graduate course and instructor is important to the university, your professor, and to all UMUC students. UMUC has the responsibility to assess the effectiveness of classroom instruction, and each student has the responsibility to provide accurate and timely feedback through completion of the course evaluation form. This is a shared obligation for us all. It is therefore important that you complete the evaluation form for each course you attend. This should be viewed as an additional course and program requirement.

Course Schedule:

Session 1 – Introduction Course Purpose Context of Computer Forensics Ethics and Professional Conduct Computer/Cyber Crimes Computer/Technology Law READ: Nelson Ch. 1-2 Supplementary Materials Session 2 – Law and Investigation Search and Warrant Law Case Law Planning and Investigation Conducting an Investigation Gathering Evidence Securing Evidence Analyzing Evidence Completing a Case READ: Nelson Ch. 2-3 READ: Supplementary Material DUE: Session 3 – Data Acquisition I Storage Formats for Digital Evidence Securing a Computer Incident/Crime Scene Seizing Digital Evidence at the Scene Processing an Incident/Crime Scene Identifying Digital Evidence Understanding Rules of Evidence READ: Nelson Ch. 4-5 READ: Supplementary Materials DUE: Session 4 – Data Acquisition II Image Acquisition Validating Acquisition Processing and Handling Digital Evidence Storing Digital Evidence Documenting Evidence Obtaining a Digital Hash Chain of Custody READ: Nelson Ch. 4-5 READ: Anson Ch.1-2, 5-6 READ: Supplementary Material DUE: Session 5 – Data Acquisition III Collecting Network-Based Digital Evidence Analyzing Network-Based Digital Evidence Analyzing the Logs Chain of Custody READ: Nelson Ch. 9 READ: Anson Ch.11-12, 15 Midterm Examination Session 6 – Authentication and Analysis of Digital Evidence Authentication Using MD5 Authentication Using SHA-1 File Systems Disk Partitions Master Boot Record Examining FAT Disks Examining NTFS Disks Examining the Windows Registry READ: Anson Ch. 7-9 READ: Nelson Ch. 6 READ: Supplementary Materials DUE: Session 7 – Current Computer Forensic Tools Computer Forensics Software Tools Computer Forensics Hardware Tools Validating and Testing Forensics Software Using Validation Protocols READ: Anson Ch. 10 READ: Nelson Ch. 7 READ: Supplementary Material DUE: Session 8 – Analysis of Digital Evidence: UNIX, Linux, Macintosh Examining UNIX and Linux Disk Structures Examining UNIX and Linux Boot Processes Exploring Macintosh Boot Tasks READ: Nelson Ch. 8 READ: Supplementary Material DUE: Session 9 – Computer Forensics Analysis and Validation Using AccessData Toolkit to Analyze Data Validating Forensic Data) Addressing Data-Hiding Techniques READ: Nelson Ch. 8 READ: Supplementary Material DUE: Session 10 – Presentation of Digital Evidence Forensics Case Reporting Guidelines for Writing Reports Testifying in Court Gidelines on Testifying READ: Anson Ch. 16 READ: Nelson Ch. 13-14 READ: Supplementary Material Final Examination Student Presentations

Academic Policies:

The University has a license agreement with Turnitin.com, a service that helps prevent plagiarism from internet resources. I may be using this service in this class by either requiring students to submit their papers electronically to Turnitin.com or by submitting questionable text on behalf of a student. If you or I submit part or all of your paper, it will be stored by Turnitin.com in their database throughout the term of the University's contract with Turnitin.com. If you object to this temporary storage of your paper, you must let me know no later than two weeks after the start of this class. Please Note: If you object to the storage of your paper on Turnitin.com, I may utilize other services to check your work for plagiarism The official university policy on Plagiarism and Academic Dishonesty can be found at http://www.umuc.edu/policy/aa15025.shtml. Section I.C. states: "Faculty may determine if the resubmission of course work from previous classes (whether or not taken at UMUC), partially or in its entirety, is acceptable when assigning a grade on that piece of course work. Faculty must provide this information in their written syllabi. If the resubmission of course work is deemed to be unacceptable, a charge may not be brought under this Policy and will be handled as indicated in the written syllabi." Please refer to Description of Course Requirements for specific information on how resubmissions will be treated in this course. Students with disabilities should contact the appropriate support office at UMUC-Europe. Jan Keller, Director of Student Services UMUC-Europe, Heidelberg Phone: +49-6221-378299 Email: edstudent_svc@ed.umuc.edu Mailing Address: Unit 29216, APO AE 09102 OR Im Bosseldorn 30, D-69126 Heidelberg, Germany Please refer to the UMUC-Europe Graduate Catalog for information on the following: Academic Integrity Course Load Exception to Policy Grade Appeal Process Make-up Examinations Nondiscrimination Code of Civility Hard copies of the catalog are available at your local Education Center.