COLLEGE OF BUSINESS AND INFORMATION SYSTEMS
CIS-418 Advanced Computer Forensics
Spring 2008
|
Instructor: |
Dr. Xinwen Fu |
|
Office: |
302D, East Hall |
|
Phone:
|
605-256-5820 |
|
E-Mail:
|
|
|
Homepage: |
http://www.homepages.dsu.edu/fux/ |
|
Office Hours: |
Mon. Wed. 1:30PM ~ 6:30PM |
|
Course Name: |
INFA-721/CIS-418 Computer Forensics, Spring 2007 |
|
Credits: |
3.00 |
|
Duration: |
01/16/08 - 05/09/08 |
|
Time: |
Tuesday, Thursday 02:30PM - 03:45PM |
|
Location: |
|
COURSE
DESCRIPTION
Identifying, preserving and extracting electronic evidence. Students learn how to examine and recover data from operating systems, core forensic procedures for any operating or file system, understanding technical issues in acquiring computer evidence and how to conduct forensically sound examinations to preserve evidence for admission and use in legal proceedings.
COURSE PREREQUISITES:
Prerequisites:
CSC-509 / CIS-388
Technology Skills
1. C and Assembly languages
2. Windows, Unix and Linux operating systems (Redhat)
3. Linux/Windows software installation
4. Knowledge of networks
5. Creative thoughts
DESCRIPTION OF INSTRUCTIONAL METHODS
Class Preparation
¡¤ The course web site is located within WebCT (http://webct.dsu.edu/).
¡¤ Announcements, questions (and answers, etc. will be available through WebCT.
¡¤ Lecturing is based on the textbook with learning materials provided.
¡¤ Security techniques may be practiced in the IA lab.
¡¤ Discussions and questions/answers take place through WebCT, which should be checked approximately once every 48-hours.
¡¤ A Chat room is also likely to be used from time to time.
¡¤ You will be expected to be prepared for class, and you must complete the assignments by the due dates.
COURSE REQUIREMENTS
Textbooks
¡¤
Amelia Phillips,
Bill Nelson, Frank Enfinger, Chris Steuart, Guide to
Computer Forensics and Investigations, Second Edition (Paperback), ISBN:
0619217065
o
Textbooks
may be purchased at the bookstore or electronically through: http://www.amazon.com or some other bookseller
Supplementary Materials
¡¤ (Recommended) Chris Prosise, Kevin Mandia, Matt Pepe, Incident Response and Computer Forensics, Second Edition (Paperback), ISBN: 007222696X
¡¤ Warren G. Kruse II, Jay G. Heiser, Computer Forensics : Incident Response Essentials (Paperback), ISBN: 0201707195
Class Attendance Policy
Students are encouraged to attend the class in the classroom and DDN
site.
Cheating and Plagiarism Policy
All forms of academic dishonesty will result in an F for the course and notification of the Academic Dishonesty Committee. Academic dishonesty includes (but is not limited to) plagiarism, copying answers or work done by another student (either on an exam or assignment), allowing another student to copy from you, and using unauthorized materials during an exam.
Make-up
Exams
¡¤ Make-up exams will only be given in case of serious need and only when the instructor is notified prior to the exam time. If this is not done, the grade is automatically zero for that exam/quiz.
¡¤ Written verification for the student¡¯s inability to take an exam will be required.
¡¤ The make-up exams will be different from those given to the class.
University Deadlines
|
Jan. 18 (Fri) |
Last day to drop a class in person for first half semester
classes and |
|
Jan. 20 (Sun) |
Last day to drop a class online for first half semester classes and receive 100% refund |
|
Jan. 25 (Fri) |
CENSUS DAY Last day to register for any class to determine
financial aid eligibility Last day to add a full semester class Last day to drop a full semester class and
receive 100% refund |
|
Feb. 22 (Fri) |
Last day to withdraw from a first half semester class and receive a ¡°W¡± |
|
Mar. 26 (Wed) |
Last day to drop a second half semester class and receive 100 refund |
|
April 10 (Thurs) |
Last day to withdraw from a full semester class or school and receive |
|
April 23 (Wed) |
Last day to withdraw from second half semester classes and receive a grade of ¡°W¡± |
COURSE GOALS
¡¤
Learn
About The Field Of Computer Forensics
We will learn about
the emerging field of Computer Forensics - the science of obtaining and
analyzing evidence from computers. This evidence may be found
on storage devices, such as hard drives, which are confiscated under warrant
from personal or professional computers; or it may be found by traces of
activity on computer networks. We will learn the tools and process of Computer
Forensics.
¡¤
Learn
Computer and Networking Concepts.
We will learn how
computers and the Internet work so that they change rapidly, you can understand
the changes. Specific topics include how computer hardware and software work,
what data formats are, how network hardware works and how the Internet works.
¡¤
Investigate
Legal and Ethical Issues Involving Computer Forensics
We will explore what
kind of crimes computer forensics specialist investigate, and learn about what
information gathering is legal/illegal and ethical/unethical. As technology
emerges and changes so quickly, many of the aspects of these laws and
guidelines are still being developed, which will make for an interesting
academic exploration of the issues.
EVALUATION PROCEDURES
Components of Course
Grade:
|
Assignments (5~10) |
50% |
|
Midterm |
20% |
|
Final Project |
30% |
Grade Scale
|
|
|
|
A |
85 ~ 100 |
|
B |
70 ~ 84.9 |
|
C |
60 ~ 69.9 |
|
D |
50 ~ 59.9 |
|
F |
below 50 |
Homework Assignments
¡¤
All
assignments are to be turned in on or before the due date and time. If you try
and cannot turn in an assignment electronically because the campus network is
down, you will not be penalized.
¡¤ An assignment turned in up to 24-hours late will be reduced by 10% of the assignment¡¯s worth, more than 24 hours late will be reduced 100%.
¡¤
The due
date and time for each assignment will be specified on assignment postings.
¡¤
All
assignments are expected to be individually and independently completed. Should
two or more students turn in substantially the same solution or program, in the
judgment of the instructor, the assignment will be given a grade of zero. A
second such incident will result in an F grade for the course.
¡¤ All
assignments are to be turned in through WebCT.
Exams
¡¤
Exams are based on textbooks, web sites, and assignments.
¡¤
All
exams are take-home, but timed.
¡¤
The
tentative exam format will be true/false, multiple choice, fill-in-the-blanks,
programs, and/or short essays.
Projects
¡¤ Each member of this
class is required to join a team of 3 persons. A team
must have a team leader coordinating the communication with members and the
instructor.
¡¤ Each team must be
formed within 2 weeks from the semester start and the team leader will report
the list of members to the instructor once the team is formed.
¡¤ Team work is
encouraged since all members of a team will receive the same score based on the
entire team¡¯s performance for team projects.
¡¤ Some of the
projects will be performed within a close laboratory.
EARLY ALERT STATEMENT
Academic Success Support
As your professor, I am personally committed to supporting YOUR academic success in this course. For that reason, if you demonstrate any academic performance or behavioral problems which may impede your success, I will personally discuss and attempt to resolve the issue with you. If the situation persists, I will forward my concern to the Student Development Office and your academic advisor to seek their support and assistance in the matter. My goal is to make your learning experience in this course as meaningful and successful as possible.
Americans with Disabilities
Act (
If you have a documented
disability and/or anticipate needing accommodations (e.g., non-standard note
taking, test modifications) in this course, please arrange to meet with the
instructor. Also, please contact
WIRELESS
The tablet PC will be used as a supplementary instructional device. This technology will be valuable in the classroom and you are strongly encouraged to bring a wireless computing device to class to achieve the full educational benefit of in-class assignments.
LINKS TO OTHER SOURCES OF INFORMATION:
Graduate Catalog: http://www.departments.dsu.edu/registrar/catalog/
Library:
http://www.departments.dsu.edu/library/
Computer Services Support: http://support.dsu.edu/
Student Handbook: http://www.departments.dsu.edu/student_services/handbook/
DEWT
Student Guide: http://www.departments.dsu.edu/disted/studentguide/guide.htm
Semester Calendar: http://www.departments.dsu.edu/registrar/catalog/schedule/
TENTATIVE CLASS SCHEDULE
The schedule may be adjusted based on the actual progress in the semester.
|
Order |
Topics |
Chapter |
Assignment |
|
0 |
Introduction |
|
|
|
1 |
Computer Forensics and Investigations as a Profession |
Chapter 1 |
|
|
2 |
Understanding Computer Investigation |
Chapter 2 |
|
|
3 |
Working with Windows and DOS Systems |
Chapter 7 |
|
|
Mar.
13 |
Midterm
Exam |
||
|
Mar. 17-21 |
Spring Break |
||
|
4 |
System Boot
Process and File Systems |
Chapter 8 |
|
|
Mar. 27 |
Assessment
Day ¨C no daytime classes on main campus |
||
|
5 |
Memory Imaging |
Supplementary Material |
|
|
6 |
FTK
Forensic Toolkit |
Supplementary Material |
|
|
7 |
Tripwire |
Supplementary Material |
|
|
8 |
Chapter 13
Email Investigation |
Chapter 13 |
|
|
9 |
Forensics
on Cisco Catalyst Switch 2950/2900 |
Supplementary Material |
|
|
10 |
Intrusion
Detection Systems |
Supplementary Material |
|
|
May 6 |
3:10PM ~
5:10PM |
||