CMPS 3650 Digital Forensics

Catalog Description

CMPS 3650 Digital Forensics (4)

Investigative techniques, evidence handling procedures, forensics tools, digital crime reconstruction, incident response, ethics, and legal guidelines within the context of digital information and computer compromises. Hands-on case studies cover a range of hardware and software platforms and teach students how to gather evidence, analyze evidence, and reconstruct incidents. Prerequisite: None, but CMPS 2650 or equivalent experience in the Unix/Linux command-line environment is strongly recommended

Prerequisites by Topic

Experience in the Unix/Linux command-line environment is strongly recommended
Knowledge of how to install, configure, use, and troubleshoot Windows and/or Unix/Linux will be useful.

Units and Contact Time

4 semester units. 3 units lecture (150 minutes), 1 unit lab (150 minutes).

Type

Elective for CS

Required Textbook

Incident Response and Computer Forensics, Second Edition by Chris Prosise, Kevin Mandia, and Matt Pepe; McGraw-Hill; ISBN-13: 978-0072226966.

Recommended Textbook and Other Supplemental Materials

None

Coordinator(s)

Melissa Danforth, Antonio Cardenas, Donna Meyers (emeritus)

Student Learning Outcomes

This course covers the following ACM/IEEE CS2013 (Computer Science) Body of Knowledge student learning outcomes:

CS-IAS/Digital Forensics
CS-IAS/Security Policy and Governance
CS-OS/Security and Protection
CS-SP/Professional Ethics
CS-SP/Security Policies, Laws and Computer Crimes

ABET Outcome Coverage

The course maps to the following performance indicators for Computer Science (CAC/ABET):

3e. An understanding of professional, ethical, legal, security, and social issues and responsibilities.
3i. An ability to use the current techniques, skills, and tools necessary for computing practice.

Lecture Topics and Rough Schedule

Week	Chapter(s)	Topics
1	Chapter 9	Professional ethics, Legal foundations, Evidence handling
2	Chapters 1 and 2	Incident response overview
3	Chapters 3 and 4	Incident response stages: Prevent/Prepare, Detect, Respond
4	Chapter 4	Investigation steps, Preparation for evidence/data collection
5	Chapter 5	Collecting data/evidence from Windows systems
6	Chapter 6	Collecting data/evidence from Unix/Linux systems
7	Chapter 7	Collecting data/evidence from storage systems, Forensic duplication
8	Chapter 8	Collecting data/evidence from networks
9	Chapters 10 and 11	Analyzing evidence from storage systems
10	Chapter 12	Analyzing evidence from Windows systems
11	Chapter 13	Analyzing evidence from Unix/Linux systems
12	Chapter 14	Analyzing evidence from networks
13	Chapter 16	Analyzing evidence from network routers
14	Chapter 15	Analyzing executables and unknown files
15	Chapter 17	Reporting forensic discoveries, Remediation planning

Design Content Description

Not applicable to this course.

Prepared By

Melissa Danforth on 31 July 2014

Approval

Approved by CEE/CS Department on [date]
Effective Fall 2016