CMPS 3650 Digital Forensics
Catalog Description
CMPS 3650 Digital Forensics (4)
Investigative techniques, evidence handling procedures, forensics tools, digital crime reconstruction, incident response, ethics, and legal guidelines within the context of digital information and computer compromises. Hands-on case studies cover a range of hardware and software platforms and teach students how to gather evidence, analyze evidence, and reconstruct incidents. Prerequisite: None, but CMPS 2650 or equivalent experience in the Unix/Linux command-line environment is strongly recommended
Prerequisites by Topic
Experience in the Unix/Linux command-line environment is strongly recommended
Knowledge of how to install, configure, use, and troubleshoot Windows and/or Unix/Linux will be useful.
Units and Contact Time
4 semester units. 3 units lecture (150 minutes), 1 unit lab (150 minutes).
Elective for CS
Required Textbook
Incident Response and Computer Forensics, Second Edition by Chris Prosise, Kevin Mandia, and Matt Pepe; McGraw-Hill; ISBN-13: 978-0072226966.
Recommended Textbook and Other Supplemental Materials
Melissa Danforth, Antonio Cardenas, Donna Meyers (emeritus)
Student Learning Outcomes
This course covers the following ACM/IEEE CS2013 (Computer Science) Body of Knowledge student learning outcomes:

CS-IAS/Digital Forensics
CS-IAS/Security Policy and Governance
CS-OS/Security and Protection
CS-SP/Professional Ethics
CS-SP/Security Policies, Laws and Computer Crimes

ABET Outcome Coverage
The course maps to the following performance indicators for Computer Science (CAC/ABET):
3e. An understanding of professional, ethical, legal, security, and social issues and responsibilities.
3i. An ability to use the current techniques, skills, and tools necessary for computing practice.
Lecture Topics and Rough Schedule
1Chapter 9 Professional ethics, Legal foundations, Evidence handling
2Chapters 1 and 2 Incident response overview
3Chapters 3 and 4 Incident response stages: Prevent/Prepare, Detect, Respond
4Chapter 4 Investigation steps, Preparation for evidence/data collection
5Chapter 5 Collecting data/evidence from Windows systems
6Chapter 6 Collecting data/evidence from Unix/Linux systems
7Chapter 7 Collecting data/evidence from storage systems, Forensic duplication
8Chapter 8 Collecting data/evidence from networks
9Chapters 10 and 11 Analyzing evidence from storage systems
10Chapter 12 Analyzing evidence from Windows systems
11Chapter 13 Analyzing evidence from Unix/Linux systems
12Chapter 14 Analyzing evidence from networks
13Chapter 16 Analyzing evidence from network routers
14Chapter 15 Analyzing executables and unknown files
15Chapter 17 Reporting forensic discoveries, Remediation planning
Design Content Description
Not applicable to this course.
Prepared By
Melissa Danforth on 31 July 2014
Approved by CEE/CS Department on [date]
Effective Fall 2016