CS 447/547

From CS Wiki
Jump to: navigation, search

CS 447/547: Computer and Network Forensics

Catalog Description: Competence in using established forensic methods in the handling of electronic evidence; rigorous audit/logging and date archival practices; prevention, detection, apprehension, and prosecution of security violators and cyber criminals.

Type: CS 447 is a Technical Elective for CS majors. CS 547 is available for graduate credit.

Total Credits: 3

Course Coordinator: James Alves-Foss (jimaf@uidaho.edu)

URL: None.

Prereq: CS 336 and permission.

Textbook: Phillips, Nelson, Enfinger, and Stuart, Guide to Computer Forensics and Investigations, Course Technology, 2006, or equivalent.

Major Topics Covered

  1. History and Definitions (1 hour)
  2. Investigative process, Investigative reconstruction (3 hours)
  3. Forensic tools (4 hours)
  4. Windows file systems (3 hours)
  5. Unix file system (4 hours)
  6. Unix processes in depth, root kits (3 hours)
  7. Network forensics (4 hours)
  8. TCT or Sleuthkit Lab (4 hours)
  9. Criminology, criminal intentions (3 hours)
  10. Criminal element, laws (5 hours)
  11. Expert testimony (3 hours)

Course Outcomes

  1. Discuss the rules, laws, policies, and procedures that affect digital forensics
  2. Use one or more common digital forensics tools, such as EnCase, FTK, ProDiscover, Xways, SleuthKit.
  3. Describe the steps in performing digital forensics from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, through the completion of legal proceedings