CS 447/547

From CS Wiki
Jump to: navigation, search

Computer and Network Forensics

Catalog Description: Competence in using established forensic methods in the handling of electronic evidence; rigorous audit/logging and date archival practices; prevention, detection, apprehension, and prosecution of security violators and cyber criminals.

Total Credits: 3

Course Coordinator: James Alves-Foss (jimaf@uidaho.edu)

URL: None.

Prereq: CS 336 and permission.

Textbook: Phillips, Nelson, Enfinger, and Stuart, Guide to Computer Forensics and Investigations, Course Technology, 2006, or equivalent.

Major Topics Covered

  1. History and Definitions (1 hour)
  2. Investigative process, Investigative reconstruction (3 hours)
  3. Forensic tools (4 hours)
  4. Windows file systems (3 hours)
  5. Unix file system (4 hours)
  6. Unix processes in depth, root kits (3 hours)
  7. Network forensics (4 hours)
  8. TCT or Sleuthkit Lab (4 hours)
  9. Criminology, criminal intentions (3 hours)
  10. Criminal element, laws (5 hours)
  11. Expert testimony (3 hours)