CS 447/547: Computer and Network Forensics
Catalog Description: Competence in using established forensic methods in the handling of electronic evidence; rigorous audit/logging and date archival practices; prevention, detection, apprehension, and prosecution of security violators and cyber criminals.
Type: CS 447 is a Technical Elective for CS majors. CS 547 is available for graduate credit.
Total Credits: 3
Course Coordinator: James Alves-Foss (firstname.lastname@example.org)
Prereq: CS 336 and permission.
Textbook: Phillips, Nelson, Enfinger, and Stuart, Guide to Computer Forensics and Investigations, Course Technology, 2006, or equivalent.
Major Topics Covered
- History and Definitions (1 hour)
- Investigative process, Investigative reconstruction (3 hours)
- Forensic tools (4 hours)
- Windows file systems (3 hours)
- Unix file system (4 hours)
- Unix processes in depth, root kits (3 hours)
- Network forensics (4 hours)
- TCT or Sleuthkit Lab (4 hours)
- Criminology, criminal intentions (3 hours)
- Criminal element, laws (5 hours)
- Expert testimony (3 hours)
- Discuss the rules, laws, policies, and procedures that affect digital forensics
- Use one or more common digital forensics tools, such as EnCase, FTK, ProDiscover, Xways, SleuthKit.
- Describe the steps in performing digital forensics from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, through the completion of legal proceedings