• No results found

Days at Location: TUWTH

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Days at Location: TUWTH"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

1 Semester: Fall 2014 Instructor: Gerald Miller

Class Info: ITN276-F01 (51919) Phone: (540) 891-3038

Location/Room: FAC2 Room 232 Office Location: FAC2 Room 221 Class Name: Computer Forensics I Days at Location: TUWTH Class Days/Times: W, 6:00PM-9:45PM This

course is a special hybrid course that combines in-class learning and out of in-class instruction.

Students must have access to and be familiar with Blackboard

Office Hours:: Tues/Thurs: 12PM(noon) to 3:15PM; Wed 2PM to 5:45PM

Other times by appointment. Class Credits: 4 Email: [email protected] GCC E-mail Policy:

Students, faculty, and staff of Germanna Community College must use GCC email for all official college communications. This includes course-related communications between students and faculty. If you need help accessing your student email account please visit the ACC on either campus.

Course Description:

Teaches computer forensic investigation techniques for collecting computer-related evidence at the physical layer from a variety of digital media, (hard drives, compact flash and PDAs) and performing analysis at the file system layer

Textbook and Supplies:

Guide to Computer Forensics and Investigations, 4

th

Edition, Nelson,

Phillips, and Steuart, 2010, Course Technology, ISBN 978-1-435-49883-9 (Purchase

Required)

Lab Manual Guide to Computer Forensics and Investigations, 4

th

Edition, Blitz, 2011, Course

Technology, ISBN 978-1-4354-9885-3 (Purchase Required)

USB Flash Drive: 256/512 MB Only --- larger drive will require too much class time for

analysis (Purchase is Required) Drive will be used for ITN276 … no other data.

(2)

2

Reference Materials:

Encase Legal Journal – Practitioner’s Guide, 2011 Edition. (Download from

Guidancesoftware.com – registration is required)

File System Forensic Analysis, Carrier, 2005, Addison-Wesley, ISBN 0-32-126817-2

Digital Forensics With open Source Tools, 1

st

edition, SYNGRESS, Altheide and Carvey,

ISBN 978-1-59749-586-8

Windows Forensics Analysis DVD Toolkit 2E, SYNGRESS, Carvey, ISBN

978-1-59749-422-9

Learning Outcomes:

Upon successful completion of this course, the student will:

Collect digital evidence on a variety of computer systems using accepted forensic processes.

Understand and correctly use court accepted imaging and analysis tools.

Understand the legal challenges to collecting and analyzing digital evidence

Additional Course Information:

Course Content.

Understanding Computer Forensics o History of computer forensics o Computer forensics as a career

o Professional certification and organizations Legal Issues in Computer Forensics

o Law enforcement investigations o Corporate investigations o Professional ethics and conduct Preparing for an Investigation o Forensic resources o Preparing a forensic toolkit Securing a System for Investigation. Evidence Preparation.

o Employing media wiping tools.

o Employing checksums/hashing as validation o Bit-by-bit copies

Analyzing and Understanding File Systems o Fat 12

o Fat 16 o Fat 32

(3)

3 o NTFS

Data Acquisition at a Physical Layer o Imaging a system using forensic tools Using write-blockers

Using court accepted tools to duplicate drives o Understanding drive geometry

o Understanding file systems and disk partitioning o Hashing the drive

Analyzing Data

Recovering data at physical layer using court accepted forensic tools. o Examining DOS and Windows disk structures

o Understanding the boot sequence o Examining NTFS and FAT file systems o NTFS Data Streams

Examining Other Media Structures o Floppies

o CDs

o Thumb/flash drives

Recovering Deleted and Encrypted Data from a File System

o Manually recovering a deleted file, directory and partition in the FAT file system o Manually recovering data remnants from slack space in the FAT file system o Manually recovering data remnants from unallocated space in the FAT file system o Manually recovering file names from the directory entry table in the FAT file system o Examining the NTFS file system

o Manually recovering deleted files in the NTF file system o NTFS Encrypted File Systems (EFS)

o EFS Recovery Agent

Recovering Hidden Data at a Physical Layer o Hidden partitions

o Bit-shifting Data Carving o Slack space o Free space

Cataloging and Storing Digital Evidence. o Chain of Custody

o Evidence transport o Evidence storage o Evidence Locker Room Important Dates:

Classes Begin Aug 20

(4)

4

Labor Day (College Closed) Sep 1

Last Day to Drop with Refund Sept 8

College Learning Day (No Classes) Sept 23

Last Day to Withdraw Without Academic Penalty Oct 30

Thanksgiving Holiday (No Classes) Nov 26-29

Classes End Dec 9

Final Examinations Dec 10-16

Attendance Policy:

Class attendance is an integral part of a sound academic program for most classes at Germanna. However, alternate teaching techniques, which may not require class attendance, may also be a part of a sound academic program. Class attendance requirements are found in the course outline, which the instructor provides to students in each course. Germanna students are expected to be present and on time at all regularly scheduled classes and laboratory meetings. When a faculty member determines that a student has not met the class attendance requirements in the course outline, which will usually conform to the statement at the end of this Standard, the faculty member may submit a Drop/Add Form, showing the last date of attendance by the student, to the Admissions and Records Office. A grade of "W" will be recorded for all withdrawals, whether initiated by the student or by the faculty member through the published "Last day to withdraw without academic penalty." Students withdrawn after the withdrawal deadline will receive a grade of "F" except under mitigating

circumstances, which must be documented by the student and approved by the Dean of Instruction. Please see "Withdrawing from a course" under "Registration Information" in the Academic

Information section of the Germanna course catalog for additional policy information. For 8 week, short session classes, the below permitted absences are cut in half. For short session courses other than 8 week, please see your instructor for the permitted absences.

The official GCC withdrawal policy follows: Withdrawal from a course without academic penalty may be made within the first 60% of the course. The student will receive a grade of "W" for withdrawal. After that time, the student will receive a grade of "F". Exceptions to this policy may be considered under mitigating circumstances which must be documented and submitted to the appropriate Dean of Instruction for review and consideration. Please see "Important Dates" above for the last day to withdraw.

(For the drop date for Short Session courses, see the link listed in "Important Dates for Short Session Courses" and use that information if applicable.)

If class meeting times Absences during the week are: permitted are: 1 2

Course Plan for College Closing

This course is heavily dependent on forensic software available only in a specially configured classroom laboratory. If that resource is not available, the course will be conducted by

(5)

5 supplementing readings in the textbook with case studies available at the end of each chapter.

Assignments will be made on BlackBoard.

Electronics (e.g. Cell Phones) Food Classroom Policy Food and drink are not permitted in FAC Room 232

Classroom Demeanor (See Internet Demeanor for distance learning classes):

Modern technology provides many wonderful capabilities, but improperly used – wrong time and place – can be very disruptive to many. Therefore, during class the use of cell phones and iPods or other similar devices is not permitted. If cell phone communications is necessary because of extenuating personal circumstances, cell phone communications make take place outside of the classroom. In a like manner, surfing the Internet during class, unless otherwise directed by the

instructor as part of the class lesson, is not permitted. Violations of these classroom policies will result in a loss of 25 points (for each incident) from the student’s total point score. Continued disregard for these classroom policies may result in administrative dismissal from the class.

Internet Demeanor:

The Internet is a wonderful technological capability that requires users to exercise good judgment and the use of acceptable Internet etiquette. Students should review college-wide policies pertaining to the use of Germanna computers as well as the VCCS. Those policies are found at the following Internet URL: http://www.germanna.edu/policies/CollegeWide/#info%20tech.

Grading Policy:

There 16 chapters in the primary course textbook. Each chapter has an associated test consisting of approximately 40-50 questions (T/F, multiple choice, matching, and essay). There will be a mid- term and final exam as noted in the syllabus. Class attendance will be part of the final grade. Grade “weighting” is as follows:

Chapter Tests: 40% .Mid-Term and Final Exam: 25% each. Attendance: 10%

Grades will be assigned as follows: A- 90%+, B 80-89%, C 70-79%, D 60-69%, and F 0-59% Academic Honesty:

The faculty of Germanna Community College recognizes that academic honesty is an integral

factor in developing and sharing knowledge. We support the concept of academic honesty,

practice academic honesty in our classes, and require academic honesty from our students.

GCC students are expected to maintain complete honesty and integrity in the completion and

presentation of all academic assignments and examinations. Any student found guilty of

(6)

6

cheating, plagiarism, or other dishonorable acts in academic work is subject to disciplinary

action.

Academic dishonesty is cheating and stealing. Academic dishonesty includes, but is not

limited to:

Using material verbatim from a source without giving credit.

Rewriting material from a source without giving credit.

Using information from an Internet source without giving credit.

Submitting the work of another person as your own work.

Using/copying another student's computer disk.

Copying from another person's paper/test/homework.

Allowing someone else to copy/use your work (paper, homework, quiz, test).

Violating VCCS Computer Ethics Guidelines in the pursuit of academic studies.

Disability Information:

If you are a student with a disability and will need accommodations while enrolled in this course, please contact the Coordinator of Disability Services in the Counseling Center, (540-891-3019 at the Fredericksburg Area Campus or 540-423-9140 at the Locust Grove Campus).

Student Academic Services: Tutoring Services:

Tutoring Services offers a variety of free academic support programs for Germanna students at both the Locust Grove and Fredericksburg Area campuses. Daniel Center students should contact the Locust Grove tutoring office regarding available services and Stafford Center students should contact the FAC Tutoring Services Office for available services. To schedule an individual tutoring

appointment, call or visit the Locust Grove or Fredericksburg Tutoring Centers.

Online tutoring is available during daytime, evening and weekend hours. Registered students may access online tutoring by clicking on the Smarthinking link from the Tutoring Services’ website. Supplementary academic materials are available free of charge from Tutoring Services, and they may also be downloaded from the Tutoring Services’ website: http://www.germanna.edu/tutor/ Tutoring Services operates a daily walk-in Writing Lab and Math Lab as well as providing a variety of study skills and academic workshops. Students may register for the Test Taking/Test Anxiety Workshop,

Grammar Workshop, APA/MLA Workshop, TI83/84 Calculator Workshop, Computer Competency Workshop, Note-taking, Spanish Discussion Group, Drug Calculation Workshop, and the Basic PC Skills Mini Course by visiting or calling our offices. Several of these workshops may also be viewed online from the “Online Tutoring Resources” section of the Tutoring Services’ website:

(7)

7 Academic Computing Center:

The ACC provides computer access to students needing to work on class work, check e-mail, blackboard, etc. Students also can apply, register for classes or change classes, check grades, etc. using myGCC. Staff is available to assist students with various computer issues and services. Student can access the internet and MS Office Suite 2013, and placement testing is administered at LGC. Testing Services:

Testing Services provide proctor services for make-up and distance learning tests. Test proctoring for various nursing exams, dental hygiene, exit exams and other college/university testing as well. To determine the hours of the Testing Center, go to the website

http://www.germanna.edu/acc/testing_center.

Library Services:

Library Services offers a rich variety of resources to Germanna students from workshops on how to conduct academic research to an online catalog of print and electronic resources available at the Locust Grove Campus, the Fredericksburg Area Campus, and the Daniel Technology Center in

Culpeper. FAC’s Information Commons provides a quiet place to research and write. Library staff can aid students with their research. Students can access thousands of journal titles, most of which are full text. E-books are available in a variety of disciplines and for leisure reading. Students are encouraged to take advantage of library resources by visiting any of Germanna’s libraries and exploring the online resources at:

http://www.germanna.edu/Academics_And_Student_Services/Student_Services/Library_Services/

Tentative Course Schedule:

Syllabus Subject To Change

Date Reading Assignment Labs (TBA)*

Week 1 – 8/20 Course Overview

Chapter 1 – Computer forensics as a Profession

Chapter 2 – Understanding Computer Investigations

Chapter 3 – The Investigators Office and Laboratory

Week 2 – 8/27 Chapter 4 – Data Acquisition

Chapter 16 – Ethics Testimony in high Tech Investigations

9/2 Labor Day – School Closed

Week 3 – 9/3 Chapter 2 – Investigating Network Traffic

Week 4 – 9/10 Chapter 3 -- Investigating WEB Attacks

9/17 College Learning Day No Classes

(8)

8 Week 6 – 9/24 Chapter 5 – Processing Crime and

Incident Scenes

Week 7 – 10/1 Mid Term

Week 8 –10/8 Chapter 6 -- Working with Windows and DOS Systems

Week 9 – 10/15 Chapter 7 – Current computer Forensics Tools

Week 10 – 10/22 Chapter 8 – Macintosh and Linux Boot Processes and File Systems

Week 11 – 10/29 Chapter 9 – Computer Forensics Analysis and Validation

Week 12 – 11/5 Chapter 10 – Recovering Graphics Files Week 13 – 11/12 Chapter 11 – Virtual Machines, Network

Forensic, and Live Acquisitions

Week 14 – 11/19 Chapter 11 – Virtual Machines, Network Forensic, and Live Acquisitions

11/27 to 11/30 Thanksgiving Holiday – no classes Week 15 – 12/3 Chapter 13 – Cell Phone and Mobile

Device Forensics

Chapter 14 – Report Writing for High Tech Investigations

Week 16 – 12/10 Final Exam -- In Class

References

Download now ( PDF - 8 Page - 249.93 KB )

Related documents

University of North Texas, School of Library and Information Sciences SLIS , 005, 007, 009 SLIS , 005, 007, 009

Students will answer reference questions using a variety of print and electronic specialized resources, use a number of print and electronic databases and indexes, take

Produção de Virus Like Particles de Norovírus GII.4 para seleção de anticorpos monoclonais humanos a partir de biblioteca apresentada em fagos

Assim, a utilização de uma biblioteca de anticorpos humanos para a seleção de anticorpos monoclonais, utilizando VLP de norovírus como molécula alvo, pode fornecer ferramentas

CFBC Boiler - A Survey

The difference between the BFBC and CFBC boilers lies with the hydrodynamics – smaller particle size, higher fluidization velocity, different

Online Sandhills Community College. A Guide to Your Rights And Responsibilities

Students in online courses access the Boyd Library and the services provided through Learning Resources from the student portal, MySCC. To gain access to important academic

Successful Mobile Application Development: Towards a Taxonomy of Domain-Specific Process Models and Methodologies

Methods from classical software development like iterative, parallel or sequential process models can be used by some extent, but new processes are necessary because of

The Palestinian Cataclysm: the Economic Consequences of the Israeli-Palestinian Conflict

1964 pour représenter les intérêts pales- tiniens, prend de l’importance et acquiert du pouvoir et de la notoriété au sein de la population palestinienne de par son désir

CENTURY COURT LEASE ADDENDUM Effective July 2013

written move-out notice, or renew your lease, at least thirty (30) days prior to your Lease Ending Date, we will assume you are moving out, and we will attempt to lease your space

How to Conduct a Scientific Research

• “… literature review surveys scientific articles, books, journals, dissertations and other sources […] relevant to a particular issue, area of research, or theory,