General Course Information
Department IST
Number 454
Title Computer and Cyber Forensics
Credits 3
Description Computer and communication technologies have become the key components to support critical infrastructure services in various sectors of our society. In an effort to share information and streamline operations, organizations are creating complex networked systems and opening their networks to customers, suppliers, and other business partners. Increasing network complexity, greater access, and a growing emphasis on the Internet have made information and network security a major concern for organizations.
IST 454 focuses on computer and cyber forensics. Students will learn different aspects of computer and cyber crime and ways in which to uncover, protect, exploit, and document digital
evidence. Students will be exposed to different types of tools (both software and hardware), techniques and procedure, and be able to use them to perform rudimentary forensic
investigations.
A major component of the course will be several hands-on exercises and a final team-based project. This course will incorporate collaborative and action-learning experiences wherever appropriate. Emphasis will be placed on developing and practicing writing and speaking skills through application of the concepts, theories and technologies that define the course.
Prerequisite IST220
Integrated throughout are perspectives of computer and related legal process, including computer crimes from state and federal law, methods of interaction with law enforcement and
prosecutors, admissibility of expert witness testimony and the use of forensic reports in civil, regulatory and internal
investigations. Objectives
Instructor Information
Primary Instructor William H. Bowers Office Franco 119 Phone Number (610) 396-6276 Fax (610) 396-6026 Email whb108@nospam.psu.eduText Message whbowers@nospam.sprintpcs.com
Home Page http://www.bk.psu.edu/faculty/bowers
AIM: psuwhb108
MSN Messenger: whbowers@nospam.psu.edu
(Please use a PSU address and include the course in the subject)
Meeting Time and Place
Section Number 001
Campus Berks
Friday: 3:30 PM - 4:20 PM
Office Hours:
Course Materials
ISBN 0-619-21706-5
Title Guide to Computer Forensics and Investigations
Edition 2d
Author Amelia Phillips, Bill Nelson, Frank Enfinger, Christopher
Steuart
Website
http://www.course.com/catalog/product.cfm?isbn=978-0-619-21706-8&CFID=30576648&CFTOKEN=31113895
Publisher Thomson Course Technology: Boston, MA
Required
ISBN 978-0-7821-4435-2
Title EnCase Computer Forensics: The Official EnCE: EnCase
Certified Examiner Study Guide
Edition
Author Steve Bunting, William Wei
Website
http://www.sybex.com/WileyCDA/SybexTitle/productCd-0782144357.html
Publisher Sybex: San Francisco, CA
Class Schedule
Topic Reading Handouts Course Introduction Forensics as a Profession Nelson Chapter 1 Chapter 1 Assignments Lab1 Nelson 1
Week 2 Monday, September 03, 2007
Topic Reading Handouts
Understanding Computer Investigations Nelson Chapter 2 Chapter 2 Assignments Lab2 Nelson 2 Group Assignments
Team Membership & Charter
Week 3 Monday, September 10, 2007
Topic Reading Handouts
The Investigator's Office and Laboratory Nelson Chapter 3 Chapter 3 Assignments Nelson 3
Week 4 Monday, September 17, 2007
Topic Reading Handouts
Current Computer Forensics Tools Nelson Chapter 4 Chapter 4 Assignments Nelson 4
Week 5 Monday, September 24, 2007
Topic Reading Handouts
Processing Crime and Incident Scenes Nelson Chapter 5 Chapter 5 Assignments Nelson 5
Week 6 Monday, October 01, 2007
Topic Reading Handouts
Digital Evidence Controls Nelson Chapter 6 Chapter 6 Assignments Nelson 6
Week 7 Monday, October 08, 2007
Topic Reading Handouts
Working with Windows and DOS Systems Nelson Chapter 7 Chapter 7 Assignments Nelson 7
Week 8 Monday, October 15, 2007
Topic Reading Handouts
Macintosh and Linux Boot Processes and File Systems Nelson Chapter 8 Chapter 8 Assignments Nelson 8
Week 9 Monday, October 22, 2007
Topic Reading Handouts
Data Acquisition Nelson Chapter 9
Chapter 9
Assignments
Nelson 9
Week 10 Monday, October 29, 2007
Topic Reading Handouts
Computer Forensics Analysis Nelson Chapter 10 Chapter 10 Assignments Nelson 10
Week 11 Monday, November 05, 2007
Topic Reading Handouts
Recovering Image Files Nelson Chapter 11 Chapter 11 Assignments Nelson 11
Week 12 Monday, November 12, 2007
Topic Reading Handouts
Network Forensics Nelson Chapter 12 Chapter 12 Assignments Nelson 12
Week 13 Monday, November 19, 2007
Topic Reading Handouts
E-Mail Investigations Nelson Chapter 13 Chapter 13 Assignments Nelson 13
Evaluation Methods
You will be evaluated on your individual chapter reading notes and the group project deliverables. The standards for the reading notes will be linked to the online syllabus and discussed the first class meeting. The specifications for the group deliverables will be linked to the online syllabus, distributed and discussed in class. The deliverables will be evaluated for conformance with the specifications. Writing assignments will be evaluated as stated in the syllabus section titled
"Assignment Standards". Your grade will be a simple percentage of the group and individual points earned divided by the total possible points.
Week 14 Monday, November 26, 2007
Topic Reading Handouts
Becoming an Expert Witness and Reporting Results of Investigations Nelson Chapter 14 Chapter 14 Assignments Nelson 14
Attendance
You are expected to attend all class sessions. This course will cover a great deal of material and missing even one class will put you at a disadvantage. I recognize that there may be job, family or other unavoidable conflicts with scheduled
classes. These will be dealt with on a case-by-case basis before the scheduled class. If you have a conflict that cannot be avoided, please let me know as soon as you are aware of it so that we may find a reasonable solution. Except in cases of true last minute unavoidable conflicts, I will not excuse an absence after the fact. Please make sure to let me know before the class, not afterwards.
If excessive absences become a problem on those days where there is no direct penalty for missing class, such as group work or lab days, I reserve the right to award “bonus points” for attendance or participation or through the use of unannounced pop quizzes for those who are in class .
Grading
Letter Grade Points Minimum Percentage
Grading is in accordance with the University standards: (http://www.psu.edu/ufs/policies/47-00.html#47-40) A 4.00 93 A- 3.67 90 B+ 3.33 87 B 3.00 83 B- 2.67 80 C+ 2.33 77 C 2.00 70 D 1.00 60 F 0.00 0
While I am always willing to discuss grades, grade changes will not be considered more than one week after an assignment has been returned. Deferred grades for the semester will only be considered if made in a timely manner and if the basis for the request is beyond the control of the student.
Academic Integrity
University Policies and Rules 49-20: “Academic integrity is the pursuit of scholarly activity in an open, honest and responsible manner. Academic integrity is a basic guiding principle for all academic activity at Penn State, and all members of the University community are expected to act in accordance with this principle. Consistent with this expectation, the University's Code of Conduct states that all students should act with personal integrity, respect other students' dignity, rights and property, and help create and maintain an environment in which all can
the University community and compromise the worth of work completed by others. Academic dishonesty includes, but is not limited to, cheating, plagiarizing,
fabricating of information or citations, facilitating acts of academic dishonesty by others, having unauthorized possession of examinations, submitting work of another person or work previously used without informing the instructor, or tampering with the academic work of other students.”
In short, if you use someone else's work, either directly or indirectly, be sure to cite the work and give appropriate credit. If you are unsure, check with me beforehand and credit the source. Source code or written assignments that are so similar to another's work as to raise questions will not be evaluated, both submissions will receive grades of zero for that assignment and an Academic Integrity form will be completed and sent to the Associate Dean for referral to the appropriate
administrative committees. In accordance with University policy, I can “. . . not issue a grade solely based upon a belief that a student has violated academic integrity. An instructor must instead follow the procedures provided for in AAPPM G9.” (http://www.bklv.psu.edu/academic/academicintegrity). This means that if I assess a grade penalty for a violation, I must file the official paperwork with the University.
Blatant or repeated acts of academic dishonesty will be referred to the appropriate administrative committees and you may receive a failing grade for the course due to academic dishonesty.
Accommodations for Persons with Disabilities
"It is the policy of the University not to discriminate against persons with disabilities in its admission policies or its procedures or educational programs, services or activities." (Student Guide to General University Policies and Rules 2001-2001, http://www.sa.psu.edu/ja/PoliciesRules.pdf) Penn State welcomes students with disabilities into the University's educational programs. It is my policy to provide any reasonable accommodations necessary for a person with a disability to be
provided a level playing field and equal opportunities in my classroom. Please let me know as early in the semester as possible of any requirements you may have so I may provide those accommodations. Susan Anderson, Disability Services, sma17@psu.edu, 610-396-6410, 153 Franco Building (Berks campus) is also available to assist you or answer questions about disability related issues.
Modification of Course Policies
This syllabus will be modified and kept up to date. It is your responsibility to check the online version frequently to insure that you have the latest information. All of my syllabi are linked to my home page (http://www.bk.psu.edu/faculty/bowers). The above schedule, policies and assignments in this course may be modified to meet the specific requirements of individual course sections or by mutual