IT Graduate Certificate in Information Security and Assurance


Course Description



(6) IT 6853 Computer Forensics


Course Description: This course studies techniques and tools in computing investigation, digital evidence collection, recovery, and analysis. Topics include:  Legal issues relating to digital evidence, recover deleted files and discover hidden information, reconstruct user activity from e-mail, temporary Internet files and cached data, assess the integrity of system memory and process architecture to reveal malicious code.


Course Prerequisites: IT 6823 Information Security Concepts and Administration


Course Outline:

Computer Forensics and Investigation as a Profession

·    Computer forensics versus other related disciplines

·    A brief history of computer forensics

·    Understanding enforcement agency investigations

·    Understanding corporate investigations

·    Maintaining professional conduct

Preparing a Computer Investigation

·    Planning your investigation

·    Securing your evidence

·    Data-recovery workstations and software

·    Creating a forensic boot floppy disk

·    The investigator’s office and laboratory

·    Current computer forensics tools

Processing Crime and Incident Scenes

·    Collecting evidence in a corporate environment

·    Processing law enforcement crime scenes

·    Preparing for a search

·    Securing a computer incident or crime scene

·    Seizing digital evidence at the scene

·    Reviewing a case

Digital Evidence Control

·    Identifying digital evidence

·    Cataloging digital evidence

·    Storing digital evidence

·    Obtaining a digital Hash

Data Acquisition

·    Windows-based computer forensics

·    Macintosh computer forensics

·    UNIX-based computer forensics

·    Using MS-DOS acquisition tools

·    Using Windows acquisition tools

·    Using UNIX acquisition tools

·    PDA data acquisitions

·    Cell phone data acquisitions

Computer Forensics Analysis and Forensics Practice

·    Using AccessData’s forensic toolset

·    Using Guidance Software’s EnCase

·    Using other computer forensic tools

·    Approaching computer forensics cases

·    Performing a computer forensics analysis

·    Addressing data-hiding techniques

·    Understanding data compression

·    Locating and recovering image files

·    Analyzing image file headers

·    Network forensics

·    Investigating e-mail crimes and violations

·    Understanding e-mail servers

·    Using specialized e-mail forensics tools

Reporting Results of Investigations

·    Guidelines for writing reports

·    Generating report findings with forensic software tools

·    Preparing for Testimony

·    Testifying in court

·    Preparing for a deposition