Faculty

ITSY-2343 Computer System Forensics

Philip Cupina

Credit Spring 2022

Section(s)

ITSY-2343-001 (37940)
LEC TuTh 2:50pm - 4:05pm DIL DLS DIL

LAB TuTh 4:05pm - 4:35pm DIL DLS DIL

Course Requirements

Course Description: In-depth study of system forensics including methodologies used for analysis of computer security breaches. Gather and evaluate evidence to perform postmortem analysis of a security breach. This course will progress through what a typical computer forensics analyst performs during an investigation. We will be covering hardware, files systems, advanced EnCase concepts, file signature and hash analysis.

Pre-requisite: ITSY 2342

Readings

Approved Course Texts/Readings:

EnCE The Official EnCase Certified Examiner study guide 3rd edition Steve Bunting, EnCE, CCFT

ISBN- 978-0-470-90106-9

Course Subjects

COURSE SCHEDULE

ITSY 2343 Schedule
Dates are subject to change
The Instructor Reserves the Right to Make Schedule Changes

Week 1

Jan 18, 20

Introduction to the course
Explanation and Discussion of Syllabus

Fill out Computer Studies Student Information Form

Lecture chapter 1 Computer Hardware

Read Chapter 1,2

Week 2

Jan 25, 27

Cont. Chapter 1, Chapter 2 File Systems

Lab #1 Turn in Chapter 1& 2 Homework

Chapter 1 &2 Quiz

Read Chapter 3

Turn in Chapter 1 Homework

Week 3

Feb 1, 3

Lecture: Cont. Chapter 2 File Systems, Lecture: Chapter 3 First Response

Lab #2 Quiz on chapter 3

Read Chapter 4

Turn in Chapter 2, 3 Homework

Week 4

Feb 8, 10

Lecture: Chapter 4: Acquiring Digital Evidence, Quiz chapter 4

Lab # 3

Read Chapter 5

Turn in Chapter 4 Homework

Week 5

Feb 15, 17

Lab #4, and make up of previous labs.

Review for Exam #1 Chapters 1-4

Read Chapter 5

Week 6

Feb 22, 24

Exam #1 Chapters 1-4 (Tuesday)

Lab #5, Review of first Exam

Review Chap 1-4

Turn in all labs

Read Chapter 5

Week 7

Mar 1, 3

Lecture: Chapter 5 EnCase Concepts

Quiz Chapter 5

Read Chapter 6

Turn in chapter 5 Homework

Week 8

Mar 8, 10

Lecture: Chapter 6 EnCase Environment

Quiz chapter 6

Lab #6

Read Chapter 7

Turn in Chapter 6 Homework

March 15, 17

Spring Break

Read Chapter 7

Week 9

Mar 22, 24

Lecture: Corporate Crimes (not in book)

Lab #7

Read Chapter 7

Week 10

Mar 29, 31

Lecture: Chapter 7 Understanding, Searching For, and Bookmarking Data

Lab #8 Quiz Chapter 7

Read Chapter 7

Turn in Chapter 7 Homework

Week 11

Apr 5, 7

Tuesday Finish up all labs for this segment

Review for Exam #2 Chap 5-7

Review Chap 5-7

Read Chapter 8

Week 12

Apr 12, 14

Exam #2 Chapters 5-7 (Tuesday)

Lecture: Chapter 8 File Signature Analysis and Hash Analysis Quiz Chap 8

Turn in ALL Labs

Read Chapter 9

Turn in Chapter 8 Homework

Week 13

Apr 19, 21

Chapter 9 Windows Operating System Artifacts Quiz chapter 9

Lab #9

Read Chapter 10

Turn in Chapter 9 Homework

Week 14

Apr 26, 28

Lecture: Chapter 10 Advanced EnCase

Lab #10

Turn in Chapter 10 Homework

Review for final Exam

Week 15

May 3, 5

Lecture: Cont. Chapter 10 Advanced EnCase

Finish Lab 10

Review for Exam #3 Chap 8-10

Review for final Exam

Week 16

May 10, 12

Exam #3 Chapters 8-10 (Tuesday)

Review of Exam

Study for Exam #3

Turn in ALL Labs

Student Learning Outcomes/Learning Objectives

Course Objectives / Learning Outcomes:

Understand computer boot process, mechanics of FAT and NTFS file systems, and disk partitions
Describe first response actions
Acquire digital evidence
Comprehend EnCase operation and use it for forensics purposes
Describe advanced EnCase features
Perform data searches and bookmarking
Perform signature analysis and hash analysis
List, describe, and access Windows artifacts
Create reports

SCANS (Secretary’s Commission on Achieving Necessary Skills): Refer to http://www.austincc.edu/cit/courses/scans.pdf for a complete definition and explanation of SCANS. The following list summarizes the SCANS competencies addressed in this particular course:

Scan Competencies:

Legend:
1 = Concept
2 = Application
3 = Advanced

C5	Acquires and evaluates information	2
C6	Interprets and communicates information	2
C8	Uses computers to process information	2
C9	Participates as a member of a team: Contributes to group effort	2
C16	Monitors and corrects performance: Distinguishes trends, predicts impacts on system operations, diagnoses systems performance, and corrects malfunctions	1
C17	Improves or Designs Systems: Suggests modifications to existing systems and develops new or alternative systems to improve performance	1
C18	Selects technology: Chooses procedures, tools, or equipment, including computers and related technologies	2
C19	Applies technology to task: Understands overall intent and proper procedures for setup and operation of	2
C20	Maintains and troubleshoots equipment: Prevents, identifies, or solves problems with equipment, including computers and other technologies	2
F1	Reading: Locates, understands, and interprets written information in prose and in documents such as manuals	2
F3	Arithmetic: Performs basic computations; uses basic numerical concepts such as whole numbers, etc.	2
F5	Listening: Receives, attends to, interprets, and responds to verbal messages and other cues	2
F9	Problem solving: Recognizes problems and devises and implements plan of action.	1
F10	Seeing Things in the Mind’s Eye: Organizes and processes symbols, pictures, graphs, objects and other	2
F11	Knowing how to learn: Uses efficient learning techniques to acquire and apply new knowledge and skills.	2
F12	Reasoning: Discovering a rule or principle underlying the relationship between two or more objects and applies it	2
F13	Responsibility Exerts a high level of effort and perseveres towards goal attainment	2
F14	Self-Esteem: Believes in own self-worth and maintains a positive view of self.	2
F15	Social ability: Demonstrate understanding, friendliness, adaptability, empathy, and politeness in group settings.	2
F16	Self-Management: Assesses self accurately, sets personal goals, monitors progress, and exhibits self-control.	2
F17	Integrity/Honesty: Chooses ethical courses of action.	2