Skip to main content

CSS 436: System Forensics, Investigation and Response

Course Description

This course will focus on examining the fundamentals of system forensics, i.e.: what forensics is, an overview of computer crime, and the types of laws that affect forensic investigations. A significant part of the course is devoted to examining the tools, techniques, and methods used to perform computer forensics and investigations. Students will learn how to collect, preserve, analyze, and document all types of digital evidence, from computers running various operating systems, mobile devices, e-mail, and more. (3 credits)

Prerequisites

  • ENG 101: English Composition 1
  • ENG 102: English Composition 2
  • ITE 145: Fundamentals of Information Systems Security
  • ITE 220: Networking and Data Communcation (Recommended)

Student Learning Outcomes (SLOs)

Students who successfully complete this course will be able to:

  1. Summarize the basic principles of computer forensics.
  2. Summarize important laws regarding computer forensics.
  3. Describe various computer crimes and how they are investigated.
  4. Describe digital forensic methodology and labs.
  5. Outline the proper approach to collecting, seizing, and protecting evidence.
  6. Explain techniques for hiding and scrambling information as well as how data is recovered.
  7. Summarize various types of digital forensics.
  8. Explain how to perform a network analysis.
  9. Describe incident and intrusion response.
  10. Identify trends in and resources for digital forensics.

General Education Outcomes (GEOs)

Please check the applicable GEOs for this course, if any, by outcomes at GEO Category Search, or by subject area at GEO Discipline Search.

Course Activities and Grading

Assignments

Weight

Discussions

6%

Written Assignments

30%

Lab Assignments

20%

Project

24%

Final Exam (Week 8)

20%

Total

100%

Required Textbooks

Available through https://bookstore.mbsdirect.net/vbm/vb_home.php?FVCUSNO=35478
  • Easttom, Chuck. System Forensics, Investigation, and Response - Print Bundle for LMS Integrations. 3rd ed. Burlington, MA: Jones & Bartlett Learning, 2018. ISBN-13: 9781284186338

Note: This is a Print Bundle which includes the textbook and the Access Code required for this course. Student must purchase these materials “New” from the Charter Oak State College bookstore. Used materials or materials from any other source are not acceptable.

Course Schedule

Week

SLOs

Readings and Exercises

Assignments

1

1,2,3

Topics: Introduction to Forensics and Computer Crimes

  • Readings:
    • Chapter 1, “Introduction to Forensics”
    • Chapter 2, “Overview of Computer Crime”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 1 Assignments
    • Report Cybercrimes
    • Digital Forensic Firms
    • Denial of Service Tools
  • Submit Week 1 Lab
    • Apply the Daubert Standard on the Workstation Domain

2

4,10

Topics: Forensic Methods, Labs, and Future Trends

  • Readings:
    • Chapter 3, “Forensic Methods and Labs”
    • Chapter 14, “Trends and Future Directions”
    • Chapter 15, “System Forensics Resources”
  • Read assigned chapters
  • Review the Lecture material
  • Submit Week 2 Assignments
    • Digital Forensic Software or Equipment Proposal
    • The Cloud or Digital Forensic Conferences
  • Submit Week 2 Lab
    • Documenting a Workstation Configuration Using Common Forensic Tools

3

5,6

Topics: Collecting, Seizing and Protecting Evidence

  • Readings:
    • Chapter 4, “Collecting, Seizing, and Protecting Evidence”
  • Read assigned chapter
  • Review the Lecture material
  • Submit Week 3 Assignments
    • Chain of Custody Roles and Requirements
    • Best Practices in Collecting Digital Evidence
    • Proper Methods for Recovering Data
  • Submit Week 3 Lab
    • Create a Forensic System Case File for Analyzing Forensic Evidence

4

6,7

Topics: Understanding Techniques for Hiding and Scrambling Information, and Recovering Data

  • Readings:
    • Chapter 5, “Understanding Techniques for Hiding and Scrambling Information”
    • Chapter 6, “Recovering Data”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 4 Assignments
    • Steganography Detection Tools or Data Recovery Plan
  • Submit Week 4 Labs
    • Recognizing the Use of Steganography in Image Files
    • Uncovering New Digital Evidence Using Bootable Forensic Utilities

5

7

Topics: Windows and Linux Forensics

  • Readings:
    • Chapter 8, “Windows Forensics”
    • Chapter 9, “Linux Forensics”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 5 Assignments
    • Tools for Monitoring Changes to Files and Memory
    • Windows Forensics
    • Linux Forensics
  • Submit Week 5 Lab
    • Identifying and Documenting Evidence from a Forensic Investigation
    • Analyzing Images to Identify Suspicious or Modified Files
  • Submit Project Part 1: Preparing for a Forensic Investigation

6

7

Topics: Macintosh, E-mail, and Mobile Forensics

  • Readings:
    • Chapter 7, "E-mail Forensics"
    • Chapter 10, "Macintosh Forensics"
    • Chapter 11, "Mobile Forensics"
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 6 Assignments
    • Macintosh Forensics or E-mail Presentation orMobile Forensics
    • Data Doctor
    • Appropriate Traffic Analysis Tools
  • Submit Week 6 Lab
    • Automating E-mail Evidence Discovery Using P2 Commander

7

8,9

Topics: Network Analysis, and Incident and Intrusion Response

  • Readings:
    • Chapter 12, “Performing Network Analysis”
    • Chapter 13, “Incident and Intrusion Response”
  • Read assigned chapters
  • Review the Lecture material
  • Submit Week 7 Assignments
    • Network Security Breaches
    • Network Traffic Analysis Tool Evaluation
  • Submit Week 7 Labs
    • Decode an FTP Protocol Session and Perform Forensic Analysis
    • Conducting an Incident Response Investigation for a Suspicious Login
  • Submit Project Part 2: Analyzing an E-mail Archive for an Electronic Discovery Investigation

8

1-10

Topics: Course Review and Final Examination

  • Readings:
    • Review previous chapters in preparation for the Final Exam
  • Submit Project Part 3: Analyzing Evidence from Mac OS X
  • Participate in the Discussions
  • Complete Final Exam
  • Complete Course Evaluation

Final Exam
Chapters 1-15

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.