CSS 436: System Forensics, Investigation and Response

Course Description

This course will focus on examining the fundamentals of system forensics, i.e.: what forensics is, an overview of computer crime, and the types of laws that affect forensic investigations. A significant part of the course is devoted to examining the tools, techniques, and methods used to perform computer forensics and investigations. Students will learn how to collect, preserve, analyze, and document all types of digital evidence, from computers running various operating systems, mobile devices, e-mail, and more. (3 credits)

Prerequisites

  • ENG 101: English Composition 1
  • ENG 102: English Composition 2
  • ITE 145: Fundamentals of Information Systems Security
  • ITE 220: Networking and Data Communcation (Recommended)

Student Learning Outcomes (SLOs)

Students who successfully complete this course will be able to:

  1. Summarize the basic principles of computer forensics.
  2. Summarize important laws regarding computer forensics.
  3. Describe various computer crimes and how they are investigated.
  4. Describe digital forensic methodology and labs.
  5. Outline the proper approach to collecting, seizing, and protecting evidence.
  6. Explain techniques for hiding and scrambling information as well as how data is recovered.
  7. Summarize various types of digital forensics.
  8. Explain how to perform a network analysis.
  9. Describe incident and intrusion response.
  10. Identify trends in and resources for digital forensics.

Course Activities and Grading

AssignmentsWeight

Discussions (Weeks 1 - 8)

10%

Written Assignments (Weeks 1 - 8)

30%

Lab Assignments (Weeks 2 - 8)

30%

Project (Weeks 2, 3, 5, 6, 8)

15%

Final Exam (Week 8)

15%

Total

100%

Required Textbooks

Available through Charter Oak State College's online bookstore

  • Easttom, Chuck. Digital Forensics, Investigation, and Response - with Access. 4th ed. Burlington, MA: Jones & Bartlett Learning, 2022. ISBN-13: 978-1-284-24448-9

Course Schedule

Week

SLOs

Readings and Exercises

Assignments

1

1,3

Topics: Introduction to Forensics and Computer Crimes

  • Readings:
    • Chapter 1, “Introduction to Forensics”
    • Chapter 2, “Overview of Computer Crime”
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 1 Assignments
    • Digital Forensic Firms
    • Denial of Service Tools

2

4,10

Topics: Forensic Methods and Evidence Handling

  • Readings:
    • Chapter 3, “Forensic Methods and Labs”
    • Chapter 4, "Collecting, Seizing, and Protecting Evidence"
  • Read assigned chapters
  • Review the Lecture material
  • Submit Week 2 Assignments
    • Digital Forensic Software OR Equipment Proposal (choose one)
    • Chain of Custody Roles and Requirements
  • Submit Week 2 Lab
    • Applying the Daubert Standard to Forensic Evidence
  • Submit Week 2 Project Part 1
    • Preparing for a Digital Forensic Investigation

3

5

Topics: Steganography and Data Recovery

  • Readings:
    • Chapter 5, “Understanding Techniques for Hiding and Scrambling Information”
    • Chapter 6, “Recovering Data”
  • Read assigned chapters
  • Review the Lecture material
  • Submit Week 3 Assignments
    • Steganography Detection Tools
    • Create a Data Recovery Plan
  • Submit Week 3 Labs
    • Recognizing the Use of Steganography in Image and Audio Files
    • Recovering Deleted and Damaged Files
  • Submit Week 3 Project Part 2
    • Researching Forensic Best Practices and Creating Procedures

4

6

Topics: Incident Response and Windows Forensics

  • Readings:
    • Chapter 7, "Email Forensics"
    • Chapter 8, “Windows Forensics”
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 4 Assignments
    • Adding Forensics to Incident Response
    • Windows Forensics
  • Submit Week 4 Labs
    • Conducting an Incident Response Investigation
    • Conducting Forensic Investigations on Windows Systems

5

7

Topics: Linux and Mac OS Forensics

  • Readings:
    • Chapter 9, “Linux Forensics”
    • Chapter 10, "Mac OS Forensics"
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 5 Assignments
    • Mac OS Forensics
    • Linux Forensics
  • Submit Week 5 Lab
    • Conducting Forensic Investigations on Linux System
  • Submit Week 5 Project Part 3
    • Obtaining Evidence from an ISP

6

7

Topics: Email Forensics and Mobile Forensics

  • Readings:
    • Chapter 11, "Email Forensics"
    • Chapter 12, “Mobile Forensics”
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 6 Assignments
    • How Email Works and the Protocols Involved
    • Mobile Forensics
  • Submit Week 6 Labs
    • Conducting Forensic Investigations on Email and Chat Log
    • Conducting Forensic Investigations on Mobile Devices
  • Submit Week 6 Project Part 4
    • Outlining Incident Response and Root Cause Analysis

7

8,9

Topic: Network Forensics

  • Readings:
    • Chapter 13, “Network Forensics”
  • Read assigned chapter
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 7 Assignment
    • Network Traffic Analysis Tool Evaluation
  • Submit Week 7 Lab
    • Conducting Forensic Investigations on Network Infrastructure

8

1-10

Topics: Memory Forensics and Future Trends , Course Review and Final Examination

  • Readings:
    • Chapter 14, “Memory Forensics”
    • Chapter 15, "Trends and Future Directions"
    • Review previous chapters in preparation for the Final Exam
  • Read assigned chapters
  • Review the Lecture material
  • Participate in the Discussions
  • Submit Week 8 Assignments
    • Malware Techniques and Digital Forensics
    • Compare Traditional Backup Methods with Cloud Backup Services
  • Submit Week 8 Lab
    • Conducting Forensic Investigations on System Memory
  • Complete the Final Exam
  • Participate in the Course Evaluation process

Final Exam
Chapters 1-15

01192023

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.