CSS 436: System Forensics, Investigation and Response

Course Description

This course will focus on examining the fundamentals of system forensics, i.e.: what forensics is, an overview of computer crime, and the types of laws that affect forensic investigations. A significant part of the course is devoted to examining the tools, techniques, and methods used to perform computer forensics and investigations. Students will learn how to collect, preserve, analyze, and document all types of digital evidence, from computers running various operating systems, mobile devices, e-mail, and more. (3 credits)


  • ENG 101: English Composition 1
  • ENG 102: English Composition 2
  • ITE 145: Fundamentals of Information Systems Security
  • ITE 220: Networking and Data Communcation (Recommended)

Student Learning Outcomes (SLOs)

Students who successfully complete this course will be able to:

  1. Summarize the basic principles of computer forensics.
  2. Summarize important laws regarding computer forensics.
  3. Describe various computer crimes and how they are investigated.
  4. Describe digital forensic methodology and labs.
  5. Outline the proper approach to collecting, seizing, and protecting evidence.
  6. Explain techniques for hiding and scrambling information as well as how data is recovered.
  7. Summarize various types of digital forensics.
  8. Explain how to perform a network analysis.
  9. Describe incident and intrusion response.
  10. Identify trends in and resources for digital forensics.

General Education Outcomes (GEOs)

Please check the applicable GEOs for this course, if any, by outcomes at GEO Category Search, or by subject area at GEO Discipline Search.

Course Activities and Grading





Written Assignments


Lab Assignments




Final Exam (Week 8)




Required Textbooks

Available through Charter Oak State College's online bookstore

  • Easttom, Chuck. System Forensics, Investigation, and Response - with Access. 3rd ed. Burlington, MA: Jones & Bartlett Learning, 2019. ISBN-13: 978-1-284-18634-5

Course Schedule



Readings and Exercises




Topics: Introduction to Forensics and Computer Crimes

  • Readings:
    • Chapter 1, “Introduction to Forensics”
    • Chapter 2, “Overview of Computer Crime”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 1 Assignments
    • Report Cybercrimes
    • Digital Forensic Firms
    • Denial of Service Tools
  • Submit Week 1 Lab
    • Apply the Daubert Standard on the Workstation Domain



Topics: Forensic Methods, Labs, and Future Trends

  • Readings:
    • Chapter 3, “Forensic Methods and Labs”
  • Read assigned chapters
  • Review the Lecture material
  • Submit Week 2 Assignments
    • Digital Forensic Software OR Equipment Proposal (choose one)
    • Digital Forensic Conferences
  • Submit Week 2 Lab
    • Documenting a Workstation Configuration Using Common Forensic Tools



Topics: Collecting, Seizing and Protecting Evidence

  • Readings:
    • Chapter 4, “Collecting, Seizing, and Protecting Evidence”
  • Read assigned chapter
  • Review the Lecture material
  • Submit Week 3 Assignments
    • Chain of Custody Roles and Requirements
    • Best Practices in Collecting Digital Evidence
  • Submit Week 3 Lab
    • Uncovering New Digital Evidence Using Bootable Forensic Utilities

  • Submit Project Part 1: Preparing for a Forensic Investigation



Topics: Understanding Techniques for Hiding and Scrambling Information, and Recovering Data

  • Readings:
    • Chapter 5, “Understanding Techniques for Hiding and Scrambling Information”
    • Chapter 6, “Recovering Data”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 4 Assignments
    • Steganography Detection Tools
    • Data Recovery Plan
  • Submit Week 4 Labs
    • Analyzing Images to Identify Suspicious or Modified Files

    • Create a Forensic System Case File for Analyzing Forensic Evidence



Topics: Email, Windows and Linux Forensics

  • Readings:
    • Chapter 7, "Email Forensics"
    • Chapter 8, “Windows Forensics”
    • Chapter 9, “Linux Forensics”
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 5 Assignments
    • The CAN-SPAM Act OR Email Presentation (choose one)

    • Tools for Monitoring Changes to Files and Memory
    • Windows Forensics
    • Linux Forensics
  • Submit Week 5 Lab
    • Automating E-mail Evidence Discovery Using P2 Commander

    • Recognizing the Use of Steganography in Image Files

  • Submit Project Part 2: Analyzing an Email Archive for an Electronic Discovery Investigation



Topics: Macintosh and Mobile Forensics

  • Readings:
    • Chapter 10, "Macintosh Forensics"
    • Chapter 11, "Mobile Forensics"
  • Read assigned chapters
  • Participate in the Discussions
  • Review the Lecture material
  • Submit Week 6 Assignments
    • Macintosh Forensics
    • Mobile Network
    • Mobile Forensics
  • Submit Week 6 Lab
    • Decode an FTP Protocol Session for Forensic Evidence

  • Submit Project Part 3: Analyzing Evidence from Mac OS X



Topic: Performing Network Analysis

  • Readings:
    • Chapter 12, “Performing Network Analysis”
  • Read assigned chapters
  • Review the Lecture material
  • Submit Week 7 Assignments
    • Appropriate Traffic Analysis Tools

    • Network Traffic Analysis Tool Evaluation
  • Submit Week 7 Labs
    • Identifying and Documenting Evidence from a Forensic Investigation



Topics: Course Review and Final Examination

  • Readings:
    • Chapter 13 “Incidents and Intrusion Response”

    • Chapter 14, “Trends and Future Directions”

    • Chapter 15, “System Forensics Resources”

    • Review previous chapters in preparation for the Final Exam
  • Participate in the Discussions
  • Submit Week 8 Assignments
    • Adding Forensics to Incident Response

    • Best Practices for Obtaining Evidence from an ISP OR The Cloud OR Digital Forensic Conferences

    • Network Security Breaches

  • Submit Week 8 Lab
    • Conducting an Incident Response Investigation for a Suspicious Login

  • Complete Final Exam

  • Complete Course Evaluation

Final Exam
Chapters 1-15

COSC Accessibility Statement

Charter Oak State College encourages students with disabilities, including non-visible disabilities such as chronic diseases, learning disabilities, head injury, attention deficit/hyperactive disorder, or psychiatric disabilities, to discuss appropriate accommodations with the Office of Accessibility Services at OAS@charteroak.edu.

COSC Policies, Course Policies, Academic Support Services and Resources

Students are responsible for knowing all Charter Oak State College (COSC) institutional policies, course-specific policies, procedures, and available academic support services and resources. Please see COSC Policies for COSC institutional policies, and see also specific policies related to this course. See COSC Resources for information regarding available academic support services and resources.