COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)



Similar documents
Web Design and Development I a.k.a. Fundamentals of Web Design and Development

Information Technology Career Cluster Advanced Cybersecurity Course Number:

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

WEB PAGE DESIGN AND DEVELOPMENT 2 COURSE CODE: 5033 (COURSE NAME CHANGES TO ADVANCED WEB DESIGN AND DEVELOPMENT IN )

MSc Computer Security and Forensics. Examinations for / Semester 1

Computer Forensic Capabilities

CYBER FORENSICS (W/LAB) Course Syllabus

EC-Council Ethical Hacking and Countermeasures

EnCase 7 - Basic + Intermediate Topics

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Guide to Computer Forensics and Investigations, Second Edition

CCE Certification Competencies

Hands-On How-To Computer Forensics Training

information security and its Describe what drives the need for information security.

Chapter 7 Securing Information Systems

Incident Response and Computer Forensics

Information Technology Career Cluster Introduction to Digital Technology Course Number

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

Guide to Computer Forensics and Investigations, Second Edition

Computer and Information Science

PREREQUISITE(S): CTS 1131, CTS 1133 and CTS 1120

Technology (Information Technology) Benchmarks

Course Title: Computer Forensic Specialist: Data and Image Files

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

Guidelines on Digital Forensic Procedures for OLAF Staff

Overview of Computer Forensics

Digital Forensics. Larry Daniel

CDFE Certified Digital Forensics Examiner (CFED Replacement)

Computer Hacking Forensic Investigator v8

Ans.: You can find your activation key for a Recover My Files by logging on to your account.

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

Introduction to Computer Forensics ITP 499 (3 Units)

CTC 328: Computer Forensics

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT

EnCase v7 Essential Training. Sherif Eldeeb

Digital Forensics, ediscovery and Electronic Evidence

SSD Guru. Installation and User Guide. Software Version 1.4

Ten Deadly Sins of Computer Forensics

Discovery of Electronically Stored Information ECBA conference Tallinn October 2012

Montgomery College Course Designator/Course Number: CS 110 Course Title: Computer Literacy

It provides the performance indicators to evaluate the level of knowledge and competence of teacher to apply ICT in the educational setting.

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

HIPAA Security Training Manual

Subject Area: Business Technology Education Course: Introduction to Information Technology Computer Service and Repair 2005

Computer Forensics. Securing and Analysing Digital Information

Information Technology Security Policies

Impact of Digital Forensics Training on Computer Incident Response Techniques

Computer Science 1301 Computer Literacy. Student Learning Outcomes

Certified Digital Forensics Examiner

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

Excerpts from EnCase Introduction to Computer Forensics

Chapter 13 File and Database Systems

Chapter 13 File and Database Systems

Chapter 4. Operating Systems and File Management

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

The Internet and 2 Acceptable use 2 Unacceptable use 2 Downloads 3 Copyrights 3 Monitoring 3. Computer Viruses 3

Computer Forensics Discipline

INTERNET USE PROCEDURES Almira/Coulee Hartline Cooperative Network Acceptable Use Procedures

Chapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014

Regional Computer Forensic Laboratory & Digital Forensics. Presented By: D. Justin Price FBI - Philadelphia Computer Analysis Response Team

File System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Digital Evidence Search Kit

Network Security. Task 1 Security Measures

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Computer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic


Paraben s P2C 4.1. Release Notes

NORTH CAROLINA COMMUNITY COLLEGE SYSTEM H. Martin Lancaster, President

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/ Fax: 802/

Information Technology Career Cluster Introduction to Digital Technology Course Number

Anchor Bay Schools Software Policy

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Technical Procedure for Evidence Search

UNDELETE 7.0 USER GUIDE

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

How To Ensure Your School Is Safe Online

Incident Response and Forensics

Introduction to Computers & Information Technology

System Security Policy Management: Advanced Audit Tasks

Transcription:

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching students how to gather evidence and prevent cybercrime using computer, criminology, law, digital security, and investigative techniques. Students will learn to collect, preserve, present, and prepare computerbased evidence for the purposes of criminal law enforcement or civil litigation. Activities will define the central roles of the computer forensic practitioner involved in investigating computer crime scenes and torts involving computers. Students will be prepared to assist in the formulation and implementation of organizational computer forensics preparedness policies, to determine the necessity for forensic procedures, extend governance processes to allow for proper future forensic investigations, and be contributing members of computer forensics investigation teams. OBJECTIVE: Given the necessary equipment, supplies, and appropriate software, the student will be prepared to successfully complete the standards necessary for national credentials. INDUSTRY CERTIFICATIONS: Refer to the following Web link to obtain information for EnCE certification exams. http://www.guidancesoftware.com/computer-forensics-training-ence-certification.htm COURSE CREDIT: 1 or 2 Carnegie units RECOMMENDED GRADE LEVELS: 10 12 PREREQUISITE: None Must be teacher approved COMPUTERS REQUIRED: One computer per student RECOMMENDED SOFTWARE RESOURCES: Access Data Ultimate Toolkit, Encase Guidance Software, ProDiscover Basics, X-Waves Forensic Software, and Paraben A. SAFETY AND ETHICS 1. Identify major causes of work-related accidents in offices. 2. Describe the threats to a computer network, methods of avoiding attacks, and options in dealing with virus attacks. 3. Identify potential abuse and unethical uses of computers and networks. November 2011 1

4. Explain the consequences of illegal, social, and unethical uses of information technologies (e.g., piracy; illegal downloading; licensing infringement; inappropriate uses of software, hardware, and mobile devices). 5. Differentiate between freeware, shareware, and public domain software copyrights. 6. Discuss computer crimes, terms of use, and legal issues such as copyright laws, fair use laws, and ethics pertaining to scanned and downloaded clip art images, photographs, documents, video, recorded sounds and music, trademarks, and other elements for use in Web publications. 7. Identify netiquette including the use of e-mail, social networking, blogs, texting, and chatting. 8. Describe ethical and legal practices in business professions such as safeguarding the confidentiality of business-related information. 9. Discuss the importance of cyber safety and the impact of cyber bullying. B. EMPLOYABILITY SKILLS 1. Identify positive work practices (e.g., appropriate dress code for the workplace, personal grooming, punctuality, time management, organization). 2. Demonstrate positive interpersonal skills (e.g., communication, respect, teamwork). C. STUDENT ORGANIZATIONS 1. Explain how related student organizations are integral parts of career and technology education courses. 2. Explain the goals and objectives of related student organizations. 3. List opportunities available to students through participation in related student organization conferences/competitions, community service, philanthropy, and other activities. 4. Explain how participation in career and technology education student organizations can promote lifelong responsibility for community service and professional development. D. INTRODUCTION TO COMPUTER FORENSICS 1. Define forensics and computer forensics. 2. List the public the public and private sector organizations that employ computer forensics examiners. 3. List the areas of expertise required of a computer forensics examiner. E. COMPUTER INVESTIGATION 1. Explain the purpose of an investigation computer. 2. Create and rename folders. November 2011 2

3. Assign clear, understandable names to folders and files. 4. Organize work folders. 5. Identify the common application programs required on an investigation computer. 6. Adjust Windows Explorer options. F. MEMORY STORAGE MEDIA 1. Explain the differences between magnetic, optical, and transistor memory storage media. 2. Describe the types of magnetic memory storage media used in computers. 3. Explain how to properly handle magnetic memory storage media. 4. Describe the reason to use and how to set up an anti-static work area. 5. Identify different types of floppy diskettes and floppy disk drives. 6. Distinguish between various types of hard drives. 7. List the types of optical memory storage media used in computers. 8. List the types of transistor memory storage media used in computers. G. NUMBERING SYSTEMS 1. Understand the decimal numbering system. 2. Describe the binary numbering system. 3. Describe the binary coded decimal (BCD) numbering system. 4. Describe the hexadecimal numbering system. 5. Explain data size. 6. Understand endianness, big-endian, little-endian, and middle endian. H. ASCII AND UNICODE CHARACTERS 1. Understand ASCII encoding. 2. Explain Unicode encoding. 3. Differentiate between UTF-8 and UTF-16 encoding. 4. Recognize ASCII, UTF-8, and UTF-16 data. 5. Discuss the functions of a file archive program. 6. Describe why and when a hex editor should be used. 7. Explain how to use the Windows Character Map. I. EXTERNAL HARDWARE INTERFACES 1. List the different types of external hardware interfaces. 2. Explain the USB standards. 3. Describe the FireWire standards. 4. Identify parallel ports and cable connectors. 5. Distinguish a SATA port from an esata port. 6. Recognize an infrared port. November 2011 3

J. HARD DISK DRIVES 1. List hard disk drive specifications. 2. Describe the electro-mechanical components in a hard drive. 3. Identify the different types of hard drive interfaces. 4. Explain how a hard drive operates. 5. Understand the purpose of a hard drive jumper. 6. List the various encoding schemes used in hard drives. K. MULTIPLE DISK ARRAYS 1. Discuss the need for a fault tolerant system. 2. List the two types of multiple disk arrays. 3. Explain the purpose of a RAID system. 4. Describe the disadvantage of online storage services. L. FORMATTING HARD DRIVES 1. Explain the purpose of Windows Disk Management. 2. List the steps to format a hard drive. 3. Describe how to create a hard drive partition. M. WINDOWS FILE SYSTEMS 1. Identify the FAT filing systems. 2. Describe NTFS. 3. Describe the functions of basic DOS commands. N. FORENSIC BRIDGES 1. Explain the need for memory storage media/computer bridges. 2. Describe a forensic bridge. 3. Compare the read only and read/write modes of a forensic bridge. O. SEARCH WARRANTS & SEIZURES 1. Describe the purpose of search and seizure laws. 2. Explain the basics of computer search warrants. 3. Describe a voluntary consent to search. 4. Identify the steps to prepare for a computer search. 5. List the first responder guidelines. November 2011 4

P. EVIDENCE CONTROL 1. Explain the procedure to identify digital evidence. 2. Describe how to use evidence bags. 3. List the items that must be sealed on a seized computer. 4. Describe the procedure to maintain a valid chain of custody. Q. DATA IMAGE ACQUISITION 1. Explain the difference between standard and forensic disk duplicators. 2. List the functions of the Tableau TD1 Forensic Duplicator. 3. Discuss the types of disk duplication. Identify the common application programs required on an investigation computer. 4. Adjust Windows Explorer options. 5. Describe the disk information stored on a hard drive. 6. Explain the disk-to-disk image acquisition process. 7. List the information contained in a data acquisition log. 8. Discuss how to use a forensic bridge to copy an image form an image drive to an investigation computer. R. DISK WIPING 1. List the methods available to erase data. 2. Describe the effectiveness of each data erasure method. 3. Explain how disk wiping works. S. SOFTWARE WRITE-BLOCKING 1. Describe the need for write-blocking protection. 2. Explain how to make a backup copy of the Windows Registry. 3. Explain how to modify the Windows Registry for USB write-blocking. 4. Describe how to automate USB write-blocking using the Registry. 5. List the types of write-blocking. 6. Distinguish the differences between the types of write-blocking. T. HARDWARE WRITE-BLOCKING 1. Describe the need for hardware write-blocking protection. 2. Compare the terms write-blocker and forensic bridge. 3. Explain how to use a forensic USB bridge. November 2011 5

U. FORENSIC SOFTWARE 1. Explain how to change settings in software programs. 2. Describe the basics of computer forensic investigation software. 3. List the features of the ProDiscover Basic program. V. DIGITAL EVIDENCE ANALYSIS 1. Explain the process of viewing files contained in an image. 2. Discuss the criteria for recovering a deleted file. 3. List the types of file information searches. 4. Describe how to determine the keywords to use when searching for data. 5. Explain how to save a recovered file. 6. Discuss the importance of evidence analysis reports. W. FILE RECOVERY AND DOCUMENTATION 1. List the steps used to create an evidence case project in forensic software. 2. Describe how to add project images. 3. Explain the cluster view and content view. 4. Discuss how to identify files for which to search. 5. Summarize the file recovery process. 6. Explain how to document a recovered file. 7. Describe how to scan a file for viruses. 8. Explain how to view an evidence file in the appropriate application program. X. FORENSIC WORKSTATIONS 1. List the hardware in a typical forensic workstation. 2. List the forensic software on a typical forensic workstation. 3. Explain the major functions of a forensic workstation. 4. Contrast a standard bay and hot-swappable bay. 5. Describe how to switch between operating systems on a forensic workstation. Y. FORENSIC SOFTWARE 1. Explain the basic functions of forensic software. 2. List the four basic phases of working a case. 3. Describe how to start a new case. 4. Discuss the purpose of previewing a device. 5. List the steps needed to acquire an image. 6. List the variations that must be taken into account before searching for a person s name. November 2011 6

7. Describe the forensic search process. 8. Explain how to produce a report. Z. GRAPHIC FILES 1. List the types of graphic software. 2. Contrast the different types of graphic files. 3. Explain the difference between bitmap and raster graphic images. 4. Discuss the advantages and disadvantages of bitmap and vector graphic images. 5. Explain Metafile graphic files. 6. List the types of digital camera graphic files. 7. Describe how to view and identify graphic file information. 8. Explain Magic Numbers. 9. Describe the principles of file compression. 10. List the principles of PNG file chunks and their contents. 11. Describe the contents of metadata. 12. Differentiate the types of JPEG file markers. AA. GRAPHIC FILE RECOVERY 1. Discuss the challenges when generating a graphic files of interest port. 2. Differentiate the types of file carving. 3. Summarize how to perform Header/Maximum File Size Carving. 4. Explain the process to recover clusters. 5. Describe how to clean up recovered clusters. 6. Summarize how to recover a fragmented file. 7. Explain how to select and recover a file with noncontiguous clusters. BB. COMPRESSED DATA RECOVERY 1. Differentiate archive and compressed files. 2. List compression methods. 3. Explain how to identify an archive or compressed file. 4. List popular archive and compression file formats. 5. List popular archive and compression file programs. 6. Explain how to use the Windows Zip Utility. 7. List the Magic Numbers for popular formats. 8. Describe how to extract a file. CC. PASSWORD RECOVERY 1. Differentiate passwords and encryption. 2. Explain plaintext. November 2011 7

3. Describe the difference between password protected files and password protected operating systems. 4. Characterize various purposes of password recovery software. 5. Discuss the types of hacking. 6. List the most popular password recovery software. 7. Describe the limitations of password recovery software. 8. Recognize weak and strong passwords. 9. Summarize the types of password attack methods. DD. WEB ACTIVITY RECOVERY 1. List the most common Web browsers. 2. Describe how to recover Internet Explorer Web activity. 3. Explain how to obtain a user s Web activity timeline. 4. Describe where FireFox stores a Web browser s activity. EE. E-MAIL RECOVERY 1. Differentiate the Web-based and computer-based e-mail clients. 2. Explain how an e-mail server functions. 3. List the different mail server transmission methods. 4. Describe the methods used to recover e-mails. 5. List the popular e-mail clients. 6. Explain how to copy and e-mail message for use in a report. 7. Describe the procedure to view an e-mail header. 8. Discuss the events that prompted the Sarbanes-Oxley Act. 9. Explain the importance of an Exchange Server Message Tracking Log. 10. Describe the procedure to recover e-mail messages. 11. Explain how to recover an e-mail attachment. November 2011 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information