CST 244 Computer Forensics and Investigation Spring, 2010 Instructor: Guy Theriault Class Room: 221 Office: Rm 221 Class Hours: Mon thru Fri 8:00 to 10:50 Class Dates: Mar 8 to Apr 16 Office hours: Monday, Tuesday, Wednesday 12:00 to 12:50 Other times by appointment or chance Phone: 974-4865 E-mail address: gtheriault@emcc.edu Web page: http://sharepoint.emcc.edu/faculty/gtheriault/default.htm. This page will contain links to course information, including this syllabus, examples, notes captured from classroom presentations, and open lab assignments. Catalog Description: Students are introduced to the fundamentals of computer forensic technology. Emphasis will be placed on identifying the threats to, and vulnerabilities of, computer systems and how to minimize them. Students will learn how hackers identify victims, how attacks are executed, and various methods used to gain access to computer systems. (5 weeks. 5 lec, 10 lab) 3 credits Prerequisite: CST 211 or permission Course Objectives: The main goal of this course is to provide you with a comprehensive understanding of computer forensics and investigation tools and techniques. You will learn what computer forensics and investigation is as a profession and gain an understanding of the overall investigative process. All major personal computer operating system architectures and disk structures will be discussed. You will learn how to set up an investigator s office and laboratory, as well as what computer forensic hardware and software tools are available. You will also learn the importance of digital evidence controls and how to process crime and incident scenes. Finally, you will learn the details of data acquisition, computer forensic analysis, e-mail investigations, image file recovery, investigative report writing, and expert witness requirements. The course provides a range of laboratory and hands-on assignments that teach you about theory as well as the practical application of computer forensic investigation.
Textbook: Guide to Computer Forensics and Investigations, 4th Edition Bill Nelson Amelia Phillips Christopher Steuart ISBN-10: 1435498836 ISBN-13: 9781435498839 720 Pages Paperbound 2010 Published Additional Reference: Instructor handouts/extra material as defined in the course description will be provided. Also load utility and data software that came with the book. Hardware: You will need to provide your own PC and Networking tools. Software: Assignments for this class will be developed using the Microsoft Office, Windows 2000 and XP Professional. This software should be installed on your PC. Because of Eastern Maine Community College's, license agreement, you may check out an installation disks from the instructor but must uninstall and return disk at the end of class. Methods of instruction: Lecture and discussion during scheduled class times. You will also have hands-on labs and case assignments to be completed in open labs. Academic honesty: All work for this class (including exams and open labs) is to be done on an individual basis. The penalty for unauthorized collaboration will range from a grade of zero for an individual assignment to a failing grade for the course. Attendance: You are expected to attend class regularly. You are expected to take exams when scheduled unless some serious reason prevents this. In this case, you are to contact the instructor in advance. If you must miss an exam for a legitimate reason and you give advance notification, then you will be eligible for a make-up exam; Lab Server: The Lab Server contains class notes, PowerPoint slides, class announcements, the course syllabus, and other information for the course. Answers to the end of chapter review questions, student assignment files, and hands-on projects also can be obtained from the Server. E-Mail: All students are requested to obtain an e-mail account. If you have any questions about the course or need assistance, place contact me in person or by telephone during office hours; or by e-mail at any time. Also, you may submit the end of chapter case project assignments in class on the due date or by e-mail with a date stamp of 5:00 P.M. on the due date. E-mail submissions should be as an attachment in Microsoft Word format. Grading policy: Your grade in this class will be based on 55% examination grades there will be five test/examinations counting 100 points each. 45% open lab/team assignments. The maximum grade that you can earn on a project will decrease by 25% if it is turned in late but within 24 hours of the time due, 50% if turned in 24-48 hours late, and 75% if turned in 48-72 hours late. After 72 hours, you can earn no credit by turning in the assignment. All labs will be graded for accuracy as well as function. Letter grades will be assigned strictly according to the following scale:
A average at least 90% B+ average at least 88% but under 90% B average at least 82% but under 88% B- average at least 80% but under 82% C+ average at least 78% but under 80% C average at least 72% but under 78% C- average at least 70% but under 72% D+ average at least 68% but under 70% D average at least 62% but under 68% D- average at least 60% but under 72% F average under 60% Tentative exam schedule: Friday, Mar 12 Friday, Mar 19 Friday, Mar 26 Spring Break, Mar 29 to Apr 2 Friday, Apr 9 Friday, Apr 16 CST 244 Course Outline (Spring 2010) (5 Weeks) Note: The choice of which hands-on projects, research paper and case projects to assign for each chapter is left to the instructor. Also this outline is tentative and can change at the discretion of the instructor. Week Topics Chapter Readings Test 1 Computer Forensics and Investigations as a Profession Understanding Computer Investigations Chapter 1 Chapter 2 The Investigator's Office and Laboratory Chapter 3 1 Test # 1 Mar 12 2 Data Acquisition Processing Crime and Incident Scenes Chapter 4 Chapter 5
2 Working with Windows and DOS Systems Chapter 6 Test # 2 Mar 19 3 Current Computer Forensics Tools Chapter 7 3 Macintosh and Linux Boot Processes and Disk Structures Computer Forensics Analysis and Validation Chapter 8 Chapter 9 Test # 3 Mar 26 4 Recovering Graphics Files Chapter 10 Network Forensics Chapter 11 4 Chapter 12 E-Mail Investigations 5 Cell Phone and Mobile Devices Chapter 13 Test # 4 Apr 9 Report Writing for High-Tech Investigations Chapter 14 Test # 5 5 Expert Testimony in High-Tech Investigations Chapter 15 Apr 16 Ethics for the Expert Witness Chapter 16 Class Room Policies In order to make our class a comfortable and encouraging learning environment for everyone, everyone is expected to abide by the following policies. General Please treat other students, the instructor, and guests with courtesy and respect. Please do your best to be on-time for class. If you are late, enter quietly and find out what you missed from another student. Please listen when others are speaking. A student who misses 3 classes may be dropped from the course. Bigotry and prejudices of any kind will not be tolerated. Any unprofessional conduct will not be tolerated. Computers, Cell Phones, Pagers, PDAs, Laptops, etc. Cell Phones, Pagers, PDAs, and similar devices may not be used during class. We want to focus on the course curriculum and not have other distractions. o For the courtesy of others, put all pagers and cell phones on silent mode or turn them off. o If you need to take a call, answer the call outside of the classroom.
o o o No PDAs, or similar devices may be used during class unless approved by the instructor. No email, text messaging or instant messaging allowed during class, except during breaks. Exceptions: Students will use their personal computers/laptops for classroom networking projects and test taking. Student will not be using personal computers, unless assigned by instructor for research/networking purposes, for any other reason (i.e. surfing the web, email, chatting, etc.). Computers The computers in the classroom are for instructional purposes used by several classes. o Do not install any software on the server computers in the classroom or the lab, unless it is part of a lab exercise. o Do not copy any software from any of the server computers in the classroom or the lab, unless it is part of a lab exercise. o Do not change the desktop or any of the default server configurations of the computer unless it is part of a lab exercise. Any misuse of the server and networking equipment will not be tolerated. Other Exceptions During class, some students may need to be in contact with work or conducting tasks not associated with the class. This may include using a personal laptop or a classroom computer. If this is your situation, please discuss this with the instructor prior to class. If you receive permission from the instructor, please sit where you will not distract the students sitting near you. Eastern Maine Community College is an Equal Opportunity/Affirmative Action institution and employer. http://www.emcc.edu/aboutus/pages/nondiscrimination.aspx