CYBER FORENSICS (W/LAB) Course Syllabus



Similar documents
COWLEY COLLEGE & Area Vocational Technical School

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

CTC 328: Computer Forensics

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

NETWORK SECURITY (W/LAB) Course Syllabus

CST 244 Computer Forensics and Investigation Spring, 2010

INTERMEDIATE ANDROID DEVELOPMENT Course Syllabus

COS/PSA 412 Computer Forensics and Investigations

EC-Council Ethical Hacking and Countermeasures

Computer Forensics (3 credit hours)

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

OUR LADY OF THE LAKE UNIVERSITY SCHOOL OF BUSINESS AND LEADERSHIP CISS 3342 SYLLABUS

Course Syllabus - IST 454 Computer and Cyber Forensics General Course Information

Monfort College of Business Semester Course Syllabus ( )

Oklahoma State University Institute of Technology Online Common Syllabus Semester and Year

COMPUTER FORENSICS (EFFECTIVE ) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE CATE STUDENT REPORTING PROCEDURES MANUAL)

CORE MEDICAL TERMINOLOGY Course Syllabus

Computer Hacking Forensic Investigator v8

LONG TERM CARE ASSISTANT Course Syllabus

Days at Location: TUWTH

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Information Technology Cluster

CCE Certification Competencies

information security and its Describe what drives the need for information security.

COURSE OUTLINE TEMPLATE (Computer Forensics CFR 712S)

Union County College Faculty Curriculum Committee. New Course Proposal Form

Principles of Information Assurance Syllabus

Managing and Maintaining a Microsoft Windows Server 2003 Environment

APPLICATION FOR BOARD APPROVAL. of Locally Developed Course. MCP CERTIFICATION 11/12a/12b/12c

Technology Department Computer Forensics CMP 250-D01 Syllabus: Spring 2015

Security and Computer Forensics ITP 477 (4 Units)

CDFE Certified Digital Forensics Examiner (CFED Replacement)

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

Hands-On How-To Computer Forensics Training

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

EMR EMERGENCY MEDICAL RESPONDER Course Syllabus

Of the programs offered by IACIS, the Basic Computer Forensic Examiner (BCFE) Training Program is at the forefront.

RE: School of Computer Forensic Investigation, Class 7, Eastern Michigan University

GREAT PLAINS TECHNOLOGY CENTER COURSE OF STUDY. Adult Students: 1050 Hours

Developing Computer Forensics Solutions for Terabyte Investigations

Guide to Computer Forensics and Investigations, Second Edition

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

Scene of the Cybercrime Second Edition. Michael Cross

Page 1 of 5 Position Code #P Forensic Identification - Technological Crimes Unit ASSOCIATION: Civilian LOCATION: Headquarters

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

Tuskegee University Department of Computer Science Course No: CSCI 390 (Computer Forensics) Fall MWF 1:00-2:300, BRIM 301

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

PREREQUISITE(S): CTS 1131, CTS 1133 and CTS 1120

Chapter 3: The Investigator s Office and Laboratory

How To Get A Computer Hacking Program


Digital Forensics Tutorials Acquiring an Image with FTK Imager

ISO COMPLIANCE WITH OBSERVEIT

Planning and Administering Windows Server 2008 Servers

Advanced Digital Forensics ITP 475 (4 Units)

Cyber Incident Forensic Response (CIFR) 2015

ANNE ARUNDEL COMMUNITY COLLEGE ARNOLD, MARYLAND COURSE OUTLINE CATALOG DESCRIPTION

Certified Digital Forensics Examiner

Computer Forensic Tools. Stefan Hager

College Credit Opportunities. for. Tulsa Tech s Cyber Security/Forensics

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

EUROPEAN UNIVERSITY OF LEFKE MANAGEMENT INFORMATION SYSTEMS DEPARTMENT COURSE DESCRIPTION

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Computer and Information Science

MS Design, Optimize and Maintain Database for Microsoft SQL Server 2008

Fundamentals of a Windows Server Infrastructure Course 10967A; 5 Days, Instructor-led

ELEN 115 Computer Components and Peripherals

2 Weeks 1 Week 5 Weeks : Microsoft Exchange Server 2010 Administration 4 Weeks Enterprise Smartphone Administration

Overview of Computer Forensics

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

IT Clinical Internship

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services

HIPAA Security Matrix

Maintaining a Microsoft Windows Server 2003 Environment

High School Curricular Requirements for Admission to Oklahoma Colleges and Oklahoma s Promise (Oklahoma Higher Learning Access Program)

Information Systems and Tech (IST)

Enterprise Backup Overview Protecting Your Most Important Asset

Microsoft MTA Qualifications. CompTIA Qualifications. Course Title: SUPPORT SPECIALIST (ITSS) Includes Work Experience of 16 weeks with IT company

Syllabus -- CIS Computer Maintenance / A+ Certification

BRAZOSPORT COLLEGE LAKE JACKSON, TEXAS SYLLABUS ITNW 2405: NETWORK ADMINISTRATION COMPUTER TECHNOLOGY & OFFICE ADMINISTRATION DEPARTMENT

Track 2: Introductory Track PREREQUISITE: BASIC COMPUTER EXPERIENCE

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Guide to Computer Forensics and Investigations, Second Edition

RARITAN VALLEY COMMUNITY COLLEGE COURSE OUTLINE. CISY-274 Privacy, Ethics & Computer Forensics

Minnesota State Community and Technical College Detroit Lakes Campus

Configuring, Managing, and Maintaining Server 2008 R2

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

InfoSec Academy Forensics Track

Chapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014

Robotics Core School 1

Course Outline. ttttttt

Computer Forensics introduction part A

DIGITAL FORENSICS SPECIALIZATION IN BACHELOR OF SCIENCE IN COMPUTING SCIENCE PROGRAM

Table of Contents. Introduction. Audience. At Course Completion

Incident Response and Computer Forensics

GFSU Certified Cyber Crime Investigator GFSU-CCCI. Training Partner. Important dates for all batches

Transcription:

6111 E. Skelly Drive P. O. Box 477200 Tulsa, OK 74147-7200 CYBER FORENSICS (W/LAB) Course Syllabus Course Number: CSFS-0020 OHLAP Credit: Yes OCAS Code: 8134 Course Length: 130 Hours Career Cluster: Information Technology Career Pathway: Network Systems Career Major(s): Cyber Security Forensics Specialist Pre-requisite(s): Course Description: Secure Electronic Commerce Students will learn procedures on tracking, and patching security holes after an incident has occurred. This will include seizure of equipment, analysis of confiscated materials, and follow up procedures relating to the incident. Textbooks: Guide to Computer Forensics and Investigations 3 rd Edition; Nelson, Phillips, Enfinger, and Steuart; Course Technology Course 1. Computer Forensics and Investigations as a Profession: This topic introduces you to computer forensics and investigations and discusses some of its problems and concerns. a. Define digital forensics. b. Describe how to prepare for digital evidence investigations and explain the differences between law enforcement agency and corporate investigations. c. Explain the importance of maintaining professional conduct. 2. Understanding Computer Investigations: This topic explains how to manage a computing investigation. You will learn about the problems and challenges that examiners face when preparing and processing investigation, including the ideas and questions they must consider. a. Explain how to prepare a computer investigation. b. Apply a systematic approach to an investigation. c. Describe procedures for corporate high-tech investigations. d. Explain requirements for data recovery workstations and software. e. Describe how to conduct an investigation. f. Explain how to complete and critique a case. 3. The Investigator s Office and Laboratory: This topic details what you need to set up an effective computing-forensics laboratory, which is where you examine most of the evidence data that you acquire for an investigation. a. Describe certification requirements for computer forensics labs. b. List physical requirements for a computer forensics lab. c. Explain the criteria for selecting a basic forensic workstation. d. Describe components used to build a business case for developing a forensics lab. Revised: 01/14/15 Page 1 of 7

4. Data Acquisition: In this topic, you will learn how to acquire digital evidence from electronic media. a. List digital evidence storage formats. b. Explain ways to determine the best acquisition method. c. Describe contingency planning for data acquisitions. d. Explain how to use acquisition tools. e. Describe how to validate data acquisitions. f. Describe RAID acquisition methods. g. Explain how to use remote network acquisition tools. h. List other forensics tools available for data acquisitions. 5. Processing Crime and Incident Scenes: This topic describes the differences between the needs and concerns of a business and a law enforcement organization, and then discusses incident-scene processing for both the corporate investigator and the law enforcement investigator. a. Explain the rules for digital evidence. b. Describe how to collect evidence at private-sector incident scenes. c. Explain guidelines for processing law enforcement crime scenes. d. List the steps in preparing for an evidence search. e. Describe how to secure a computer incident or crime scene. f. Explain guidelines for seizing digital evidence at the scene. g. List procedures for storing digital evidence. h. Explain how to obtain a digital hash. i. Review a case to identify requirements and plan your investigation. 6. Working with Windows and DOS Systems: This topic reviews how data is stored and managed on Microsoft operating systems. In this chapter, you examine the tasks each operating system performs when it starts so you can avoid altering evidence when you examine data on a disk. a. Explain the purpose and structure of file systems. b. Describe Microsoft file structures. c. Explain the structure of NTFS disks. d. List some options for decrypting drives encrypted with whole disk encryption. e. Explain how the Windows Registry works. f. Describe Microsoft startup tasks. g. Describe MS-DOS startup tasks. h. Explain the purpose of a virtual machine. 7. Current Computer Forensics Tools: This topic explores the software and hardware tools you use during computing investigations and forensic analysis. a. Explain how to evaluate needs for computer forensics tools. b. Describe available computer forensics software tools. c. List some considerations for computer forensics hardware tools. d. Describe methods for validating and testing computer forensics tools. 8. Macintosh and Linux Boot Processes and File Systems: In addition to Linux and Macintosh operating systems, this topic discusses media and hardware such as CDs, Integrated Device Electronics (IDE) hard drives, small computer system interface (SCSI) hard drives, SATA drives, and the redundant array of independent disks (RAID) configuration. a. Explain Macintosh file structures and the boot process. b. Explain UNIX and Linux disk structures and boot processes. c. Describe other disk structures. Revised: 01/14/15 Page 2 of 7

9. Computer Forensic Analysis and Validation: This topic explains how to apply your computer forensics skills and techniques to a computing investigation, including what data to collect and analyze. Validation with hex editors and forensics software is explained. a. Determine what data to analyze in a computer forensics investigation. b. Explain tools used to validate data. c. Explain common data-hiding techniques. d. Describe methods of performing a remote acquisition. 10. Recovering Graphics Files: This topic begins with brief introductions to computer graphics and data compressions, and then explains how to locate and recover image files based on information stored in image file headers. a. Describe types of graphics file formats. b. Explain types of data compression. c. Explain how to locate and recover graphics files. d. Describe how to identify unknown file formats. e. Explain copyright issues with graphics. 11. Network Forensics: This topic covers tools and methods for conducting network investigations, performing live acquisitions, and reviewing network logs for evidence. It also examines using UNIX/Linux tools and the Honeynet Project s resources. a. Describe the importance of network forensics. b. Explain standard procedures for performing a live acquisition. c. Explain standard procedures for network forensics. d. Describe the use of network tools. e. Describe the goals of the Honeynet Project. 12. E-mail Investigations: This topic explains how e-mail works to send and retrieve messages via the Internet. It also reviews some specialized forensics tools. a. Explain the role of e-mail in investigations. b. Describe client and server roles in e-mail. c. Describe tasks in investigating e-mail crimes and violations. d. Explain the use of e-mail server logs. e. Describe some available e-mail computer forensics tools. 13. Cell Phone and Mobile Device Forensics: This topic covers investigation techniques and acquisition procedures for recovering data from cell phones and mobile devices. a. Explain the basic concepts of mobile device forensics. b. Describe procedures for acquiring data from cell phones and mobile devices. 14. Report Writing for High-Tech Investigations: This topic discusses the importance of report writing in examinations and offers guidelines on report content, structure, and presentation. Generating reports with forensics software tools is explored. a. Explain the importance of reports. b. Describe guidelines for writing reports. c. Explain how to use forensics tools to generate reports. 15. Expert Testimony in High-Tech Investigations: This topic explains how to become an expert witness and how to avoid problems when giving testimony. a. Explain guidelines for giving testimony as a technical/scientific or expert witness. b. Describe guidelines for testifying in court. c. Explain guidelines for testifying in dispositions and hearings. d. Describe procedures for preparing forensics evidence for testimony. Revised: 01/14/15 Page 3 of 7

16. Ethics for the Expert Witness: This topic provides guidance in the principles and practice of ethics for computer forensics investigators and examines other codes of ethics. a. Explain how ethics and codes apply to expert witnesses. b. Explain how other organizations codes of ethics apply to expert testimony. c. Describe ethical difficulties in expert testimony. 17. Scenario-based Projects: This topic provides the student with practical application of the knowledge and skills covered in the previous topics and courses. a. Complete a scenario-based project based on a corporate incident. b. Complete a scenario-based project based on a data recovery incident. c. Complete a scenario-based project based on a law enforcement incident. ODCTE Objectives TTC Additional Objectives for CF A. Computer Forensics and Investigations as a Profession 1. Define computer forensics 2. Describe how to prepare for computer investigations and explain the difference between law enforcement agency and corporate investigations 3. Explain the importance of maintaining professional conduct B. Understanding Computer Investigations 1. Explain how to prepare a computer investigation 2. Describe procedures for corporate high-tech investigations 3. Describe how to conduct an investigation 4. Apply a systematic approach to an investigation 5. Explain requirements for data recovery workstations and software 6. Explain how to complete and critique a case C. The Investigator's Office and Laboratory 1. Describe certification requirements for computer forensics labs 2. List physical requirements for a computer forensics lab 3. Explain the criteria for selecting a basic forensic workstation 4. Describe components used to build a business case for developing a forensics lab D. Data Acquisition 1. List digital evidence storage formats 2. Explain ways to determine the best acquisition method 3. Describe contingency planning for data acquisitions 4. Explain how to use acquisition tools 5. Explain how to validate data acquisitions 6. Describe RAID acquisition methods 7. Explain how to use remote network acquisition tools 8. List other forensic tools available for data acquisitions E. Processing Crime and Incident Scenes 1. Explain the rules for digital evidence 2. Describe how to collect evidence at private-sector incident scenes 3. Explain guidelines for processing law enforcement crime scenes 4. List the steps in preparing for an evidence search Revised: 01/14/15 Page 4 of 7

5. Describe how to secure a computer incident or crime scene 6. Explain guidelines for seizing digital evidence at the scene 7. List procedures for storing digital evidence 8. Explain how to obtain a digital hash 9. Review a case to identify requirements and plan your investigation F. Working with Windows and DOS Systems 1. Explain the purpose and structure of file systems 2. Describe Microsoft file structures 3. Explain the structure of New Technology File System (NTFS) disks 4. List some options for decrypting drives encrypted with whole disk encryption 5. Explain how the Windows Registry works 6. Describe Microsoft startup tasks 7. Describe MS-DOS startup tasks 8. Explain the purpose of a virtual machine G. Current Computer Forensics Tools 1. Explain how to evaluate needs for computer forensics tools 2. Describe available computer forensics software tools 3. List some considerations for computer forensics hardware tools 4. Describe methods for validating and testing computer forensics tools H. Macintosh and Linux Boot Processes and File Systems 1. Explain Macintosh file structures and the boot process 2. Explain UNIX and Linux disk structures and boot processes 3. Describe other disk structures I. Computer Forensic Analysis and Validation 1. Determine what data to analyze in a computer forensics investigation 2. Explain tools used to validate data 3. Explain common data-hiding techniques 4. Describe methods of performing a remote acquisition J. Recovering Graphics Files 1. Describe types of graphics file formats 2. Explain types of data compression 3. Explain how to locate and recover graphics files 4. Describe how to identify unknown file formats 5. Explain copyright issues with graphics K. Network Forensics 1. Describe the importance of network forensics 2. Explain standard procedures for performing a live acquisition 3. Explain standard procedures for network forensics 4. Describe the use of network tools 5. Describe the goals of the Honeynet Project L. E-mail Investigations 1. Explain the role of e-mail in investigations 2. Describe client and server roles in e-mail 3. Describe tasks in investigating e-mail crimes and violations 4. Explain the use of e-mail server logs 5. Describe some available e-mail computer forensics tools Revised: 01/14/15 Page 5 of 7

M. Cell Phone and Mobile Device Forensics 1. Explain the basic concepts of mobile device forensics 2. Describe procedures for acquiring data from cell phones and mobile devices N. Report Writing for High-Tech Investigations 1. Explain the importance of reports 2. Describe guidelines for writing reports 3. Explain how to use forensics tools to generate reports O. Expert Testimony in High-Tech Investigations 1. Explain guidelines for giving testimony as a technical/scientific or expert witness 2. Describe guidelines for testifying in court 3. Explain guidelines for testifying in depositions and hearings 4. Describe procedures for preparing forensics evidence for testimony P. Ethics for the Expert Witness 1. Explain how ethics and codes apply to expert witnesses 2. Explain how other organizations codes of ethics apply to expert testimony 3. Describe ethical difficulties in expert testimony Q. Scenario-based Project 1. Systems Security 2. Explain the security risks pertaining to system hardware and peripherals. 3. Implement security applications. 4. Access Control 5. Identify and apply industry best practices for access control methods. 6. Compare and implement logical access control methods. 7. Assessments & Audits 8. Organizational Security 9. Differentiate between and execute appropriate incident response procedures. 10. Identify and explain applicable legislation and organizational policies. Teaching Methods: The class will primarily be taught by the lecture and demonstration method and supported by various media materials to address various learning styles. There will be question and answer sessions over material covered in lecture and media presentations. Supervised lab time is provided for students to complete required projects. Grading Procedures: 1. Students are graded on theory and shop practice and performance. 2. Each course must be passed with seventy (70%)percent or better. 3. Grading scale: A=90-100%, B=80-89%, C=70-79%, D=60-69%, F=50-59%. Description of Classroom, Laboratories, and Equipment: nology Center campuses are owned and operated by nology Center School District No. 18. All programs provide students the opportunity to work with professionally certified instructors in modern, well-equipped facilities. Revised: 01/14/15 Page 6 of 7

Available Certifications/ College Credit The student may be eligible to take state, national or industry exam after completion of the program. College credit may be issued from Oklahoma State University-Okmulgee, Rogers State University or Tulsa Community College. See program counselor for additional information. College Credit Eligibility: The student must maintain a grade point average of 2.0 or better. Revised: 01/14/15 Page 7 of 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information