CST212 Computer Forensics I

CST212 Computer Forensics I
Course Information

Computer Studies
Broome Community College
Red Line

Note: This page contains a summary of the online version of this course.

Instructor

Professor James L. Antonakos
Computer Studies Department
Broome Community College
(607) 778-5122

Catalog Description

This first course in computer forensics introduces the student to the nature of real-world security incidents and forensic examples. The student is introduced to the Incident Response process, a multi-step approach to the detection, analysis, and recovery from a security incident. Critical skills including data collection and duplication, evidence handling, and writing a forensic report are explored. There are numerous real-world examples presented, as well as practical hands-on activities designed to show the student how to properly, and legally, handle digital and physical evidence.

This course draws upon information found in the following locations:

The textbook Incident Response and Computer Forensics, 2/e
Word documents, PDFs, executable code, and figures provided by the instructor.
Web sites specializing in certain aspects of security.

Textbook

Incident Response and Computer Forensics, 2/e
Kevin Mandia, Chris Prosise, and Matt Pepe.
ISBN 0-07-222696-X.
(c)2003 McGraw Hill / Osborne

Assignments

There will be weekly, or multi-week, assignments that will require you to read the posted information or selected pages from your book and then integrate the new information into a Glossary of Terms and an Incident Report journal, as well as perform an associated lab experiment. There will be several quizzes, exams during weeks 8 and 15, and you will write a forensic report on your analysis and examination of a batch of digital evicence.

Course Content

Week	Chapter	Topic	Evaluation
1	1	Real-World Incidents
2	2	The Incident Response Process, Part 1
3	2	The Incident Response Process, Part 2	Quiz #1 (covers weeks 1 and 2)
4	3	Preparing for Incident Response, Part 1
5	3	Preparing for Incident Response, Part 2
6	3	Preparing for Incident Response, Part 3	Quiz #2 (covers weeks 4 and 5)
7	4	After Detection of an Incident, Part 1
8	4	After Detection of an Incident, Part 2	Exam #1 (covers weeks 1 through 6)
9	5	Data Collection in Windows
10	6	Data Collection in Unix / Linux	Quiz #3 (covers weeks 7 and 9)
11	7	Forensic Duplication
12	8	Collecting Network-based Evidence
13	9	Evidence Handling	Quiz #4 (covers weeks 10 through 12)
14	17	Writing Computer Forensic Reports
15	-	The Forensic Report: Analyzing Digital Evidence	Exam #2 (covers weeks 7 and 9 through 14)

Student Learning Outcomes

At the conclusion of this course, the student will…

be able to describe different types of security incidents and the appropriate response for each.
be able to describe the various steps involved in incident response and recovery.
be able to explain the different ways of gathering digital evidence on Windows, Linux, and other operating systems.
understand how to duplicate digital evidence and handle the evidence in a safe and legal manner.
know what tools to use to gather digital evidence on a computer network.
be able to write a forensic report.

Last updated Feb 2007 by JLA