The instructor is available by email at vetterr@uncw.edu and by telephone (910-538-3523). Office hours are TR 10-11am and by appointment.
Digital Forensics, Investigation, and Response, Fourth Edition, by Chuck Easttom
PRINT
BUNDLE
Paperback + Labs
ISBN: 9781284244489
Price: $179.95
DIGITAL
BUNDLE
eBook + Labs
ISBN: 9781284244502
Price: $139.95 (recommended)
MIS 366 Digital Forensics. This course is an introduction to computer forensic concepts, with emphasis on computer forensic methods and best practices. Topics include computer system analysis, physical and logical storage methods for different types of media, tools to recover and analyze data from storage media, system security. Upon completion, students should be able to use diagnostic and investigative techniques to identify and retrieve data from various types of computer media. Prerequisite Courses: MIS 324 and MIS 352.
CYBR 354 Computer and Mobile Forensics. Introduction to the concepts in computer and forensics investigations. Recovery and analysis of digital evidence using industry best practices and standard commercial and open-source tools. Development of comprehensive investigative forensic reports. Coverage of the legal and ethical considerations of computer crime investigations. Prerequisite Courses: CSC 344 and CYBR 343.
Upon completion of this
course:
1. Students will explain and properly document the process of digital forensics analysis.
2. Students will describe the tradeoffs and differences between various forensic tools.
3. Students will describe the representation and organization of data and metadata within modern computer systems.
4. Students will explain and explore the inner workings of file systems.
5. Students will create disk images, recover deleted files and extract hidden information.
6. Students will conduct research in computer forensics. They will define research problems and develop effective solutions.
·
Labs
- 30% (see links in READINGS column below)
·
Two Exams - 40%
·
Research Project - 30%
You are expected to attend all lectures. Absence does not relieve you from meeting all course requirements. You are responsible for all assignments, labs, and exams. Keep up with the day-to-day reading requirements of the class.
All students are expected to attend and participate in person at the assigned day/time within the assigned class schedule. Some course content may be delivered online asynchronously.
Students who experience COVID-19 symptoms should immediately contact the Abrons Student Health Center at (910) 962-3280.
Students with diagnosed disabilities should contact the Disability Resource Center. If you require accommodation for test-taking, please make sure you have registered with the Disability Resource Center no fewer than three days before the test.
Students are responsible for submitting their own work. Students who cooperate on oral or written examinations or work without authorization share the responsibility for violation of academic principles, and the students are subject to disciplinary action even when one of the students is not enrolled in the course where the violation occurred.
Weekly Schedule:
|
DATES: |
TOPIC |
READINGS |
|
Week 1 (1/12) |
Introduction to Digital
Forensics |
Watch: Bruce Schneier:
The Security Mindset Cloud Labs from textbook -
Lab 1: Applying the Daubert Standard to Forensic Evidence |
|
Week 2 (1/17, 1/19) |
Overview of Computer Crime |
Review: UNCW ITS Policies |
|
Week 3 (1/24, 1/26) |
Forensic Methods and Labs |
Review: DoD Cyber Crime Center Review: NIST
Computer Forensics Tool Testing Program Lab 1 Due: 1/26/22 |
|
Week 4 (1/31, 2/2) |
Collecting, Seizing and
Protecting Evidence |
Watch Guest Lecture: Gary
Kessler Maritime Forensics Read: Cyber-physical
Forensics: Lessons Learned from the USS John S. McCain Collision |
|
Week 5 (2/7, 2/9) |
Understanding Techniques
for Hiding and Scrambling Information |
Watch: Conceal Secret Messages or
Data Through Steganography with Steghide Watch: The Scytale Cipher Watch: IEEE Computer: Alan Turing
at Bletchley Park Watch: The Universe is Hostile to
Computers Cloud Labs from textbook -
Lab 2: Recognizing the Use of Steganography in Forensic Evidence |
|
Week 6 (2/14, 2/16) |
Exam 1 (2/14) |
Lab 2 Due: 2/16/22 Watch Guest Lecture: Gib
Grose Open-Source Software Tools for Forensics Presentation Slides: DAFOSTest2022.ptx Links Mentioned: ·
https://www.kroll.com/en/insights/publications/cyber/kroll-artifact-parser-extractor-kape ·
https://ericzimmerman.github.io/#!index.md ·
https://www.digital-detective.net/dcode/ ·
https://digitalcorpora.org/archives/324 |
|
Week 7 (2/21, 2/23) |
Recovering Data |
Watch Guest Lecture: Matthew Wood - Digital Forensics Examiner Watch: Windows File System Explained Watch: Windows File System Structures - covers the various file systems on Windows Operating Systems covered by the CompTIA A+ exam. Cloud Labs from textbook - Lab 3: Recovering Deleted and Damaged Files |
|
Week 8 (2/28, 3/2) |
Incident Response |
Read: Incident Handlers Handbook
from SANS Institute Review: Disaster Recovery Plan / Business Continuity Plan Review: UNCW Continuity of
Operations Plan Lab 3 Due: 3/2 Cloud Labs from textbook -
Lab 4: Conducting an Incident Response Investigation |
|
Week 9 (3/7, 3/9) |
Spring Break |
|
|
Week 10 (3/14, 3/16) |
Windows Forensics |
See also, Windows Forensics
Tools link under Online Software Resources (links above). Lab 4 Due: 3/16/22 Cloud Labs from textbook -
Lab 5: Conducting Forensic Investigations on Windows Systems |
|
Week 11 (3/21, 3/23) |
Email Forensics |
Read: E-mail Spoofing Case
Suni
Munshani
v. Signal Lake Venture Fund Read: E-mail Forensics See the FAQs Section Review: Database of Blacklisted Spam
IP & Email Addresses Lab 5 Due: 3/23/22 Cloud Labs from textbook -
Lab 7: Conducting Forensic Investigations on Email and Chat Logs |
|
Week 12 (3/28, 3/30) |
Mobile Forensics |
March 28
Business Week No Class! March 30 Chapter
12 Lab 7 Due: 3/30/22 Cloud Labs from textbook -
Lab 8: Conducting Forensic Investigations on Mobile Devices |
|
Week 13 (4/4) |
Network Forensics |
Lab 8 Due: 4/4/22 Cloud Labs from textbook -
Lab 9: Conducting Forensic Investigations on Network Infrastructure |
|
Week 13 (4/6) |
Easter Holiday |
|
|
Week 14 (4/11, 4/13) |
Memory Forensics |
April 11 Chapter
14 Registers and RAM
(video) RAM Explained (video) Lab 9 Due: 4/13/22 Cloud Labs from textbook -
Lab 10: Conducting Forensic Investigations on System Memory April 13 Project
Presentations ·
Paige
Buttrey Phising ·
Sydney
McGowan - Chain of Custody ·
Emily
Doyle nMap ·
Allie
Humphrey - OpenAI and ChatGPT: The Impact and
Revolution of Education and Business |
|
Week 15 (4/18, 4/20) |
Project Presentations |
April 18
Project Presentations (only one presentation) ·
Krista
Balint Cellebrite Mobile Forensics April 20
Project Presentations ·
Jacob
Sawyer Influence of Quantum Computing on Digital Forensics ·
Phillip
Nikolov Network
Forensics ·
Braxton Hartis Daubert Standard ·
Colin Choquette - AI in Digital Forensics ·
Dylan
Kegeris Vehicle Forensics ·
Anna
Prewitt Anti-Forensics |
|
Week 16 (4/25, 4/27) |
Project Presentations |
April 25
Project Presentations ·
Ben
Laird Real World Uses of Steganography ·
Hunter Matuse Ghidra
SRE Suite ·
Max Fincher DLL Injection ·
Caison Lewis - State Digital Forensic Licensing ·
Marquita
Sakyi-Nyante Deepfake Forensics ·
Nicklaus
Page - Quantum computing methods for cryptanalysis and password cracking April 27
Project Presentations ·
Caleb
Miller Car Black Box Forensics ·
Jonah Gloss - Forensic Investigation in SSD's and HDD's ·
Madison Polk Topic Unknown · Ed Gowen Open-Source Forensics Tools · Eduardo Garcia-Lopez - Social Media forensics ·
Tim
Insley - Automotive
Digital Forensics Lab 10 Due: 4/28/22 |
|
Week 17 (5/4) |
Exam 2: 11:30am
-2:30pm |
Page Last Updated April 13, 2023