Instructor(s): Dr. Lydia Ray
Office:
CCT429
Office phone: (706) 565-3615
Department phone: (706) 568-2410
Department FAX: (706) 565-3529
Office Hours: MON-THURS 9.00 -11.00 AM, TUE, THU: 4.15 PM – 5.15 PM
e-mail address: ray_lydia@columbusstate.edu
homepage:http://csc.columbusstate.edu/ray
Catalog Description of Course: (Prerequisite CPSC 6126 Information Systems Assurance). This course briefly reviews fundamentals of Computer Forensics. Then it presents in-depth discussion of methodologies for collecting and analyzing computer forensic data. Topics include an overview of the forensic relevance of encryption, the examination of digital evidence for clues, and investigating both Windows and Unix computers.
Required Textbook(s):
Reference Textbook(s):
Note: Although this book is listed as a reference book, I strongly suggest that students get this book. This is a more advanced book with lot of extra information that the required text book does not have. This book requires basic digital forensic knowledge as prerequisite. That’s why I chose the first book as required text and this book as a reference.
Required platform and other material:
1. Internet connection
2. OS Windows XP or higher
3. Computers that dual-boot to Linux or UNIX is preferable. Alternatively, you can create a virtual machine with Linux (instructions will be given).
4. At least 10-20 GB free hard drive space (you may need it to analyze digital evidence)
Note: Most tools described in the text book are compatible with Windows XP or Unix platform. If you use Vista or any other operating system, it is your responsibility to find compatible tools and complete assignments.
1. Students will have an understanding of forensic analysis of computers as an evidence for a crime.
2. Students will learn the investigative tools and techniques used to acquire volatile and non-volatile digital evidence from Windows and Unix computers.
3. Students will learn the tools and techniques for analyzing digital evidence along with reconstruction of deleted files and images and file signature analysis.
4. Students will learn to reconstruct web browsing activity and e-mail activity.
5. Students will learn tools and techniques of acquiring evidence from personal digital assistant and USB drives and analyzing those.
Instructional Methods and Techniques
How to Access the Course
This course is being offered through WebCT Vista. You can access WebCT Vista at: http://webct.colstate.edu/
Your WebCT Vista username and password are:
Username: lastname_firstname
Password: XXXXXX
where "XXXXXX" is the your birthdate in DDMMYY format.
If you try the above and WebCT Vista will not let you in, please use the "Comments/Problems" link at the bottom of the WebCT home page to request help. If you are still having problems gaining access a day or so after the class begins, please e-mail me.
Once you've entered WebCT, you will see a list of courses you have access to. The CPSC 6159 course is listed as "Computer Forensics." If you don't see the course in the list, please e-mail me immediately.
How This Course Will Work
This course will consist of readings, assignments, “lab” assignments, a final project and one examination. On a weekly basis, you will need to:
Rule of Assignments:
1. An assignment will contain hands-on assignments (mainly from the textbook), questions on those assignments and other general questions to test your knowledge on that week’s reading lessons.
2. You do NOT need to attach screen shots of your hands-on work unless you are specifically asked to do so.
3. You need to write the answers of assignment questions in enough details. Do not assume I know what you want to mean.
4. No late assignment will be accepted unless there is a medical reason.
5. Assignments must be submitted in web ct drop box. It is your responsibility to work ahead of time and ensure timely submission in proper place.
6. If you submit assignments via e-mail, timely grading of those assignments cannot be guaranteed (unless there is any medical reason). If you submit assignments in my CougarNet account, assignments may get misplaced. I will not take responsibility of any lost assignment that was not submitted in assignment drop-box.
Rule for Examination:
1. You will take only one midterm examination.
2. The examination will be proctored.
3. The rules and requirements of proctoring will be published within the first week of class.
Discussions:
1. There will be threaded discussions to interact with other classmates and the instructors.
2. The topic of discussion can be anything you want to share with your classmates. However, the focus of these discussions will be to discuss any problem that you encounter while taking this course. For example, if you have problem downloading or installing specific forensic software, you may create a discussion thread and ask for suggestion from your classmates. If you think there is a wrong question in an assignment, you may create a threaded discussion. However you are not allowed to discuss any examination question. Any issue with the examination will be discussed only via e-mail exchange with the instructor (and only with the instructor).
3. These discussions will be reviewed by the instructor. But they will not be graded.
Rule for Final Project:
1. In the final project, you will be given to solve a real cyber crime case. Evidence will be provided to you.
2. Detailed instructions will be provided later.
Student Responsibilities
As a student in this course, you are responsible to:
“I didn’t know” is not an acceptable excuse for failing to meet the course requirements. If you fail to meet your responsibilities, you do so at your own risk.
As your instructor in this course, I am responsible to:
· post weekly lessons outlining the assignments for the week,
· read all responses to discussion questions and comment if necessary,
· grade assignments, midterm and the final project, and post scores within one week of the end of the week in which they are submitted, and
· read any e-mail sent by the you and respond accordingly within 48 hours.
Course Evaluation (tentative):
Grades may be determined according to this scale:
|
A 90% - 100% |
B 80% - 89% |
|
C 70% - 79% |
D 60% - 69% |
General Policies
You are responsible for all class work missed, regardless of the reason for the absence(s). Late assignments will not be accepted. No makeup exams or quizzes will be given, so please make sure you are present for all exams/quizzes. Refer to the CSU Catalog (http://aa.colstate.edu/advising/a.htm#Attendance%20Policy) for more information on class attendance and withdrawal.
|
Academic dishonesty No cheating in any form will be tolerated. Penalties for academic dishonesty may include a zero grade on the assignment or exam/quiz, a failing grade for the course, suspension from the Computer Science program, and dismissal from the program. All instances of cheating will be documented in writing with a copy placed in the Department’s files. Students will be expected to discuss the academic misconduct with the faculty member and the chairperson. For more details see the Faculty Handbook: http://aa.colstate.edu/faculty/FacHandbook0203/sec100.htm#109.14 and the Student Handbook: http://sa.colstate.edu/handbook/handbook2003.pdf |
Getting help
You can always contact me during my posted office hours, by e-mail, or by
appointment.
CSU ADA
statement
If you have a documented disability as described by the Rehabilitation Act of
1973 (P.L. 933-112 Section 504) and Americans with Disabilities Act (ADA) and
would like to request academic and/or physical accommodations please contact
Joy Norman at the Office of Disability Services in the Center for Academic
Support and Student Retention, Tucker Hall (706) 568-2330, as soon as possible.
Course requirements will not be waived but reasonable accommodations may be
provided as appropriate.