Apr 20, 2024  
2018-2019 Course Catalog 
    
Catalog Navigation
  Catalog Home
  President’s Welcome
  Programs Available 2018-2019
  Programs By Degree Type
  Program by Campus
  Course Descriptions & Competencies
  Program Requirements & Graduation

  Profile of DMACC
  Campus Maps & Directories
  Faculty and Staff 2018-2019

  2018-2019 Academic Calendar
  Frequently Asked Questions
  Student Handbook
  Admissions
  Registration
  Educational Expense/Student Accounts
  Financial Aid
  Academic Information
  Student Services
  Student Activities

  DMACC Business Resources
  Continuing Education & Specialized Programs
  DMACC Foundation
  Archived Catalogs
  My Portfolio
HELP
2018-2019 Course Catalog [ARCHIVED CATALOG]

Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)

CRJ 176 - Computer Forensics I

Credits: 3
Lecture Hours: 2
Lab Hours: 2
Practicum Hours: 0
Work Experience: 0
Course Type: Open
This course serves as a technical introduction to the search, seizure and processing of electronic evidence. Topics covered in the course include a strong emphasis on investigative documentation, recognition of potential evidence sources, sterile evidence acquisition and analysis, and data recovery methodologies. State-of- the-art hardware and software will be used in hands-on labs and case studies.
Prerequisite: Instructor approval
Competencies
  1. Understand and demonstrate court-acceptable investigation procedures and documentation
    1. Identify/plan the chain-of-custody
    2. Utilize fact-based reporting
    3. Describe the importance of logging search, seizure, and processing of all electronic evidence
    4. Keep notes/ongoing documentation pertinent to investigation
    5. List details contained in typical post-examination reports
  2. Identify and generally describe the steps of a forensic investigation: verification of legal authority, collecting preliminary data, investigative environmental impact determination, securing and transporting evidence, acquisition of evidence, examination
  3. Describe appropriate methods for securing and transporting evidence
    1. Locate and document potential evidence
    2. Tag evidence
    3. Bag evidence
    4. Transport evidence
  4. Describe and demonstrate appropriate evidence acquisition techniques
    1. Document system physical topology
    2. Document logical system characteristics including BIOS properties, boot configurations and date/time settings
  5. Describe common secondary data storage
    1. Identify physical interfaces
    2. Differentiate between magnetic and solid state storage
    3. Describe standard hard drive geometry, addressing, and configuration
    4. Describe purpose/functionality of RAID
    5. Define slack
    6. Describe optical storage solutions
  6. Describe required hardware and software for forensic investigations
  7. Describe and demonstrate appropriate procedures for forensic duplication
    1. Describe the purpose of and demonstrate proper wiping techniques
    2. Describe and demonstrate proper write-blocking using accepted methods
    3. Describe the function of hash values in authentication of data acquisition
    4. Describe the function of compression in data acquisition
  8. Describe evidence examination
    1. Describe physical extraction/examination techniques
    2. Describe logical extraction/examination techniques
  9. Analyze data
    1. Use manual methods to retrieve data
    2. Use popular tools to automate analysis including EnCase and FTK
    3. Apply data hash value comparisons to improve efficiency
  10. Examine typical user data and system files using automated tools
    1. Perform searches using various keywords and contextual indicators
    2. Examine data contained in compressed data files/containers


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)