|
Apr 20, 2024
|
|
|
|
CRJ 176 - Computer Forensics I Credits: 3 Lecture Hours: 2 Lab Hours: 2 Practicum Hours: 0 Work Experience: 0 Course Type: Open This course serves as a technical introduction to the search, seizure and processing of electronic evidence. Topics covered in the course include a strong emphasis on investigative documentation, recognition of potential evidence sources, sterile evidence acquisition and analysis, and data recovery methodologies. State-of- the-art hardware and software will be used in hands-on labs and case studies. Prerequisite: Instructor approval Competencies
- Understand and demonstrate court-acceptable investigation procedures and documentation
- Identify/plan the chain-of-custody
- Utilize fact-based reporting
- Describe the importance of logging search, seizure, and processing of all electronic evidence
- Keep notes/ongoing documentation pertinent to investigation
- List details contained in typical post-examination reports
- Identify and generally describe the steps of a forensic investigation: verification of legal authority, collecting preliminary data, investigative environmental impact determination, securing and transporting evidence, acquisition of evidence, examination
- Describe appropriate methods for securing and transporting evidence
- Locate and document potential evidence
- Tag evidence
- Bag evidence
- Transport evidence
- Describe and demonstrate appropriate evidence acquisition techniques
- Document system physical topology
- Document logical system characteristics including BIOS properties, boot configurations and date/time settings
- Describe common secondary data storage
- Identify physical interfaces
- Differentiate between magnetic and solid state storage
- Describe standard hard drive geometry, addressing, and configuration
- Describe purpose/functionality of RAID
- Define slack
- Describe optical storage solutions
- Describe required hardware and software for forensic investigations
- Describe and demonstrate appropriate procedures for forensic duplication
- Describe the purpose of and demonstrate proper wiping techniques
- Describe and demonstrate proper write-blocking using accepted methods
- Describe the function of hash values in authentication of data acquisition
- Describe the function of compression in data acquisition
- Describe evidence examination
- Describe physical extraction/examination techniques
- Describe logical extraction/examination techniques
- Analyze data
- Use manual methods to retrieve data
- Use popular tools to automate analysis including EnCase and FTK
- Apply data hash value comparisons to improve efficiency
- Examine typical user data and system files using automated tools
- Perform searches using various keywords and contextual indicators
- Examine data contained in compressed data files/containers
Add to Portfolio (opens a new window)
|
|