Apr 18, 2024  
2018-2019 Course Catalog 
    
Catalog Navigation
  Catalog Home
  President’s Welcome
  Programs Available 2018-2019
  Programs By Degree Type
  Program by Campus
  Course Descriptions & Competencies
  Program Requirements & Graduation

  Profile of DMACC
  Campus Maps & Directories
  Faculty and Staff 2018-2019

  2018-2019 Academic Calendar
  Frequently Asked Questions
  Student Handbook
  Admissions
  Registration
  Educational Expense/Student Accounts
  Financial Aid
  Academic Information
  Student Services
  Student Activities

  DMACC Business Resources
  Continuing Education & Specialized Programs
  DMACC Foundation
  Archived Catalogs
  My Portfolio
HELP
2018-2019 Course Catalog [ARCHIVED CATALOG]

Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)

CRJ 277 - Adv Digital Forensic Methods

Credits: 4
Lecture Hours: 2
Lab Hours: 4
Practicum Hours: 0
Work Experience: 0
Course Type: Open
This course provides a forum for discussion and experimentation with contemporary topics relating to digital/computer forensics. Topics include evidence analysis specific to networked environments and nonconventional data devices, low-level data recovery procedures, advanced cryptography and steganography, and “live” analysis and recovery of server-oriented storage technologies. Software and hardware tools are widely used through various case studies and exercises to reinforce discussion topics.
Prerequisite: CRJ 276  or instructor approval
Competencies
  1. Recognize network equipment as potential sources of evidence
    1. Identify wire/wireless networking equipment and expected functionality of such devices
    2. Utilize appropriate wireless/wired detection tools ” both hardware and software
    3. Demonstrate appropriate retrieval of pertinent data from network hardware
  2. Analyze network traffic and network software artifacts
    1. Define “news groups”, “chat rooms”, “IRC”, “instant messaging”, and “p2p”.
    2. Identify software and/or data artifacts associated with news groups, chat room and instant messaging
    3. Identify software and/or data artifacts associated with file sharing and peer-to-peer protocols
  3. Identify data prevalent to Internet fraud
    1. Recognize personal identification
    2. Recognize financial information including banking and credit card data
  4. Identify, acquire, and analyze evidence from non-conventional data storage devices including but not limited to
    1. gaming consoles
    2. digital music/media players
    3. cameras
  5. Describe and demonstrate contemporary encryption/decryption methods
    1. Compare and contrast various encryption methods ” both software and hardware
    2. Identify legal issues pertaining to data encryption
    3. Describe time-memory trade-offs pertaining to cryptography, including rainbow table applications for password cracking
    4. Describe and demonstrate specific hardware/software intended for decryption
    5. Describe distributive computing solutions for decryption
  6. Describe common data hiding techniques
    1. Define “steganography”, “obfuscation”, “plausible deniability”, “host protected area”.
    2. Describe steganographic implementation and strategies for detecting their use
  7. Describe/demonstrate contemporary “live” forensic analysis techniques
    1. Describe and demonstrate battery power cutover solutions
    2. Perform “live” memory images
    3. Analyze memory images using contemporary software tools
  8. Describe and demonstrate procedures for investigating/recovering data in multi-source and redundant/RAID implementations
    1. Identify RAID hardware and software implementations
    2. Compare and contrast evidence analysis from single-device and multi-device sources
  9. Describe appropriate “clean” environment equipment for data recovery
    1. Define ISO “clean” standards
    2. Identify consequences of improper environmental protections during low-level, hardware examination
    3. Compare and contrast laminar flow hoods versus isolated clean rooms
    4. Identify other required components and equipment for a “clean” environment including filters and user tools and garments
  10. Describe and demonstrate appropriate “clean” environment procedures for data recovery
    1. List consequences of improper procedures during low-level examination
    2. Identify physical components of secondary storage devices especially magnetic platter hard drives
    3. Demonstrate proper procedure for swapping faulty components of a secondary storage device
  11. Describe low-level, hardware recovery methods of solid state data storage devices
    1. Define write-leveling
    2. Describe low-level data-hardware communication protocols and appropriate tools
  12. Perform basic scripting.
    1. Write batch scripts.
    2. Write BASH scripts.


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)