|
Apr 18, 2024
|
|
|
|
CRJ 277 - Adv Digital Forensic Methods Credits: 4 Lecture Hours: 2 Lab Hours: 4 Practicum Hours: 0 Work Experience: 0 Course Type: Open This course provides a forum for discussion and experimentation with contemporary topics relating to digital/computer forensics. Topics include evidence analysis specific to networked environments and nonconventional data devices, low-level data recovery procedures, advanced cryptography and steganography, and “live” analysis and recovery of server-oriented storage technologies. Software and hardware tools are widely used through various case studies and exercises to reinforce discussion topics. Prerequisite: CRJ 276 or instructor approval Competencies
- Recognize network equipment as potential sources of evidence
- Identify wire/wireless networking equipment and expected functionality of such devices
- Utilize appropriate wireless/wired detection tools ” both hardware and software
- Demonstrate appropriate retrieval of pertinent data from network hardware
- Analyze network traffic and network software artifacts
- Define “news groups”, “chat rooms”, “IRC”, “instant messaging”, and “p2p”.
- Identify software and/or data artifacts associated with news groups, chat room and instant messaging
- Identify software and/or data artifacts associated with file sharing and peer-to-peer protocols
- Identify data prevalent to Internet fraud
- Recognize personal identification
- Recognize financial information including banking and credit card data
- Identify, acquire, and analyze evidence from non-conventional data storage devices including but not limited to
- gaming consoles
- digital music/media players
- cameras
- Describe and demonstrate contemporary encryption/decryption methods
- Compare and contrast various encryption methods ” both software and hardware
- Identify legal issues pertaining to data encryption
- Describe time-memory trade-offs pertaining to cryptography, including rainbow table applications for password cracking
- Describe and demonstrate specific hardware/software intended for decryption
- Describe distributive computing solutions for decryption
- Describe common data hiding techniques
- Define “steganography”, “obfuscation”, “plausible deniability”, “host protected area”.
- Describe steganographic implementation and strategies for detecting their use
- Describe/demonstrate contemporary “live” forensic analysis techniques
- Describe and demonstrate battery power cutover solutions
- Perform “live” memory images
- Analyze memory images using contemporary software tools
- Describe and demonstrate procedures for investigating/recovering data in multi-source and redundant/RAID implementations
- Identify RAID hardware and software implementations
- Compare and contrast evidence analysis from single-device and multi-device sources
- Describe appropriate “clean” environment equipment for data recovery
- Define ISO “clean” standards
- Identify consequences of improper environmental protections during low-level, hardware examination
- Compare and contrast laminar flow hoods versus isolated clean rooms
- Identify other required components and equipment for a “clean” environment including filters and user tools and garments
- Describe and demonstrate appropriate “clean” environment procedures for data recovery
- List consequences of improper procedures during low-level examination
- Identify physical components of secondary storage devices especially magnetic platter hard drives
- Demonstrate proper procedure for swapping faulty components of a secondary storage device
- Describe low-level, hardware recovery methods of solid state data storage devices
- Define write-leveling
- Describe low-level data-hardware communication protocols and appropriate tools
- Perform basic scripting.
- Write batch scripts.
- Write BASH scripts.
Add to Portfolio (opens a new window)
|
|