|
Nov 22, 2024
|
|
|
|
NET 373 - Forensic Prac Cybersecurity Credits: 4 Lecture Hours: 2 Lab Hours: 4 Practicum Hours: 0 Work Experience: 0 Course Type: Voc/Tech Upon completion of this course, students will be familiar with the interface, file management, resource allocation and common administration procedures of various popular operating systems. The course describes data organization and file properties that contribute to forensic investigation. Additional topics include a strong emphasis on investigative documentation, recognition of potential evidence sources, sterile evidence acquisition and analysis, and data recovery methodologies. State-of-the-art hardware and software will be used in hands-on labs and case studies. Competencies
- Interpret computer codes and numbering systems
- Describe ASCII codes
- Explain Binary numbering systems
- Explain Hexadecimal numbering systems
- Evaluate purpose of a computer operating system (OS) and its components
- Define kernel
- Differentiate between single-user and multi-user systems
- Explain file management
- Explain memory management including virtual memory/swap space
- Explain OS security
- Compare and contrast the main user features and typical user data of various, PC-class, operating systems including but not limited to
- DOS
- Windows NTx (NT, 2K, XP, Vista, Server 20xx, Win7, Win8, Win10)
- UNIZ/POSIX (Linux/OS X)
- Demonstrate effective use of a Hex Editor application.
- Explain the term offset.
- Practice inserting, altering, deleting, and carving data using the software tool.
- Describe HPFS
- Describe NFS
- Describe HFS Plus
- Assess significance and key components of boot records.
- Contrast Master Boot Record (MBR) and GUID Partition Table (GPT) organizational schemes.
- Decode appropriate data structures to identify volume parameters on a storage device.
- Identify file attributes and permissions
- Describe metadata
- Describe beneficial OS-specific artifacts and logs
- Understand and identify different file systems, including respective data saving, recall and deletion methods.
- Describe FAT/FAT16/FAT32.
- Describe NTFS
- Describe exFAT.
- Describe Extended File System (ext2/ext3/ext4).
- Describe HFS Plus.
- Analyze primary user data and OS artifacts.
- Describe file naming conventions.
- Describe dating methods (creation/modification/access).
- Identify file attributes and permissions.
- Recognize common file extensions including, but not limited to: .txt, .pdf, .doc, .docs, .xls, .jpg, .gif, .bmp, .tmp, .htm, .xml, .log, .zip.
- Explain the correlation of “magic numbers”/file signatures and specific application data.
- Describe metadata.
- Describe beneficial OS-specific artifacts and logs.
- Demonstrate appropriate evidence acquisition techniques
- Document system physical topology
- Document logical system characteristics including BIOS properties, boot configurations and date/time settings
- Assess common secondary data storage
- Identify physical interfaces
- Differentiate between magnetic and solid state storage
- Describe standard hard drive geometry, addressing, and configuration
- Describe purpose/functionality of RAID
- Define slack
- Describe optical storage solutions
- Demonstrate appropriate procedures for forensic duplication
- Describe the purpose of and demonstrate proper wiping techniques
- Show proper write-blocking using accepted methods
- Describe the function of hash values in authentication of data acquisition
- Describe the function of compression in data acquisition
- Analyze data
- Use manual methods to retrieve data
- Use popular tools to automate analysis including EnCase and FTK
- Apply data hash value comparisons to improve efficiency
- Examine typical user data and system files using automated tools
- Perform searches using various keywords and contextual indicators
- Examine data contained in compressed data files/containers
Add to Portfolio (opens a new window)
|
|