May 20, 2022  
2020-2021 Course Catalog 
    
2020-2021 Course Catalog [ARCHIVED CATALOG]

Add to Portfolio (opens a new window)

NET 179 - Digital Forensic Analysis I

Credits: 3
Lecture Hours: 2
Lab Hours: 2
Practicum Hours: 0
Work Experience: 0
Course Type: Voc/Tech
This course serves as a technical introduction to the forensic process involved in the imaging, searching and processing of digital evidence from computers and mobile devices. Topics covered in the course include a strong emphasis on investigative documentation, recognition of potential evidence sources, sterile evidence acquisition and analysis, and data recovery methodologies. State-of- the-art hardware and software will be used in hands-on labs and case studies.
Prerequisite: NET 373  
Competencies
  1. Demonstrate court-acceptable investigation procedures and documentation
    1. Identify/plan the chain-of-custody
    2. Utilize fact-based reporting
    3. Describe the importance of logging search, seizure, and processing of all electronic evidence
    4. Keep notes/ongoing documentation pertinent to investigation
    5. List details contained in typical post-examination reports
  2. Explain the steps of a forensic investigation: verification of legal authority, collecting preliminary data, investigative environmental impact determination, securing and transporting evidence, acquisition of evidence, examination
  3. Examine appropriate methods for securing and transporting evidence
    1. Locate and document potential evidence
    2. Tag evidence
    3. Bag evidence
    4. Transport evidence
  4. Demonstrate appropriate evidence acquisition techniques
    1. Document system physical topology
    2. Document logical system characteristics including BIOS properties, boot configurations and date/time settings
  5. Outline common secondary data storage
    1. Identify physical interfaces
    2. Differentiate between magnetic and solid state storage
    3. Describe standard hard drive geometry, addressing, and configuration
    4. Describe purpose/functionality of RAID
  6. Identify required hardware and software for forensic investigations
  7. Develop appropriate procedures for forensic duplication
    1. Determine proper wiping techniques
    2. Demonstrate proper write-blocking using accepted methods
    3. Show the function of hash values in authentication of data acquisition
    4. Explain the function of compression in data acquisition
  8. Describe evidence examination
    1. Describe physical extraction/examination techniques
    2. Describe logical extraction/examination techniques
  9. Analyze data
    1. Use manual methods to retrieve data
    2. Use industry standard tools to automate analysis including
    3. Apply data hash value comparisons to improve efficiency
  10. Examine typical user data and system files using automated tools
    1. Perform searches using various keywords and contextual indicators
    2. Examine data contained in compressed data files/containers
    3. Examine web based artifacts
    4. Examine mobile device data



Add to Portfolio (opens a new window)