Nov 22, 2024  
2020-2021 Course Catalog 
    
Catalog Navigation
  Catalog Home
  President’s Welcome
  Programs Available 2020-2021
  Transfer Majors
  Programs By Degree Type
  Programs by Location
  Course Descriptions & Competencies
  Program Requirements & Graduation

  Profile of DMACC
  Campus Maps & Directories
  Faculty and Staff 2020-2021

  2020-2021 Academic Calendar
  Frequently Asked Questions
  Student Handbook
  Admissions
  Registration
  Educational Expense/Student Accounts
  Financial Aid
  Academic Information
  Student Services
  Student Activities

  DMACC Business Resources
  Continuing Education & Specialized Programs
  DMACC Foundation
  Archived Catalogs
  My Portfolio
HELP
2020-2021 Course Catalog [ARCHIVED CATALOG]

Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)

NET 179 - Digital Forensic Analysis I

Credits: 3
Lecture Hours: 2
Lab Hours: 2
Practicum Hours: 0
Work Experience: 0
Course Type: Voc/Tech
This course serves as a technical introduction to the forensic process involved in the imaging, searching and processing of digital evidence from computers and mobile devices. Topics covered in the course include a strong emphasis on investigative documentation, recognition of potential evidence sources, sterile evidence acquisition and analysis, and data recovery methodologies. State-of- the-art hardware and software will be used in hands-on labs and case studies.
Prerequisite: NET 373  
Competencies
  1. Demonstrate court-acceptable investigation procedures and documentation
    1. Identify/plan the chain-of-custody
    2. Utilize fact-based reporting
    3. Describe the importance of logging search, seizure, and processing of all electronic evidence
    4. Keep notes/ongoing documentation pertinent to investigation
    5. List details contained in typical post-examination reports
  2. Explain the steps of a forensic investigation: verification of legal authority, collecting preliminary data, investigative environmental impact determination, securing and transporting evidence, acquisition of evidence, examination
  3. Examine appropriate methods for securing and transporting evidence
    1. Locate and document potential evidence
    2. Tag evidence
    3. Bag evidence
    4. Transport evidence
  4. Demonstrate appropriate evidence acquisition techniques
    1. Document system physical topology
    2. Document logical system characteristics including BIOS properties, boot configurations and date/time settings
  5. Outline common secondary data storage
    1. Identify physical interfaces
    2. Differentiate between magnetic and solid state storage
    3. Describe standard hard drive geometry, addressing, and configuration
    4. Describe purpose/functionality of RAID
  6. Identify required hardware and software for forensic investigations
  7. Develop appropriate procedures for forensic duplication
    1. Determine proper wiping techniques
    2. Demonstrate proper write-blocking using accepted methods
    3. Show the function of hash values in authentication of data acquisition
    4. Explain the function of compression in data acquisition
  8. Describe evidence examination
    1. Describe physical extraction/examination techniques
    2. Describe logical extraction/examination techniques
  9. Analyze data
    1. Use manual methods to retrieve data
    2. Use industry standard tools to automate analysis including
    3. Apply data hash value comparisons to improve efficiency
  10. Examine typical user data and system files using automated tools
    1. Perform searches using various keywords and contextual indicators
    2. Examine data contained in compressed data files/containers
    3. Examine web based artifacts
    4. Examine mobile device data


Facebook this Page (opens a new window)
Tweet this Page (opens a new window)
Add to Portfolio (opens a new window)