ISSC621 - Computer Forensics
Course Code: ISSC621 Course ID: 3860 Credit Hours: 3 Level: Graduate
This course examines information concealment techniques, technologies, hardware, software, and relevant legislation for cyber forensics to reveal and track legal and illegal activity. The course examines the process for investigation and introduces the tools and procedures required to legally seize and forensically evaluate a suspect machine. Also covered are the rules of evidence, chain of custody, standard operating procedures, and the manipulation of technology to conceal illegal activities, and revealing concealed information using cyber forensics.
|Registration Dates||Course Dates||Session||Weeks|
|08/26/19 - 01/31/20||02/03/20 - 03/29/20||Winter 2020 Session I||8 Week session|
|09/30/19 - 02/28/20||03/02/20 - 04/26/20||Winter 2020 Session D||8 Week session|
|10/28/19 - 04/03/20||04/06/20 - 05/31/20||Spring 2020 Session B||8 Week session|
|11/25/19 - 05/01/20||05/04/20 - 06/28/20||Spring 2020 Session I||8 Week session|
|12/30/19 - 05/29/20||06/01/20 - 07/26/20||Spring 2020 Session D||8 Week session|
|01/27/20 - 07/03/20||07/06/20 - 08/30/20||Summer 2020 Session B||8 Week session|
|03/30/20 - 09/04/20||09/07/20 - 11/01/20||Summer 2020 Session D||8 Week session|
A successful student will fulfill the following learning objectives:
- Describe the processes and goals of cyber forensics investigations.
- Investigate present policies, procedures, methodologies and legal ramifications of cyber forensics investigations.
- Assess the tools and procedures required to legally seize and forensically investigate.
- Examine a suspect’s computer for a forensic investigation and evaluation.
- Evaluate the relationships and interdependencies between investigation and technology, and the related legal process
- Analyze concealment techniques, technologies, software, hardware and relevant legislation.
- Evaluate data security, integrity exposure of multifunctional devices, tracking techniques and relevant new legislation.
- Discuss rules of evidence and chain of custody using and investigative technology.
- Mitigate potential exposures and the risks of chain of custody.
Submit assignments to your student folder, and make sure you select the correct assignment association. Please name your submitted document with your last name as the first part of the file name. For example, Assignment #1 could be named, ISSC621_Lastname_Assignment1.doc(x). Forum assignments only need to be posted on the Forum. It is not necessary to submit a word document containing your Forum posts. Simply submit your forum posts using the submit button and I will review them and update your assignment grade accordingly.
This course has a strong writing component. The goal is to organize, synthesize, and demonstrate your comprehension of core concepts investigated during this course by applying a combination of the terms, concepts, and details you have learned in a systematic way. As important as "the details" that you analyze and arrange in your writing, however, are the conclusions you draw from those details, and your predictions, responses to, and ultimate interpretation of those details.
Each Forum activity will consist of one or more threads/topics. The assignments may involve discussion or debate. The questions are designed to allow you to apply what you have learned in the chapters to real-world scenarios or hypothetical, but realistic, situations. Post your 300-word answers to the questions in each thread preferably prior to 11:55 p.m. ET on Thursday. Please do not be late with this post because your classmates will be relying on you to post on time to give them a post to respond to later in the week. A discussion period will then ensue from Thursday through Sunday. Read your classmates' posts and post at least two 100-word follow-up messages to your classmates’ posts in each thread prior to 11:55 p.m. ET on Sunday. Some threads may require you to post more than two replies, so make sure you read the directions carefully. Of course, you may always post more than the required number of replies and you are encouraged to continue participating in the discussion even after you have met the minimum number of posts required.
So, remember, you will have a minimum of three per week: one answering the Forum question and two to your fellow class members. Your Forum participation will be considered at the end of the semester if your grade is on the borderline. Borderline grades will only be rounded up if you have exceeded the minimum requirements on the Forum and shown insight and critical thinking in all of your posts and replies. Your follow-up posts must contain substance and should add additional insight to your classmates’ opinions or challenge their opinions. It is never sufficient to simply say, “I agree with what you wrote” or “I really liked your post.” You must use your follow-up posts as a way to continue the discussion at a high level of discourse. Be sure to read the follow-up posts to your own posts and reply to any questions or requests for clarification, including questions posted by your professor. You will be expected to log into the classroom several times each week to participate in the class discussion. Forum postings are a large part of your grade and I will be looking for quality and depth in your postings. I will also expect you to list your references at the end of each post. References should be in APA citation format.
You will be required to write three term papers this semester. Details on the term papers will be listed under the assignments section. General specifications are as follows:
- You must write three 8-12 page term papers on digital forensics issues and comparing/contrasting computer forensics tools.
- Term paper #1 is due at the end of Week 4:
“Research the following laws that relate to computer crime. Write an 8-12 page paper discussing the role they play in computer crime. Be sure to research and document cases to support each law and your discussion.
1) Health Insurance Portability and Accountability Act (HIPAA)
2) Sarbanes-Oxley Act of 2002 (SOx)
3) Children's Online Privacy Protection Act of 1998 (COPPA)
4) California Database Security Breach Act of 2003
5) The Computer Security Act
6) The Privacy Act of 1974
7) Uniform Electronic Transactions Act
8) Electronic Signatures in Global and National Commerce Act
9) Uniform Computer Information Transactions Act.”
- Term paper #2 is due at the end of Week 6:
“Write an 8-12 page paper discussing the below topics as they relate to computer crime. You must provide cases and examples to support the topics.
1) Identify and discuss the steps necessary to make electronic evidence admissible in court.
2) Identify various crimes and incidents that are involved in electronic forensic investigations.
3) Discuss the importance of security and computer use policies.
4) Identify and discuss the techniques to obtain evidence from Internet and Web resources.
5) Identify and discuss the types of evidence that can be recovered from computer and electronic devices.
6) Discuss the importance of documentation and chain-of-custody in the forensic process.”
- Term Paper #3 is due at the end of Week 8:
“Develop a paper where you address three digital forensics tools in the following categories: availability, pricing, platforms supported, technical strengths and weaknesses, etc…”
- In addition to the pages of the paper itself, you must include a title page and a references page. Your title page must include the title of your paper, the date, the name of this course, your name, and your instructor’s name.
- Your references page must be written in APA citation style Arial 11 or 12-point font or Times New Roman styles. You must cite a minimum of ten (10) outside sources.
- Page margins Top, Bottom, Left Side and Right Side = 1 inch, with reasonable accommodation being made for special situations.
- Your paper must be in your own words, representing original work. Paraphrases of others’ work must include attributions to the authors. Limit quotations to an average of no more than 3-5 lines, and use quotations sparingly! It is always better to paraphrase than to directly quote.
- PAPERS WITH AN ORIGINALITY REPORT FROM TURNITIN OVER 10% WILL GET A GRADE OF 0, OR OVER 1% FROM A SINGLE SOURCE WILL RESULT IN A SIGNIFICANT POINT REDUCTION.
Paper # Detail Due # of pages
1 Select any topic covered in the course End of Week 4 8-12
2 Select any topic covered in the course End of Week 6 8-12
3 A Court case analysis End of Week 8 8-12
PER THE STUDENT HANDBOOK, YOU CANNOT SUBMIT A PAPER THAT HAS BEEN SUBMITTED IN ANOTHER COURSE.
|Assignment 1||3.00 %|
|Assignment 2||3.00 %|
|Assignment 3||3.00 %|
|Assignment 4||3.00 %|
|Assignment 5||3.00 %|
|Assignment 6||3.00 %|
|Assignment 7||3.00 %|
|Week 1 Forum||3.00 %|
|Week 2 Forum||3.00 %|
|Week 3 Forum||3.00 %|
|Week 4 Forum||3.00 %|
|Week 5 Forum||3.00 %|
|Week 6 Forum||3.00 %|
|Week 7 Forum||3.00 %|
|Week 8 Forum||3.00 %|
|Term Paper #1 (Week 4)||18.00 %|
|Term Paper #2 (Week 6)||18.00 %|
|Term Paper #3||19.00 %|
Reference: American Psychological Association. (2010). Publication manual of the American Psychological Association (6th edition). Washington, DC: Author. ISBN: 1-4338-0561-8
- Helix v2.0 http://www.e-fense.com/helix/
- Encase http://www.guidancesoftware.com/ -- recommended
- FTK http://www.accessdata.com/ -- recommended
- Microsoft Office (MS Word, MS Excel, MS PowerPoint)
- Adobe Acrobat Reader (Click here for free download)
- Digital Forensics Association: http://www.digitalforensicsassociation.org/library/
- NIJ: Forensic examination of digital evidence guide: http://www.ncjrs.gov/pdffiles1/nij/199408.pdf
- Computer Forensic tool testing: http://www.ojp.usdoj.gov/nij/topics/technology/electronic-crime/cftt.htm
- Recovering and Examining Computer Forensic Evidence: http://www.fbi.gov/hq/lab/fsc/backissu/oct2000/computer.htm
- Computer Forensic white papers: http://www.forensics.nl/links
- Forensic Focus: http://www.forensicfocus.com/
- FRCP: Rule 26: http://www.law.cornell.edu/rules/frcp/Rule26.htm
- Encase Software -- www.guidancesoftware.com/forensic.htm
- FTK software – www.accessdata.com/products/computer-forensics/ftk
- Computer Forensics jobs -- http://www.careerbuilder.com/jobs/keyword/computer%20forensics/
- Computer Forensics jobs -- http://www.computer-forensics-recruiter.com/careers/computer_forensics_jobs.html
- Getting Started -- http://computer-forensics.sans.org/blog/2010/08/20/getting-started-digital-forensics-what-takes/
- Computer forensics degrees/skills -- http://www.computerforensicsdegrees.org/
- The different types of computer forensics jobs -- http://www.wisegeek.com/what-are-the-different-types-of-computer-forensic-jobs.htm
- Certified Computer Examiner -- http://www.isfce.com/
|Book Title:||A Practical Guide to Computer Forensic Investigations|
|Author:||Darren R. Hayes|
|Electronic Unit Cost:||$37.80|
|Book Title:||REFERENCE ONLY- Information Security Fundamentals, 2nd edition-This text will be REQUIRED in ISSC661 and ISSC680. This text will be used as a reference only for the other courses in the ISSC program.|
|Publication Info:||Auerbach Publications|
|Author:||Thomas R. Peltier|
Not current for future courses.