Computer Forensics - Course Syllabus

    
     

 

    
 

 

Home

Blackboard

Office Hours

E-Mail Me

My Resume

Computer Forensics Web Site

  

CIS 362     Computer Forensics


 

Instructor:                              Stephen Bunting, EnCE, CCFT
Office:                                    CIS Faculty Suite #4
Phone:                                   (302) 225-6347 (msgs only)
E-mail:                                    bunting@gbc.edu
Homepage:                            http://www.gbc.edu/~bunting/
Office Hours:                         as posted & by appointment
Tutorial Hours:                      by appointment

 

Course Description

Forensics is the use of science and technology to investigate and establish facts of interest to the legal system. This course provides students with the skills and knowledge to acquire and preserve evidence from a computer. Additionally, students will be provided with the skills and knowledge to analyze data and to report their findings.

 

Evidence exists on computers in many places and formats. In addition to evidentiary documents themselves, operating systems and programs leave behind a vast array of evidentiary artifacts that can be used to establish the guilt or innocence of accused parties. The course will cover the range of computer forensics skills needed to acquire, analyze and report findings for Windows platforms using EnCase forensic software as a primary tool, but using other forensic tools as well.

 

The course instructor has taught computer forensics to federal, state, & local law enforcment examiners as well to examiners in the business sector. He has written several books on the topic and is an active examiner, having been involved in many recent high profile cases.

 

Computer forensics are used in the legal system, in business and industry, in the military, and in variety of local and national security interests. Accordingly, the demand for qualified computer forensics examiners is very high.

 

Prerequisite

Completion of CIS 360 with a grade of 70% or higher is required.

 

Textbooks

EnCase Computer Forensics: The Official EnCE: EnCase Certified Examiner Study Guide, Steve Bunting & William Wei Wiley, 2005

An additional text (optional):

Mastering Windows Network Forensics and Investigation, Steve Anson & Steve Bunting, Wiley, 2007

Topics Covered

The following is a list of tentative subjects for this course in no particular order, which may be changed without notice at any time at the instructor's sole discretion. Students should reference the lecture outlines on the course web page for weekly lecture outlines, and reading and other assignments.

  • Computer Hardware
  • File Systems
  • First Response
  • Acquiring Digital Evidence
  • EnCase Software Concepts
  • EnCase Software Environment
  • Understanding, Searching for, and Bookmarking Data
  • File Signature Analysis and Hash Analysis
  • Windows Operating System Artifacts (including Windows Vista)
  • Advanced EnCase Software Techniques
  • Creating Paperless Computer Forensics Reports

Policies

 

Attendance

Attendance is taken during each class.  Attendance for the duration of every class is essential for having any chance of passing this course. Important information including, but not limited to, the course schedule, assignments, tests, and many other items of importance are covered and discussed during class time, as needed.  Students are responsible for being informed of all relevant course information that transpires during class time. Students missing any part of any class need to make arrangements with a classmate for "catching up" on any missed material, notes, assignments, handouts, etc. Almost all class assignments could be found in course homepage. A special "Information Desk" homepage is included, where important information will be posted. It is students' responsibility regularly check course homepage. Remember, the homepage is developed to avoid wasting of paper and time. Please, don't be late. Class doors are closed 5 min after class begins!

Late Assignments

Assignments are due when they are due and are generally collected at the beginning of class. A 5% penalty will be applied for each day an assignment is late, including the first day and weekends. Late assignments will be accepted for not more than 7 days after the due date unless special arrangements were made. Late assignments may be submitted to the instructor's office during non-class time. Submission through BlackBoard's DropBox is a preference. Attachments should be prepared in MS Word unless otherwise specified. Hand-written homeworks will not be accepted. No assignment will be accepted after the start of the last regular class of this course.

Make-up Tests

Make-up tests are rare and will be given only in cases of documented serious illness or other emergencies. To be eligible for a make-up test, the student must provide an acceptable excuse prior to the scheduled date and time of the test.  In the event a make-up test is granted, the student is responsible for taking the test before the start of the next class. If the instructor is not notified prior to the scheduled test time, unless a satisfactory reason is given for the lack of notification, a make-up test is still permitted, but a 20% reduction of grade will be incurred. If the next class is scheduled on a day the college is closed, the make-up test must be taken prior to the closing of the college.

Academic Honesty

  • Helping a classmate is very honorable, but sharing solutions is strictly prohibited.

  • All work is to be done individually, unless explicitly stated otherwise.

  • Anyone caught cheating; copying solutions or electronic files, or performing any other activity that may be construed as dishonest will be punished up to dismissal from class with a failing grade and will be reported to the Academic Honesty Committee.

  • Don't forget that when copying other students’ projects and/or assignments you can copy their errors too.

Semester Grade

  • Six homework assignments will comprise 40% of the final grade.
  • Three tests will be worth 60% of the final grade. 
  • The percentage will not be rounded to the closest integer.
  • Up to five points could be added for active participation in the class!
  • Up to seven points could be deducted for failed tests (1 pt. each) and/or bad attendance (3 pts. for more than 2 missing classes)!
  • A letter grade based on the total percentage achieved will be given in accordance with the College's grading system.
  • The will be no negotiation of grades. You earn your grade and our grade will reflect your effort!

Correction of Grades

If an error is made in grading any of your work or your final grade, I will be glad to make a correction. However, the error must be called to my attention within two weeks of the return of the material in question. In the case of final grades, the error must be called to my attention within two weeks of the next regular semester.

Getting Help

If help is needed, students are advised to seek it immediately. The best way to reach the instructor is by e-mail at bunting@gbc.edu. Individual assistance is available by appointment. Please be on time for appointments.

Working Together

You are encouraged to partner with one or more other classmates. Should it be necessary for you to miss class, a partner can take notes for you, grab extra copies of the assignment. And, when you're having difficulty with an assignment, why not get together with your partner(s) in the computer lab? In practice computer forensics examiners often consult and work together. When it comes to writing a final report and testifying about their findings, the examiner is then self-reliant and must go it alone. Thus, the classroom experience mirrors that situation. Therefore, students must prepare their one homework. Do not copy another's work or electronic files! If you do, you and the person from whose work you copied will receive a grade of zero for that homework!

Academic Honor Code

All courses taught at Goldey-Beacom College are governed by the GBC Academic Honor Code. Click on the link above to learn more.


Updated September 25, 2007