CS 6963 Digital Forensics, Credits: 3.00
Polytechnic University
Brooklyn, New York
Instructor:
Name: Walter Bruehs
E-mail:
Phone: 703-985-1323
Office Hours: By Arrangement
Course Description:
This course will introduce information technology professionals with the application of forensic science principles and practices to the collection, preservation, examination, analysis and presentation of digital evidence. The course will include selected topics from the legal, forensic, and information technology domains and utilize lecture, laboratory and written projects to illustrate these topics.
Instructional Methods:
This course will use a combination of lecture, discussions, laboratory exercises and individual research in order to develop the student’s understanding and application of digital forensics.
Each week, students will listen to a lecture posted on ePoly. Most weeks will also have discussion questions posed either in the lecture or on the week’s home page. Additional laboratory sessions will be held using a virtual lab and laboratory reports, in the designated format, are required deliverables.
ePoly:
Poly uses a Web-based teaching and learning environment called ePoly. Access to ePoly is available at the following URL: http://e-poly.net/. This course is designed for high bandwidth. Students are strongly advised to utilize only broadband connections when using the ePoly site. Student computers must support Flash™ animation.
Course Conduct and Academic Honesty:
The academic community of Polytechnic University and of the profession of digital forensics require the highest standards of professional ethics and personal integrity from all members of the community. Violations of these standards are violations of a mutual obligation characterized by trust, honesty, and personal honor. As a community, we commit ourselves to standards of academic conduct, impose sanctions against those who violate these standards, and keep appropriate records of violations.
The Polytechnic University Policy on Academic Dishonesty can be found at:
http://www.poly.edu/wwwpoly/codeConduct/Dishonesty.htm
Students with Disabilities:
Students who need special consideration because of any sort of disability should notify the instructor at the start of the course, and any time thereafter if further consideration is needed.
Course Objectives:
At the completion of this class, students will:
Students of the course will be provided with a general understanding of how a digital forensics case is processed. The course will review the scientific methodology used to conduct examinations, and include a review of the legal ramifications of search and seizure. Students will learn some of the fundamental techniques used in digital forensic exams. Students will learn courtroom rules and be asked to create a lab report and a display suitable for a courtroom.
Course Materials:
Required text:
Brian Carrier. File System Forensic Analysis. Addison Wesley, 2005. (ISBN:0-32-126817-2)
Recommended texts:
George Mohay, et al. Computer and Intrusion Forensics. Artech House, 2003. (ISBN:1-58053-369-8)
Eoghan Casey. Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet.
Sammes, Tony, Jenkinson, Brian; Forensic Computing; Springer-Verlag, Ltd.; 2000 (ISBN 1-85233-299-9)
Web Sites:
Students are responsible for reading the material contained in the hyperlinks noted in the course syllabus. The following sites are for background information:
www.swgde.org
www.accessdata.com
www.ioce.org
www.cops.org
www.guidancesoftware.com
http://www.fbi.gov/hq/lab/fsc/backissu/april2000/swgde.htm
www.cybercrime.gov
Course Requirements:
The following are required deliverables:
1. Student Biography (including photograph of student) due by end of Unit 1
2. Discussion questions as assigned (approximately 4 due at the end of Units 2, 3, 6, and 8) to be submitted in the Discussion Area.
3. Two quizzes (Unit 5 and Unit 11)
4. Laboratory Reports (Units 2, 4, 5, 6, 7, and Final)
5. Standard Operating Procedure (Unit 3)
6. Forensic Examination Plan (Unit 9)
IMPORTANT NOTE: The instructor may add, remove or modify requirements during the course. Students must read all postings on the ePoly website.
Grading Policy:
Students will be graded on the following course requirements:
Online Discussion Participation – 10 points
Laboratory Examinations – 30 points
Standard Operating Procedure – 15 points
Examination Plan – 15 points
Trial Exhibit – 10
Quizzes (2) - 20
Course final grades will be assigned as follows:
A 100-90 B 89-80 C 79-70 D 69-60 F <59
Tentative Class Schedule
Class TopicsLecture / Assignments
Unit 1 / Welcome / Post Student Bios on ePoly
http://www.x-ways.net/winhex/winhex.pdf
Chapters 2,4
Unit 2 / Introduction to Forensic Science & The Scientific Method / Carrier Chapters 1,2
Discussion Question
LAB EXCERSICE
Unit 3 / Evidence Handling, Quality Assurance and SOP’s / www.aafs.org
www.ascld-lab.org
www.ioce.org
www.swgde.org
www.cops.org
www.ncjrs.gov/pdffiles/nij/199408.pdf
Discussion Question
Unit 4 / Hierarchy of Access and
The Digital Forensic Process / Carrier Ch 4 & 5, 10
Discussion Question
Unit 5 / Documentation and Report Writing / Carrier Ch. 3
Discussion Question
Quiz 1
Unit 6 / Legal One – Constitutional Law / "Carrier Ch. 9 U.S. Constitution (http://memory.loc.gov/const/const.html)
Amendments 1, 4, 5, 6 & 7 "
Discussion Question
Unit 7 / Legal Two – Criminal/Civil Procedure / http://www.law.cornell.edu/topics/criminal.html
http://www.fjc.gov/federal/courts.nsf
http://www.law.cornell.edu/wex/index.php/Criminal_procedure
http://www.law.cornell.edu/wex/index.php/Civil_procedure
Discussion Question
Unit 8 / Forensic Tool Selection & Use / Carrier Appendix A
http://www.asrdata.com/tools/
www.accessdata.com
www.guidencesoftware.com
www.techpathways.com
Discussion Question
Unit 9 / Examination Planning & Design / Begin Final Examination
Unit 10 / Evidence Law / http://www.law.cornell.edu/rules/fre/
11/23/09 / THANKSGIVING BREAK
Unit 11 / Findings and Conclusions / Discussion Question
Quiz 2
Unit 12 / Testimony & Exhibits / Maltese, Expert Testimony: (on ePoly)
Judge and Attorney Experiences, Practices, and Concerns Regarding Expert Testimony in Federal Civil Trials
Carol Krafka; Meghan A. Dunn; Molly Treadway Johnson; Joe S. Cecil; Dean Miletich
2002, 24 pages (www.fjc.gov)Discussion Question
Unit 13 / Roles and Responsibilities / Final Examination Due 11:59 PM ET December 14, 2009
Discussion Question
Unit 14 / No Lecture / Trial Exhibit Due 11:59 PM ET December 21, 2009
Course Evaluation and wrap-up