ITN 277 Syllabus

 Division:       Arts and Sciences                                                                                                   Date:  February 2014

 Curricula in Which Course is Taught:             Cybercrime Investigation certificate

 Course Number and Title:           ITN 277, Computer Forensics II

Credit Hours:   3-4              Hours/Wk Lecture:  3-4                 Hours/Wk Lab:                    Lec/Lab Comb:    3-4


I.       Catalog Description: Develops skills in the forensic extraction of computer evidence at a logical level using a variety of operating systems and applications (i.e., e-mail) and learn techniques for recovering data from virtual memory, temporary Internet files, and intentionally hidden files. Prerequisite: ITN 276, Computer Forensics I.  Credit will be given to ITN 275 or ITN 276 and ITN 277, but not all three courses.


II.    Relationship of the course to curricula objectives in which it is taught: This course helps students understand how to collect, analyze and evaluate evidence data from various sources using a variety of software.


III. Required background:  ENF 2 as a corequisite


IV.  Course Content:

A.   Preparing to examine a digital forensic evidence system

a.    Forensic resources

                                                  i.    Hardware

                                                ii.    Software imaging tools

                                               iii.    Writeblockers

                                               iv.    Validation tools

B.   Data Acquisition and Analysis

a.    Imaging and validating the digital evidence

b.    Working with Windows and DOS systems

c.    Examining Windows registry data

d.    Examining Windows temporary files

e.    Examining Windows pagefile (virtual memory)

f.     Performing a “live” inspection on a system

g.    Using court-accepted forensic tools to acquire and analyze data

h.    Using Windows utilities to explore the Internet History Viewer

i.      Exploring encryption techniques

j.      Using password crackers to recover encrypted or data protected by passwords

k.    Find data hidden in applications

C.   Recovering Image Files

a.    Understanding Image File Types

b.    Forensic tools for viewing images

c.    Find data hidden in graphic files using steganography

D.   E-mail Investigations

a.    Understanding email and Internet fundamentals

b.    Crimes involving email

c.    Examining email

                                                  i.    Viewing and validating email headers

                                                ii.    Email forensic tools

d.    Tracking email across the Internet

E.   Examining UNIX and Linux Disk Structures

a.    Understanding UNIX and Linux boot processes

b.    Understanding Linux Loader

c.    UNIX and Linux drives and partition scheme

d.    Understanding Unix and Linux file structure and commands

F.    Network Forensics

a.    Internet basics

b.    Corporate legal considerations

                                                  i.    Corporate computer crimes and investigations

                                                ii.    Policy violations

                                               iii.    Stored content inspection versus network monitoring

c.    Retrieving evidence over the network

d.    Retrieving volatile data

e.    Use of network logs as evidence

                                                  i.    Log correlation

f.     Incorporating digital forensics into the Incident Response Plan (IRP)

G.   Creating a written report of findings

a.    Report summary

b.    Report outline

c.    Evidence presentation

d.    Report dissemination

e.    Automated report generation


V.  Learner Outcomes

Upon completion of the course the students

will be able to:

VI.  Evaluation


Assignments, quizzes, tests, labs


A.   Analyze a variety of operating systems and applications for computer evidence.

B.   Understand and correctly use forensic software and tools.

C.   Understand the basics of network forensics and incident response.


    This course supports the following objectives:

DCC Educational Objectives:

Information Literacy
Cultural and Social Understanding
Critical Thinking