UNIVERSITY OF MASSACHUSETTS LOWEL

DEPARTMENT OF COMPUTER SCIENCE

 

94.562 DIGITAL FORENSICS

FALL 2011

 

Instructor:

Dr. Xinwen Fu

Office:

203 Olson Hall

Phone:

(978) 934-3623

E-Mail:

xinwenfu@cs.uml.edu

Homepage:

http://www.cs.uml.edu/~xinwenfu

 

Course Name:s

94.562.031 Digital Forensics

Credits:

3.00

Duration:

Sep 1, 2011 - Dec 10, 2011

Time:

Course Status: Fully Online

Location

Blackboard, Click here for access instruction

 

 

COURSE DESCRIPTION

Identifying, preserving and extracting electronic evidence. Students learn how to examine and recover data from operating systems, core forensic procedures for any operating or file system, understanding technical issues in acquiring computer evidence and how to conduct forensically sound examinations to preserve evidence for admission and use in legal proceedings.

 

TEXTBOOK

Bill Nelson, Amelia Phillips, and Christopher Steuart, Guide to Computer Forensics and Investigations, 4th Edition, 2010, ISBN-10: 1435498836, Click here to the publisher

NOTE: Do NOT buy the kindle version since it does not have the CD required for this class.

 

COURSE GOALS

COURSE PREREQUISITES:

The class is open to students with minimal computer science knowledge. The following knowledge will help your study.

 

ONLINE INTERACTION GUIDELINE

This is a fully online course. We require active participation by students to achieve the learning goals of this course. There are three online communication ways: email, chat and discussion boards.

 

Email: All course material related emails should be sent within the Blackboard Vista email system. Students MUST login Blackboard to send and view emails. Emails sent within Blackboard are not able to be delivered to public email accounts. Emails are reserved for sensitive questions you feel may be disturbing if delivered to all students. All other course related questions should be posted to a specific learning module Discussion Board for course material documentation. Students can also send personal email to the instructor's public email account for private reasons such as not being able to attend the chat because of sickness if students choose to.

 

Chat: Chat is voluntary and encouraged. The session runs from 8:30PM ~ 9:30PM EST each Monday within the semester for real time discussion of course materials. Each week the instructor will create a chat room dedicated to the specific week and answer questions in real time.

Tip for online chatting: Recall there are tens of people in the chat room; use concrete entities while chatting; avoid preps and obscurity.

 

Discussion board: Each learning module has its own discussion module. The participation is mandatory and contributes 10% toward to a student's final grade. The discussion board is for asking and answering questions. In general, the instructor will answer the questions within 24 hours. Feel free to respond to each other's questions. Please direct questions to a specific learning module Discussion Board for easy course material documentation and clarity. Therefore, the discussion board will be used as a Question & Answer repository.

ASSIGNMENT (EXAM) GUIDELINES

Components of Course Grade:

Discussion Board Participation

10

Assignments (10)

45

Final exam

25

Term Project

20

Grade Scale

96 ~ 100

A+

90 ~ 95

A

85 ~ 89.9

A-

80 ~ 84.9

B+

75 ~ 79.9

B

70 ~ 74.9

B-

65 ~ 69.9

C+

60 ~ 64.9

C

< 60

F

 

Assignments


Exam Format


Make-up Exams


TENTATIVE CLASS SCHEDULE

The schedule may be adjusted based on the actual progress in the semester. We thank Dr. Yong Guan for sharing many of his materials.

 

Order

Topics

Chapter

Readings

Assignment

Data

0

Introduction

 

 

 

1

Computer Forensics and Investigations as a Profession

Chapter 1

 

 

2

Understanding Computer Investigations

Chapter 2

 

 

3

The Investigator's Office and Laboratory

Chapter 3

 

 

4

Data Acquisition

Chapter 4

 

 

5

Processing Crime and Incident Scenes

Chapter 5

 

 

Midterm Exam

 

 

 

 

6

Working with Windows and DOS Systems

Chapter 6

 

 

7

Current Computer Forensics Tools

Chapter 7

 

 

8

Macintosh and Linux Boot Processes and File Systems

Chapter 8

 

 

9

Computer Forensics Analysis and Validation

Chapter 9

 

 

10

Recovering Graphics Files

Chapter 10

 

 

Final Exam