UNIVERSITY OF MASSACHUSETTS LOWEL

DEPARTMENT OF COMPUTER SCIENCE

 

94.562 DIGITAL FORENSICS

SPRING 2013

 

Instructor:

Dr. Xinwen Fu

Office:

203 Olson Hall

Phone:

(978) 934-3623

E-Mail:

xinwenfu@cs.uml.edu

Homepage:

http://www.cs.uml.edu/~xinwenfu

 

Course Name:

94.562.031 Digital Forensics

Credits:

3.00

Duration:

01/22/2013 - 05/04/2013

Time:

Course Status: Fully Online

Location

Blackboard, Click here for access instruction

 

 

COURSE DESCRIPTION

Identifying, preserving and extracting electronic evidence. Students learn how to examine and recover data from operating systems, core forensic procedures for any operating or file system, understanding technical issues in acquiring computer evidence and how to conduct forensically sound examinations to preserve evidence for admission and use in legal proceedings.

 

TEXTBOOK: NOTE: Do NOT buy any e-version since it does not have the CD required for this class.

Bill Nelson, Amelia Phillips, and Christopher Steuart, Guide to Computer Forensics and Investigations, 4th Edition, 2010, ISBN-10: 1435498836. NOTE: Do NOT buy the any e-version since it does not have the CD required for this class.

 

COURSE GOALS

?         Learn About The Field Of Computer Forensics

We will learn about the emerging field of Computer Forensics - the science of obtaining and analyzing evidence from computers. This evidence may be found on storage devices, such as hard drives, which are confiscated under warrant from personal or professional computers; or it may be found by traces of activity on computer networks. We will learn the tools and process of Computer Forensics.

?         Learn Computer and Networking Concepts.

We will learn how computers and the Internet work so that they change rapidly, you can understand the changes. Specific topics include how computer hardware and software work, what data formats are, how network hardware works and how the Internet works.

?         Investigate Legal and Ethical Issues Involving Computer Forensics

We will explore what kind of crimes computer forensics specialist investigate, and learn about what information gathering is legal/illegal and ethical/unethical. As technology emerges and changes so quickly, many of the aspects of these laws and guidelines are still being developed, which will make for an interesting academic exploration of the issues.

 

 

COURSE PREREQUISITES:

The class is open to students with minimal computer science knowledge. The following knowledge will help your study.

1.      Linux (Fedora Core) and Windows - basic use and software installation.

2.      Knowledge of networks

3.      Creative thoughts

 

ONLINE INTERACTION GUIDELINE

This is a fully online course. We require active participation by students to achieve the learning goals of this course. There are three online communication ways: email, chat and discussion boards.

 

Email: All course material related emails should be sent within the Blackboard Vista email system. Students MUST login Blackboard to send and view emails. Emails sent within Blackboard are not able to be delivered to public email accounts. Emails are reserved for sensitive questions you feel may be disturbing if delivered to all students. All other course related questions should be posted to a specific learning module Discussion Board for course material documentation. Students can also send personal email to the instructor.s public email account for private reasons such as not being able to attend the chat because of sickness if students choose to.

 

Chat: Chat is voluntary and encouraged. The session runs from 8:00PM ~ 9:00PM EST each Monday within the semester for real time discussion of course materials. Each week the instructor will create a chat room dedicated to the specific week and answer questions in real time.

Tip for online chatting: Recall there are tens of people in the chat room; use concrete entities while chatting; avoid preps and obscurity.

 

Discussion board: Each learning module has its own discussion module. The participation is mandatory and contributes 10% toward to a student.s final grade. The discussion board is for asking and answering questions. In general, the instructor will answer the questions within 24 hours. Feel free to respond to each other.s questions. Please direct questions to a specific learning module Discussion Board for easy course material documentation and clarity. Therefore, the discussion board will be used as a Question & Answer repository.

ASSIGNMENT (EXAM) GUIDELINES

Components of Course Grade:

Discussion Board Participation

10

Assignment (10)

45

Final exam

25

Term Project

20

Grade Scale

96 ~ 100

A+

90 ~ 95

A

85 ~ 89.9

A-

80 ~ 84.9

B+

75 ~ 79.9

B

70 ~ 74.9

B-

65 ~ 69.9

C+

60 ~ 64.9

C

< 60

F

 

Assignments

?         All assignments are to be turned in on or before the due date and time. If you try and cannot turn in an assignment electronically because the campus network is down, you will not be penalized.

?         An assignment turned in up to 24-hours late will be reduced by 10% of the assignment.s worth, more than 24 hours late will be reduced 100%.

?         The due date and time for each assignment will be specified on assignment postings.

?         All assignments are expected to be individually and independently completed. Should two or more students turn in substantially the same solution or program, in the judgment of the instructor, the assignment will be given a grade of zero. A second such incident will result in an F grade for the course.

?         All assignments MUST be to be turned in through Blackboard Vista via the assignment dropbox, NOT by email or discussion board.

Exam Format

?         Exams will be based on textbooks, web sites, and assignments.

?         All exams are open book within a specific time span of three hours.

?         All exams should be completed by the student independently.

?         The tentative exam format will be true/false, multiple choice, fill-in-the-blanks, programs, and/or short essays.

?         All exams MUST be to be turned in through Blackboard Vista via the assignment dropbox, NOT by email or discussion board.

Make-up Exams

?      Make-up exams will only be given in case of serious need and only when the instructor is notified prior to the exam time. If this is not done, the grade is automatically zero for that exam/quiz.

?      Written verification for the student.s inability to take an exam will be required.

?      The make-up exams will be different from those given to the class.

 

 

TENTATIVE CLASS SCHEDULE

The schedule may be adjusted based on the actual progress in the semester. We thank Dr. Yong Guan for sharing many of his materials.

 

Order

Topics

Chapter

Readings

Overview

Work

0

Introduction

 

 

 

1

Computer Forensics and Investigations as a Profession

Chapter 1

 

One week 

2

Understanding Computer Investigations

Chapter 2

 

Two weeks 

3

The Investigator.s Office and Laboratory

Chapter 3

One week 

4

Data Acquisition

Chapter 4

Two weeks 

5

Processing Crime and Incident Scenes

Chapter 5

 

One week 

6

Working with Windows and DOS Systems

Chapter 6

 

Two weeks 

7

Current Computer Forensics Tools

Chapter 7

 

One week 

8

Macintosh and Linux Boot Processes and File Systems

Chapter 8

Two weeks 

9

Computer Forensics Analysis and Validation

Chapter 9

 

One week 

10

Recovering Graphics Files

Chapter 10

 

One week 

Final Exam