UNIVERSITY OF MASSACHUSETTS LOWELL

DEPARTMENT OF COMPUTER SCIENCE

 

Cyber Crime Investigation

Spring 2017

 

Instructor:

Dr. Xinwen Fu

Office

203 Olson Hall

Phone

(978) 934-3623

E-Mail

xinwenfu@cs.uml.edu

Homepage

http://www.cs.uml.edu/~xinwenfu

Office Hours

Tu. 315PM ~ 4:45PM

 

Course Name:

Cyber Crime Investigation (COMP 4611-201/COMP 5300-203)

Credits:

3.00

Duration:

Jan 17, 2017-May 6, 2017

Time:

TuTh 2:00PM - 3:15PM

Location:

Olsen Hall 405

 

TA:

TBD

Email:

TBD

 

COURSE DESCRIPTION

This class introduces students to computer forensics and network forensics, which are two major components of digital forensics. The class will cover topics including introduction to criminology, Legal Compliance, Applicable Laws, Affidavits, Root Cause Analysis, Case Law, Chain of custody, Digital Investigations, Authentication of Evidence, Metadata, Using Virtual Machines for Analysis, How to Testify, E-Discovery, HIPAA / FERPA, Computer Security Act, Sarbanes – Oxley, Gramm – Leach – Bliley, Privacy (COPPA), Payment Card Industry Data Security Standard (PCI DSS), State, US and international standards / jurisdictions, Laws and Authorities, US Patriot Act, Bring Your Own Device (BYOD) issues, Americans with Disabilities Act, Section 508, Forensic Imaging and Analysis, Packet Capture and Analysis, Intrusion Detection and Prevention, Summary statistics, Graphing/Charts, Spreadsheet Functions, Problem Solving, Log-file Analysis, Interlacing of device and network forensics.

 

COURSE PREREQUISITES:

 

DESCRIPTION OF INSTRUCTIONAL METHODS:

 

 

COURSE REQUIREMENTS

1. Bill Nelson, Amelia Phillips, Christopher Steuart, Guide to Computer Forensics and Investigations (with DVD) 5th Edition, Course Technology; 5 edition (January 15, 2015), ISBN-10: 1285060032

2. Sherri Davidoff, Jonathan Ham, Network Forensics: Tracking Hackers through Cyberspace, Prentice Hall; 1 edition (June 23, 2012), ISBN-10: 0132564718

 

Class Attendance Policy

Students should attend the class in the classroom.

 

Cheating and Plagiarism Policy

All forms of academic dishonesty will result in an F for the course and notification of the Academic Dishonesty Committee.  Academic dishonesty includes (but is not limited to) plagiarism, copying answers or work done by another student (either on an exam or assignment), allowing another student to copy from you, and using unauthorized materials during an exam.

 

Make-up Exams

 

COURSE GOALS

 

 EVALUATION PROCEDURES

 Components of Course Grade:

Attendance

10%

Assignments (5~10)

20%

Midterm Exam

50%

Term Project

20%

 

Grade Scale: A+(4.0), A(4.0), A-(3.7), B+(3.3), B(3.0), B-(2.7), C+(2.3), C(2.0), and F (0.0)

 

 

A+

95 ~ 100

A

90 ~ 95

A-

85 ~ 90

B+

80 ~ 85

B

75 ~ 80

B-

70 ~ 75

C+

65 ~ 70

C

60 ~ 65

D

50 ~ 59

F

below 50

 

Homework Assignments

 

Exams

 

Projects

 

UNIVERSITY DEADLINES: 2015 Fall Academic Calendar

 

EARLY ALERT STATEMENT

Academic Success Support

As your professor, I am personally committed to supporting YOUR academic success in this course.  For that reason, if you demonstrate any academic performance or behavioral problems which may impede your success, I will personally discuss and attempt to resolve the issue with you.  If the situation persists, I will forward my concern to the Student Development Office and your academic advisor to seek their support and assistance in the matter.  My goal is to make your learning experience in this course as meaningful and successful as possible.

 

Americans with Disabilities Act (ADA) Statement

The University is committed to serving all students with disabilities as defined by the Rehabilitation Act of 1973 and the Americans with Disabilities Act of 1990. A qualified person with a disability means: an individual with a disability who, with or without reasonable modifications to rules, policies, or practices, the removal of architectural, communication or transportation barriers, or the provision of auxiliary aids and services, meets the essential eligibility requirements for the receipt of services or the participation in programs or activities provided by a public entity.

 

Questions concerning services for people with learning and physical disabilities should be directed to

Jody Goldstein, MSSW

Student Disability Services

One University Avenue

Cumnock Hall C6

Lowell, MA 01854

978-934-4574

E-mail: Disability@uml.edu

http://www.uml.edu/STUDENT-SERVICES/disability/default.html

 

TENTATIVE CLASS SCHEDULE

The schedule may be adjusted based on the actual progress in the semester.

 

Week 1

Introduction

Week 2

Computer Forensics and Investigations

Chapter 1

Legal Compliance

Lab/Project

Students shall be able to use one or more common DF tools, such as EnCase, FTK, ProDiscover, Xways, SleuthKit.

Chapter 1

Applicable Laws

Chapter 1,P13

Affidavits

Supplementary

Root Cause Analysis

Writing Assignment

Students will be able to describe the steps in performing digital forensics from the initial recognition of an incident through the steps of evidence gathering, preservation and analysis, through the completion of legal proceedings.

Chapter 1, P8

Case Law

Chapter 1

Chain of custody

Week 3

Computer Forensics and Investigations

Chapter 2

Digital Investigations

Week 4

Computer Forensics and Investigations

Chapter 5: indentifying Digital Evidence

Authentication of Evidence

Week 5

Computer Forensics and Investigations

Chapter 6:P210 metadata in NTFS

Metadata

Week 6

Computer Forensics and Investigations

Chapter 11

Using Virtual Machines for Analysis

Week 7

Computer Forensics and Investigations

Chapter 15

How to Testify

E-Discovery

Week 8

Mid-term

Week 9

Elementary Information Security

Chapter 4.5.2

HIPAA / FERPA

Writing Assignment

Students shall be able to discuss the rules, laws, policies, and procedures that affect digital forensics

Chapter 17.3

Computer Security Act

Chapter 4.5.2

Sarbanes – Oxley

Chapter 4.5.2

Gramm – Leach – Bliley

Supplementary

Privacy (COPPA)

Chapter 4.5.2

Payment Card Industry Data Security Standard (PCI DSS)

Chapter 1.6

State, US and international standards / jurisdictions

Supplementary

Laws and Authorities

Supplementary

US Patriot Act

Supplementary

Bring Your Own Device (BYOD) issues

Supplementary

Americans with Disabilities Act, Section 508

Week 10

Network Forensics

Chapter 1

Forensic Imaging and Analysis

Week 11

Network Forensics

Chapter 4

Packet Capture and Analysis

Writing Assignment

Students will be able to describe the methodologies used in network forensics.

Week 12

Network Forensics

Chapter 7

Intrusion Detection and Prevention

Lab/Project

Students will be able to analyze and decipher network traffic, identify anomalous or malicious activity, and provide a summary of the effects on the system.

Week 13

From papers

Supplementary

Summary statistics

Supplementary

Graphing/Charts

Supplementary

Spreadsheet Functions

Supplementary

Problem Solving

Week 14

Network Forensics

Chapter 8

Log-file Analysis

8.5 Case Study

Apply standard statistical inference procedures to draw conclusions from data

Week 15

Network Forensics

Chapter 9

Interlacing of device and network forensics