DAKOTA STATE UNIVERSITY

COLLEGE OF BUSINESS AND INFORMATION SYSTEMS

 

CIS-492-D03 Topics: Computer Forensics, Spring 2006

 

Instructor:

Dr. Xinwen Fu

Office: 

Room 6, East Hall

Phone: 

256-7341

E-Mail: 

xinwen.fu@dsu.edu         

Homepage: 

http://www.homepages.dsu.edu/fux/

Office Hours: 

Mon. Wed. Fri. 11:00AM ~ 12:00PM, Mon. Wed. 1:30PM~5:00PM

 

Course Name:

CIS-492-D03 Topics: Computer Forensics

Credits:

3.00

Duration:

01/17/2006-05/11/2006

Time:

Tuesday, Thursday 04:30PM - 05:45PM

Location:

East Hall, Room 001

 

 

COURSE DESCRIPTION

Includes current topics, advanced topics and special topics. A course devoted to a particular issue in a specified field. Course content is not wholly included in the regular curriculum. Guest artists or experts may serve as instructors. Enrollments are usually of 10 or fewer students with significant one-on-one student/teacher involvement.

 

COURSE PREREQUISITES:

Prerequisites: CIS-414

 

Technology Skills

1.      C and Assembly languages

2.      Windows, Unix and Linux operating systems (Redhat)

3.      Linux/Windows software installation

4.      Knowledge of networks

5.      Creative thoughts

 

DESCRIPTION OF INSTRUCTIONAL METHODS

Class Preparation

      The course web site is located within WebCT (http://webct.dsu.edu/).

      Announcements, questions (and answers, etc. will be available through WebCT.

      Lecturing is based on the textbook with learning materials provided.

      Security techniques may be practiced in the IA lab.

      Discussions and questions/answers take place through WebCT, which should be checked approximately once every 48-hours. 

      A Chat room is also likely to be used from time to time.

      You will be expected to be prepared for class, and you must complete the assignments by the due dates.

 

COURSE REQUIREMENTS

Textbooks (Chapter 10 ~ Chapter 18)

      Amelia Phillips, Bill Nelson, Frank Enfinger, Chris Steuart, Guide to Computer Forensics and Investigations, Second Edition (Paperback), ISBN: 0619217065

o        Textbooks may be purchased at the bookstore or electronically through: http://www.amazon.com or some other bookseller

 

Supplementary Materials

      Chris Prosise, Kevin Mandia, Matt Pepe, Incident Response and Computer Forensics, Second Edition (Paperback), ISBN: 007222696X

      Warren G. Kruse II, Jay G. Heiser, Computer Forensics : Incident Response Essentials (Paperback), ISBN: 0201707195

 

 

Class Attendance Policy

Students are expected to attend and participate in class. Attendance may be verified by quizzes delivered through WebCT or in class. There will be no make-up opportunities for missed quizzes.

 

Cheating and Plagiarism Policy

All forms of academic dishonesty will result in an F for the course and notification of the Academic Dishonesty Committee.  Academic dishonesty includes (but is not limited to) plagiarism, copying answers or work done by another student (either on an exam or assignment), allowing another student to copy from you, and using unauthorized materials during an exam.

 

Make-up Exams

      Make-up exams will only be given in case of serious need and only when the instructor is notified prior to the exam time. If this is not done, the grade is automatically zero for that exam/quiz.

      Written verification for the student¨s inability to take an exam will be required.

      The make-up exams will be different from those given to the class.

 

University Deadlines

Add/Drop Deadline: March 30 C Last day to withdraw from all full semester classes and receive a refund.

Withdraw Deadline: April 7C Last day to withdraw from a full semester course or all courses and receive a grade of ^W ̄.

 

COURSE GOALS

         Learn About The Field Of Computer Forensics

We will learn about the emerging field of Computer Forensics - the science of obtaining and analyzing evidence from computers. This evidence may be found on storage devices, such as hard drives,  which are confiscated under warrant from personal or professional computers; or it may be found by traces of activity on computer networks. We will learn the tools and process of Computer Forensics.

         Learn Computer and Networking Concepts.

We will learn how computers and the Internet work so that they change rapidly, you can understand the changes. Specific topics include how computer hardware and software work, what data formats are, how network hardware works and how the Internet works.

         Investigate Legal and Ethical Issues Involving Computer Forensics

We will explore what kind of crimes computer forensics specialist investigate, and learn about what information gathering is legal/illegal and ethical/unethical. As technology emerges and changes so quickly, many of the aspects of these laws and guidelines are still being developed, which will make for an interesting academic exploration of the issues.

 

 EVALUATION PROCEDURES

 Components of Course Grade:

Assignments (5~10)

40%

Quiz

10%

Midterm

20%

Project/Presentation

30%

 

Grade Scale

90 ~ 100%

A

70 ~ 89.9%

B

60 ~ 69.9%

C

50~59.9%

D

59.5% and below

F

 

Homework Assignments

      All assignments are to be turned in on or before the due date and time. If you try and cannot turn in an assignment electronically because the campus network is down, you will not be penalized.

      An assignment turned in up to 24-hours late will be reduced by 10% of the assignment¨s worth, more than 24 hours late will be reduced 100%.

      The due date and time for each assignment will be specified on assignment postings.

      All assignments are expected to be individually and independently completed. Should two or more students turn in substantially the same solution or program, in the judgment of the instructor, the assignment will be given a grade of zero. A second such incident will result in an F grade for the course.

      All assignments are to be turned in through WebCT.

 

Exams

      Exams and quizzes will be based on textbooks, web sites, and assignments.

      All exams and quizzes are take-home, but timed.

      The tentative exam format will be true/false, multiple choice, fill-in-the-blanks, programs, and/or short essays.

 

Projects

      Each member of this class is required to join a team of 5 persons. A team must have a team leader coordinating the communication with members and the instructor.

      Each team must be formed within 2 weeks from the semester start and the team leader will report the list of members to the instructor once the team is formed.

      Team work is encouraged since all members of a team will receive the same score based on the entire team¨s performance for team projects.

      Some of the projects will be performed within a close laboratory.

 

EARLY ALERT STATEMENT

Academic Success Support

As your professor, I am personally committed to supporting YOUR academic success in this course.  For that reason, if you demonstrate any academic performance or behavioral problems which may impede your success, I will personally discuss and attempt to resolve the issue with you.  If the situation persists, I will forward my concern to the Student Development Office and your academic advisor to seek their support and assistance in the matter.  My goal is to make your learning experience in this course as meaningful and successful as possible.

 

Americans with Disabilities Act (ADA) Statement

If there is any student in this class who, due to a disability, has need for non-standard note-taking, test taking, or other course accommodations, please contact Dakota State University¨s ADA coordinator, Keith Bundy, in the Science Development Office located in the Trojan Center Underground or at 256-5121, as soon as possible. Accommodations cannot be given until they have been applied for and the need confirmed. The Dakota State University ADA web site contains information and forms for students requesting an accommodation:  http://www.departments.dsu.edu/disability_services.

 

 WIRELESS MOBILE COMPUTING INITIATIVE (WMCI) STATEMENT

The tablet PC will be used as a supplementary instructional device.  This technology will be valuable in the classroom and you are strongly encouraged to bring a wireless computing device to class to achieve the full educational benefit of in-class assignments.

 

LINKS TO OTHER SOURCES OF INFORMATION:

 

Graduate Catalog:  http://www.departments.dsu.edu/registrar/catalog/

 

Library:  http://www.departments.dsu.edu/library/

 

Computer Services Support: http://support.dsu.edu/

 

Student Handbook: http://www.departments.dsu.edu/student_services/handbook/

 

DEWT Student Guide: http://www.departments.dsu.edu/disted/studentguide/guide.htm

 

Semester Calendar: http://www.departments.dsu.edu/registrar/catalog/schedule/

 

 

 

 

TENTATIVE CLASS SCHEDULE

The schedule may be adjusted based on the actual progress in the semester.

 

Week

Topics

Chapter

Readings

Exams

1

Computer Forensics and Investigations as a Profession

Chapter 1

 

2

Understanding Computer Investigations

Chapter 2

 

3

The Investigator's Office and Laboratory

Chapter 3

 

4

Current Computer Forensics Tools

Chapter 4

 

5

Processing Crime and Incident Scenes

Chapter 5

 

6

Digital Evidence Controls

Chapter 6

 

Mar 5~12

Spring Break

 

 

7

Working with Windows and DOS Systems

Chapter 7

Mid-term Exam

8

Macintosh and Linux Boot Processes and Disk Structures

Chapter 8

 

9

Data Acquisition

Chapter 9

 

March 30

Last day to withdraw from all full semester classes and receive a refund.

 

 

10

Computer Forensic Analysis

Chapter 10

 

April 7 (Fri)     

Last day to withdraw from a full semester class or school and receive a grade of ^W ̄

 

 

11

Recovering Image Files

Chapter 11

 

12

Network Forensics

Chapter 12

 

13

E-Mail Investigations

Chapter 13

 

14

Becoming an Expert Witness and Reporting Results of Investigations

Review

Chapter 14

Final Exam

May 11

Final Exam