CS 493/593 Digital Forensics

Credit Hours:

4/3

Course Coordinator:

Kevin McGrath

Course Description:

Detailed, hands-on approach to the investigation of criminal incidents in which computers or computer technology play a significant or interesting role. Familiarization with the core computer science theory and practical skills necessary to perform rudimentary computer forensic investigations, understanding the role of technology in investigating computer-based crime, and preparation to deal with investigative bodies.

Prerequisites:

Recommended: CS 333 or 533. No prior background in criminal justice or law is assumed.

Goals:

To introduce students to computer forensics; especially the technical and legal issues and limitations.

Upon the successful completion of this class, students will be able to:

1. Identify relevant electronic evidence (both inculpatory and exculpatory) associated with various violations of specific laws, including, but not limited to, computer crimes.
2. Locate and recover relevant electronic evidence from Linux and Windows systems using a variety of tools.
3. Identify and articulate probable cause as necessary to obtain a warrant to search for electronic artifacts, and recognize the limits of warrants
4. Recognize and maintain a chain of custody of electronic evidence.
5. Follow a documented forensics investigation process.

Textbooks:

None. Class handouts and web resources are used.

References:

Web resources.

Major Topics:

• The judicial system and the role of evidence
• Search and Seizure, especially with regard to Constitutional
• LimiWetations
• Electronic Communications Privacy Act (ECPA)
• Files systems: FAT and NTFS
• Forensics tools

Laboratory Exercises:

Students are presented with an evidence disk, and a crime. Within the context of the elements of the crime, students must locate relevant evidence on the drive.

Oral and Written Communications:

Student teams formally present evidence they have gathered from another team’s hard drive to the class. Each team member is required to speak during the presentation.

Social and Ethical Issues:

Students learn all about the laws involving search & seizure.

Problem Analysis:

Students are presented with an evidence disk, and a crime. Within the context of the elements of the crime, students must locate relevant evidence on the drive.

Solution Design:

Students are presented with an evidence disk, and a crime. Within the context of the elements of the crime, students must locate relevant evidence on the drive.