ITEC 493/CRJU 490

Introduction to Computer Forensics

Dr. Burke

Fall, 2005

Tuesday/Thursday 2:00-3:15 Index # 1336

Davis 201

Office Hours: Tue: 3:30-4:30 & Wed: 3:00-6:00

Office: 307 Adams Street – upstairs Room 6B

Phone: 831-6657 (office)

E-mail: tburke@radford.edu

Homepage: www.radford.edu/~tburke

 

This course introduces students to computer forensics and cyber-crime scene analysis. The various laws and regulations dealing with computer forensic analysis will be discussed. Students will be introduced to the emerging international standards for computer forensic analysis, as well as a formal methodology for conducting computer forensic investigations.

Textbook:

Guide to Computer Forensics and Investigations, by Nelson, Phillips, Enfinger, Steuart, 2nd ed, ISBN 0-619-21706-5, 2005

1.      Introduction to Computer Forensics: Chapter 1

2.      Computer Investigations: Chapter 2

3.      Disk File Systems: Chapter 3

4.      Unix Systems: Chapter 4

5.      Introduction to Computer networks

6.      Computer Forensics Tools: Chapter 5, 6

7.      Digital evidence: Chapter 7

8.      Forensic Search & Seizure : Chapter 8, 9

9.      Investigating Windows and Unix Systems : Chapter 10, 12, 13

10.  E-mail Tracing: Chapter 11

 

Format of course

The format for this course incorporates the principals of active learning. Students are expected to demonstrate knowledge, comprehension, and application of the concepts and principals covered in class.  Students are strongly encouraged to participate in classroom discussion!

Goals and Objectives of the Course

1.      Demonstrate an understanding of the various laws dealing with computer forensic analysis; 

2.      Demonstrate a working knowledge of computer forensics applications and tools;

3.      Understand the rules of evidence and the importance of the chain of custody;

4.      Understand the principles of computer forensics and crime scene analysis; and

5.      Apply the principles and procedures of computer forensics

 

The following topics may be discussed by Dr. Burke, but are not limited to:

 

  • What is forensic computing?
  • What does computer forensic computing involve?
  • Network forensics
  • Computer investigation functions
  • Computer forensics versus other disciplines
  • Examining computer crime
  • Preparing for computer investigations
  • Public v. private investigations
  • Understanding enforcement agency investigations
  • Following the legal process
  • Cyber forensics and the legal system
  • Elements of a crime
  • Examining company policy
  • Corporate computer crimes
  • Establishing company policies
  • Maintaining professional conduct
  • Preparing a computer investigation
  • Taking a systematic approach
  • Planning your investigation
  • Securing evidence
  • Understanding data recovery
  • Completing the case
  • Interviews and interrogations
  • Intrusion profiling
  • Investigative considerations
  • Types of questioning
  • Who to contact to assist in the investigation
  • What else should you know?
  • Report writing
  • Cyber forensics and the legal system
  • Issues of evidence
  • Hearsay rule
  • Best evidence rule
  • Presenting evidence in court
  • Expert witnesses
  • Hints to the expert
  • Testimonial problems
  • Testifying in court
  • Understanding the trial process
  • Testifying during direct examination
  • Testifying during cross-examination
  • Preparing for a deposition

 

Grading

Legal briefs:

Dr .Burke will grade students based upon two typed legal briefs (25 points each) – please download brief requirements from:  http://www.radford.edu/~tburke/legalbrief.html.  The cases will be noted during class.

Group presentation:

Students will also make a classroom presentation (group project). Topics will be distributed during a class period.  Students will graded based upon my “oral report guideline” (please download and print) http://www.radford.edu/~tburke/oralreport.htm.  Each student will be expected to speak during the presentation.  All members of the group will receive the same grade (the group leader must submit the names of all group members to the professor prior to their presentation).  The professor has the right to lower the grade of any individual group member if that student does not meet the guideline requirements and/or is ill-prepared for the presentation.  The group presentation is valued at 50 points.  It is important that the presentation be informative and exciting (get the class involved in some creative manner).  Have fun with it!!!

Periodic quizzes: 

There will be no tests for this class, but quizzes, valued at 20 points each, will be administered periodically.  The dates of the quizzes will be announced in class.  Quizzes will cover class discussion, readings, legal briefs, guest speakers, etc.  The format of the quizzes will be hypothetical/short answers.  Quizzes will not be multiple choice, true/false, etc.  The student can not make up a quiz, so do not bother to ask.

*Late papers/assignments will not be accepted.  No excuses, no exceptions!

Attendance

The student is expected to attend each class. If an individual is borderline between grades, class participation will be considered in making the final grade decision. Additionally, students are expected to attend class "on time." Tardiness will NOT be tolerated (the student may be denied admission into the class if tardy and will be counted absent). 

 *Bonus: 10 points will be added to the final score from quizzes, presentations, etc. (not 10%) for perfect attendance (An "excused" absence will result in the forfeit of the bonus points, but will not be counted against the student. An "excused" absence must be cleared by the professor prior to the absence). Any student who misses more than one (1) class (unless excused) will be deducted 20 points for each class missed (Two tardies = one absence).  Any student not paying attention (example, falling asleep in class - if that is even possible in this course), may be counted absent for that day.

Please turn off all cell phones, beepers and other electronic devices that may distract your classmates and professor!

Radford University is committed to the highest standards of academic honesty. Acts of academic dishonesty include plagiarism, cheating, bribery, academic fraud, sabotage of research materials, the sale of academic papers, the purchase of academic papers, and the falsification of records. An individual who engages in these or related activities or who knowingly aids another who engages them, is acting in an academically dishonest manner and will be subject to disciplinary action in accordance with the bylaws and procedures of Radford University (See Student Handbook).

Each member of the academic community is expected to give full, fair, and formal credit to any and all sources that have contributed to the formulation of ideas, methods, interpretations, and findings. The absence of such formal credit is an affirmation that the work is fully the writer’s. The term "sources" includes, but is not limited to, published or unpublished materials, lectures, lecture notes, computer programs, mathematical and other symbolic formulations, course papers, examinations, theses, dissertations, and comments offered in class or informal discussions. The representation that such work of another is the writer’s represents plagiarism.

Care must be taken to document the source of any ideas or arguments. If the actual word of a source is used, it must appear within quotation marks. In cases that are unclear, the writer must take due care to avoid plagiarism.

The source should be cited whenever:

  1. A text is quoted verbatim
  2. Data gathered by another are presented in diagrams or tables/charts
  3. The results of a study conducted by another are used
  4. The work or intellectual effort of another is paraphrased by the writer.

Since the intent to deceive is not a necessary element (strict liability), careful note taking and record keeping is essential in order to avoid plagiarism. In other words, it is like being a little bit pregnant (you either are or you are not). One cannot have "accidental/unintentional" plagiarism!

Students should consult members of the faculty for clarification of the definition and substance of this policy on plagiarism as it applies to their particular discipline.

(Source: City University of New York – Proposal on Plagiarism).

Please keep in mind that this is a team-taught course.  The requirements noted within this syllabus ONLY apply to Dr. Burke.  Please see Dr. Shing’s syllabus for his specific requirements.  Your final grade will be calculated based upon the combination of course requirements and consultation between Dr. Shing and myself.