CIT 435 - Cyber Forensics: Syllabus

Instructor Information

Refer to Discussion Forum, Facilitator Introduction and Expectations

Course Title

CIT 435 - Cyber Forensics

Course Description

Introduces the principles and practices of digital forensics including digital investigations, data and file recovery methods, and digital forensics analysis and invalidation. Topics include data acquisition, digital forensics tools, virtual machines, network, mobile devices and cloud forensics.

Prerequisite Courses

Prerequisite(s): CIT 331.

Course Overview

Many people do not know that the scientific discipline of computer forensics is gaining prominence, and rapidly becoming essential to recovering evidence that is so vital to pursuing justice for all persons. This course focuses on the use of the most popular forensics tools and provides specific guidance on dealing with civil and criminal matters relating to the law and technology. Includes discussions on how to manage a digital forensics operation in today’s business environment.

Key concepts to be covered in this course

Understanding the Digital Forensics Profession and Investigations.
The Investigator’s Office and Laboratory.
Data Acquisition.
Processing Crime and Incident Scenes.
Working with Windows and CLI Systems.
Current Computer Forensics Tools.
Macintosh and Linux Boot Processes and File Systems.
Recovering Graphics Files.
Computer Forensics Analysis and Validation.
Virtual Machine and Cloud Forensics.
Live Acquisitions and Network Forensics.
Email Investigations.
Cell Phone and Mobile Device Investigations
Report Writing for High Tech Investigations.
Expert Testimony in High Tech Investigations.
Ethics for the Investigator and Expert Witness.

Course Outcomes

Upon completion of this course, learners should be able to:

Explain how to prepare a digital forensics investigation by taking a systematic approach
Analyze how the advent of computer technologies changes the nature of cybercrime.
Determine what data to collect and analyze
Explain standard procedures for conducting forensic analysis
Apply different computer forensic tools to a given cybercrime scene
Apply current practices to data recovery and acquisition.

Course Materials

Required Texts

Nelson, B., Phillips, A., & Steuart, C. (2016). Guide to Computer Forensics and Investigations (5th ed.). Boston, MA: CENGAGE Learning. ISBN 1-285-06003-2, 978- 1-285-06003-3.

American Psychological Association. (2010). Publication Manual of the American Psychological Association (6th ed.). Washington, DC: American Psychological Association. ISBN 1433805618, 978-1433805615. Companion website: http://www.apastyle.org.

Technology Requirements

The labs are designed to run as a virtualized computer using a software package such as VMware, Parallels, or VirtualBox. You must have up to date virus protection software on your computer. If your computer does not meet any of these requirements, please contact the instructor immediately. Minimum Requirements for Virtualization • 1 GHz processor (2 GHz or higher recommended)

1 GB RAM (2 GB or higher recommended)
10 GB available hard disk space (30 GB recommended)
Cable or DSL Internet connection

Technology Tools

technical specifications

Pre-Assignment

Online Format: Sign on to WorldClass (D2L) and become familiar with the course navigation.

Classroom-based Format: Read chapters 1 & 2 from the textbook

Pre-Assignment Due Dates

Classroom-based Format: This assignment is due the first night of class.

Online Format: The instructor will specify the due date for this assignment.

Course Assignments and Activities

Assignments for Online Course
Week	Readings	Graded Assignments or Assessments (Percentage)
1: Introduction to Cyber Forensics	Text: Ch. 1 & 2	Class Discussion: Introductions Weekly Discussion Forum (25 pts)
2: Processing Crime and Incident Scenes	Text: Ch. 3 &4	Class Discussion: • Weekly Discussion Forum (25 pts) Written Assignment: • When Search Warrants are Not Required for Searches and Seizures - Paper (100 pts)
3: File Systems	Text: Ch. 5 & 7	Class Discussion: • Weekly Discussion Forum (25 pts) Written Assignment: • Hidden and Deleted Evidence - Paper (100 pts)
4: Cyber Forensics Tools	Text: Ch.6 & 8	Class Discussion: • Weekly Discussion Forum (25 pts) Written Assignment: • Examination Processes and Validated Tools in Cyber Forensics - Paper (100 pts)
5: Digital Forensics Analysis and Validation	Text: Ch. 9	Class Discussion: • Weekly Discussion Forum (25 pts) Written Assignment: • Best Practices for Cyber Forensics - Paper (100 pts) • Lab (50 pts)
6: Network and Cloud Forensics	Text: Ch.10 & 13	Class Discussion: • Weekly Discussion Forum (25 pts) Written Assignment: • Network Types and Forensic Artifacts and Tools - Paper (100 pts)
7: Email, Social Media, and Mobile Device Forensics	Text: Ch.11 & 12	Class Discussion: • Weekly Discussion Forum (25 pts) Written Assignment: • Mobile Phone Forensics - Paper (100 pts)
8: The Professional Cyber Forensics Expert	Text: Ch. 14, 15 & 16	Class Discussion: • Weekly Discussion Forum (25 pts) Written Assignment: • Cyber Forensics Critical Elements : Final Written Paper (250 pts)
		Maximum Points Possible: 1100

Summary of Assignments and Percentage Weight:

Assignments	Weighted Percentage
Weekly Discussion Threads	20%
Weekly Assignments	80%
TOTAL	100 %

CCIS Policies

Review the CCIS Policies on the Regis University website.

OTHER INFORMATION

NOTE TO LEARNERS: On occasion, the course facilitator may, at his or her discretion, alter the Learning Activities shown in this Syllabus. The alteration of Learning Activities may not, in any way, change the Learner Outcomes or the grading scale for this course as contained in this syllabus. Examples of circumstances that could justify alterations in Learning Activities could include number of learners in the course; compelling current events; special facilitator experience or expertise; or unanticipated disruptions to class session schedule.