Lecture/Lab Topics
(subject to change)
Introduction and Concept of Forensics
- Course outline/syllabus & introduction.
- What is digital forensics? Definition, process of forensic investigation (scientific method).
- Case studies.
Sociological Aspects of Digital Forensics
- Structure of the legal system.
- Evidence and decision-makers: Judges and juries.
- lab: Study the adversarial nature of the legal system by preparing arguments on both sides of a case.
Legal Aspects of Digital Forensics
- The Fourth Amendment: reasonable expectation of privacy, exceptions (e.g., consent, plain view, exigent circumstances).
- Evidence: chain of custody, federal rules of evidence, business records exception, best evidence, expert witness testimony, and scientific evidence.
- lab: Expert testimony, preparing an expert report, expert depositions, and getting experts’ testimony admitted.
- Privacy laws: HIPAA (Health Insurance Portability and Accountability Act); FERPA (Family Educational Rights and Privacy Act); ECPA (Electronic Communications Privacy Act); Stored Communications Act; Wiretap Act.
- Cyber crimes: CFAA (Computer Fraud and Abuse Act); specific examples (e.g., hacking, cyber stalking, identity theft).
- lab: Continuing look at legal topics.
Computer Forensics
- Introduction to computer forensics.
- Introduction to file system forensics.
- lab: Introduction to The Sleuth Kit (TSK) and Autopsy.
- NTFS analysis.
- File carving.
- lab: Deleted file recovery.
- Windows analysis.
- Windows application analysis.
- lab: Application analysis.
Psychological Aspects of Digital Forensics
- Forensic psychology and cyber-crime.
- Psychological profiling of hackers and malware writers.
- lab: Developing a psychological profile of cyber offenders.
Network Forensics
- Networking fundamentals (architecture, protocols/abstractions, ISO).
- Networking fundamentals, cont.
- lab: Packet capture and protocol analysis
- Evidence acquisition.
- Packet analysis, part 1.
- lab: Packet analysis lab 1.
- Network intrusion detection and analysis.
- Packet analysis, part 2.
- lab: Packet analysis lab 2.
Fraud Investigations
- Introduction to fraud examination; characteristics and skills of the forensic accountant.
- The nature and extent of fraud; Benford’s Law.
- lab: Use Benford’s Law to analyze a data set (Excel file) of sales figures.
Mobile Forensics and Malware
- Mobile device forensics, part 1.
- Mobile device forensics, part 2.
- lab 1: Mobile device forensics lab 1.
- Mobile network forensics.
- Malware.
- lab 2: Mobile device forensics lab 2.