Oct 23, 2019
CIS 273 - Digital Forensics II
Covers advanced topics. Registry, event logs, internet history, and creating analysis reports. Students will be introduced to processes for conducting testing and verification. Each student will process a forensic case. Maps to the ACE and CSFA certifications.
Prerequisite CIS 272 with a minimum grade of 2.5 or instructor permission.
Course-level Learning Objectives (CLOs)
Upon successful completion of this course, students will be able to:
- Create forensically sound image files and working copies of drives from both live and at rest computer systems using a variety of commercial and open source tools.
- Employ various techniques to overcome encryption and passwords using a variety of commercial and open source tools.
- Describe the differences between the FAT16 and FAT32 file systems and boot records.
- Describe the function and layout of: master boot records, partition tables and how they can be hidden and restored, and the NTFS Master File Table.
- Identify and describe the Windows registry keys that would be examined relevant to a computer forensics investigation.
- Forensically examine an image from a NTFS system.
- Recover deleted files and file fragments using both manual and automated methods.
- Conduct a forensic analysis involving email and other Internet activity.
- Forensically process thumb drives and memory sticks.
- Create a Curriculum Vita and properly document experience and education for work in the field of computer forensics.
- Analyze a code of ethics and conduct related to the information security and digital forensics professions.
- Identify standards of professionalism and ethical behavior for information security and digital forensics professionals, and apply these standards successfully to ethical dilemmas.
- Describe issues related to privacy and determine how to address them technically and ethically.
[Add to Personal Catalog]