Introduction to Computer ForensicsCST 267
Prerequisite: CST 266. Provides a comprehensive understanding of computer forensics and electronic discovery along with associated investigation tools and techniques. Explores computer forensic theory and focuses various forensic skills used in the Information Security profession. (45-0)
Outcomes and Objectives
Describe computer forensics.
- Examine the fundamental concepts of computer forensics and why it is not strictly a technology based pursuit.
- Study real world examples of how computer forensics is integral in investigating computer security related allegations, theft of trade secrets and embezzlement.
- Understand chain of custody.
- Discuss ways to collect evidence.
- Identify methods of evidence preservation.
- Identify the risks involved in using an improperly trained computer forensics examiner.
- Examine hardware and software concepts critical to the foundations of computer forensics.
Demonstrate knowledge of High Performance Computing operating systems and boot structure.
- Collect free space on the storage media and analyze it for signatures that would indicate data.
- Use forensic toolkits to collect and examine data under various different operating systems environment.
- Discuss digital similarities and differences of various operating systems (i.e. DOS, Windows, UNIX and Linux).
Demonstrate knowledge concerning investigating computer crime incidents.
- Gain proficiency in the examination and preservation of info security evidence.
- Secure compromised machines and related data.
- Preserve and analyze evidence and consider cross border jurisdiction in international investigations.
Think critically and access, analyze and use information including using current Internet programming technology: formulate a question or need, develop a strategy to meet that question or need to solve a technical problem.
- Generate, assess and validate solutions to a security problem involving web or network access.
- Develop and question alternative formulations of a security problem involving web or network access.
- Search and access information via the Internet.
- Evaluate information or data for quality, validity and bias to determine if it is objective and reliable.
- Question assumptions, data and formulations of problems and proposed answers.
Think critically and access, analyze and use information including using current Internet programming technology: interpret technical statements, texts, theories, problems, symbols and observations.
- Clarify and analyze the meanings of technical words, phrases and statements.
- Learn the meanings of terms and acronyms used with information security and ways to use them.
- Generate and collect relevant observable or measurable information or data using intrusion detection software and hardware.
- Organize and present information or data in written form.
Describe concepts of Computer Security.
- Discuss security threats.
- Describe the goals of information security: integrity, confidentiality and availability.
- Discuss ramifications involved in information security, like cost and technology barriers.
- Discuss evolving federal rules relative to information protection, identity theft, and other computer-based crimes.
Demonstrate applied principles of managing security measures for investigating security problems.
- Solve problems in computer forensics investigations within the computing environment.
- Identify and disable nonessential services.
- Identify and disable nonessential protocols.
- Identify and disable nonessential programs.
- Identify and disable nonessential utilities.
- Identify and disable nonessential processes.
- Compare and contrast security on network media.
- Compare and contrast security on storage media.
Describe various computer security risks and remedies.
- Identify and discuss security zones.
- Create incident responses.
- Create security priorities profiles.
- Transfer forensic audit procedures to protect corporate or educational assets
Describe the need for proper documentation.
- Determine standards and guidelines.
- Identify system architecture.
- Keep logs and inventories.
- Develop change control procedure.
- Identify methods of documentation retention and storage.
- Identify methods of destroying old documentation.
Discuss the advantages and disadvantages of cryptography.
- Discuss integrity and confidentiality.
- Discuss digital signatures.
- Discuss norepudiation.
Demonstrate the vulnerabilities associated with computer and data security.
- Discuss ethics of computer security and data mining.
- Identify and use tools to create digital signatures.
- Recognize and demonstrate different types of attacks associated with network use (i.e. back door attacks, spoofing attacks, TCP/IP hijacking, etc)
Demonstrate knowledge of current forensics tools
- Use various tools to test system integrity.
- Use tools to track digital signatures.
- Use computer forensics security configuration utilities to perform practical tasks for investigating High Performance Computing operations
- Load and run software products as resources for identifying inappropriate cluster use.
Demonstrate basic fundamentals of High Performance Computing security investigation concepts.
- Use professionally accepted investigative methods of using digital evidence control components.
- Use cyber forensics security methodology to solve computer crimes.
- Produce documentation of successful info security investigations.
- Create and verify forensically sterile examination media and boot diskettes.
- Find and recover deleted, formatted, hidden and lost data, access e-mail, cache and other internet related files.
- Unlock passwords, convert data formats and analyze data to conclude examinations.