(502807-3) Digital and Computer Forensics

Homepage and Syllabus

Disclaimer

This is the best information available as of today, Sunday October 18, 2020 at 4:50 p.m. KSA time. Changes will appear in this web page as the course progresses.

Meeting time and place

  • Section 4841: Friday/Saturday 5:00 p.m. - 8:00 p.m.
  • Due to COVID 19 pandemic, these classes will be conducted remotely and online via blackboard until further notice.

Instructor: Dr. Emad Alsuwat

Course Homepage: https://emadalsuwat.github.io/computerforensics-Fall2020.html
Office: W101 CIT
Office hours: Due to the COVID-19 pandemic restrictions, there will be no in-person office hours. Please email me if you have any question. If necessary, I will arrange a phone call or a virtual meeting
Phone: NA
Email: Alsuwat@tu.edu.sa

Course Overview

Computer Forensics course presents principles and techniques of conducting computing investigations. Topics include: Forensics Fundamentals, forensic investigation on both Unix/Linux and Windows systems with different file systems, current computer forensics tools, digital evidence controls, network forensics, processing crime and incident scenes, data acquisition, forensic procedures and review and analyze forensics reports.

Learning Outcomes

By the end of the course, students will be able to:
  • Understand the application of Computer Forensics
  • Learn how to collect and analyze computer forensic evidence
  • Use the essential tools and methodology of Computer Forensics

Textbook

  • Required: Bill Nelson, Amelia Phillips, and Christopher Steuart, Guide to Computer Forensics and Investigations, 5th edition, Course Technology Press, Boston, MA, United States.

Examinations

  • First Midterm: October 24, 2020 - From 6:30 p.m. to 7:30 p.m.
  • Second Midterm: TBD
  • Final Exam: TBD

Grading

  • First Midterm: 15%
  • Second Midterm: 15%
  • Homework Assignments: 15%
  • Lab: 10%
  • Participation and Quizzes: 5%
  • Final Exam: 40%

Topics to be covered

Below are roughly the sections of the CLRS book that I will cover. I may de-emphasize some topics and add others, but this is basically the list.

Topic Text Reference
Understanding the Digital Forensics Profession and Investigations. Chapter 1
The Investigator's Office and Laboratory. Chapter 2
Data Acquisition. Chapter 3
Processing Crime and Incident Scenes. Chapter 4
Working with Windows and CLI Systems. Chapter 5
Current Digital Forensics Tools. Chapter 6
Linux and Macintosh File Systems. Chapter 7
Recovering Graphics Files. Chapter 8
Digital Forensics Analysis and Validation. Chapter 9
Virtual Machine Forensics, Live Acquisitions and Network Forensics. Chapter 10
Email and Social Media Investigations. Chapter 11
Mobile Device Forensics. Chapter 12
Cloud Forensics. Chapter 13
Report Writing for High-Tech Investigations. Chapter 14
Expert Testimony in Digital Investigations. Chapter 15
Ethics for the Expert Witness. Chapter 16

Lecture Notes and Homework Assignments

Note that changes to the table below will appear week by week as the course progresses

Week Topic Slides Assignment Due Date
Week 1 Syllabus Week + Introduction Chapter 1 - -
Week 2 Understanding the Digital Forensics Profession and Investigations.
Required Reading: Textbook Chapter 1 		Chapter 1 Homework 1
Project 1 		Sept 24, 2020
Oct 1, 2020
Week 3 The Investigator's Office and Laboratory.
Required Reading: Textbook Chapter 2		 Chapter 2 Homework 2 Oct 14, 2020
Week 4 Data Acquisition.
Required Reading: Textbook Chapter 3		 Chapter 3 Homework 3 Oct 17, 2020
Week 5 Processing Crime and Incident Scenes.
Required Reading: Textbook Chapter 4		 Chapter 4 Homework 4 Oct 20, 2020
Week 6 Working with Windows and CLI Systems.
Optional Reading: Textbook Chapter 5
Current Digital Forensics Tools.
Required Reading: Textbook Chapter 6 		Chapter 5
Chapter 6 		Homework 5 Oct 22, 2020
Week 7 Linux and Macintosh File Systems.
Optional Reading: Textbook Chapter 7
Recovering Graphics Files.
Required Reading: Textbook Chapter 8 		Chapter 7
Chapter 8 		Homework 6 Nov 6, 2020
Week 8 First Midterm Exam
The Exam will cover textbook chapters 1, 2, 3, 4, and 6
Date: Oct 24, 2020 		- - -
Week 9 Digital Forensics Analysis and Validation.
Required Reading: Textbook Chapter 9
Virtual Machine Forensics, Live Acquisitions and Network Forensics.
Optional Reading: Textbook Chapter 10 		Chapter 9
Chapter 10
Week 10 Email and Social Media Investigations.
Required Reading: Textbook Chapter 11
Mobile Device Forensics.
Required Reading: Textbook Chapter 12 		Chapter 11
Chapter 12
Week 11 Cloud Forensics.
Required Reading: Textbook Chapter 13 		Chapter 13
Week 12 Second Midterm Exam
The Exam will cover textbook chapters 8, 9, 11, and 12
Week 13 Report Writing for High-Tech Investigations.
Required Reading: Textbook Chapter 14 		Chapter 14
Week 14 Expert Testimony in Digital Investigations.
Required Reading: Textbook Chapter 15
Ethics for the Expert Witness.
Optional Reading: Textbook Chapter 16 		Chapter 15
Chapter 16