CS 449 Digital Forensics

The course would introduce concepts and tools of digital forensics. The topics include introduction to investigator’s tools, data acquisition methods, processing crime and incident scenes, working with Windows and Linux systems, recovering graphics files, forensic analysis and validation, forensics of virtual machines, networks and emails. Prerequisite: CS 341 with a minimum grade of “C” and CS 330 with a minimum grade of “C”.  Only offered in the Spring.

Upon completion of this course student should be able to:

1. Describe how to prepare a digital forensics investigation by taking a systematic approach.
2. Explain requirements for data recovery workstations and software.
3. Explain ways to determine the best acquisition method and how to use acquisition tools.
4. Describe how to secure a computer incident or crime scene.
5. Explain guidelines for seizing digital evidence at the scene.
6. Explain how to locate and recover graphics files.
7. Determine what data to analyze in a digital forensics investigation.
8. Discuss the rules, laws, policies, and procedures that affect digital forensics.
9. Use one or more common DF tools, such as EnCase, FTK, ProDiscover, Xways, SleuthKit.