COEN 252
Lecture Notes

Lecture Notes are exactly that: notes by the lecturer for the lecture. These notes are not publications and are not meant to replace the lectures. There purpose is to allow students a quick reference of the material covered for the purpose of preparing for class. Because of the enormeous amount of work it takes to put this course together, much material is being reused. In general, the slides are up to date. Go here to access notes from the graduate course taught last year.

Introduction Introduction (1) Introduction to Computer Forensics (1)
Ethics Introduction to Applied Ethics (3) Ethics Presentation (3)
Legal Issues Legal Issues (1)
Procedures for Collecting Evidence (2)

Legal Issues Presentation (1)
Coll. Evid. Pre. (2)

Internet Investigations (1) Email and Email Tracing (1) Email Tracing (1) Email Tracing Examples (1)
Email Investigation (1) Internet Investigation (1)
URL Obscuring (1) URL Obscuring (1)
Gaining System Access Password Cracking (2) Password Cracking(2)
Principles of Evidence Search
on a Hard Drive
Evidence Collection on a Hard Drive (2) HD Evidence Presentation (2)
Hard Drive Duplication(2), Chapt. 7, MPP Forensic Duplication (2)
Hard Drive Geometry (2) HD Geom Presentation (2)
Hard Drive Partioning &FAT File System (3) Partitioning and FAT File System Pres. (3)
Master Boot Record Example (4) Master Boot Record and NTFS Example. (3)
RAID Acquisition(7)
File Systems
and Search for Evidence
on a Hard Drive
FAT (3) Partitioning and FAT File System Pres. (3)
FAT Example (3) FAT Example Pres. (3)
NTFS File System (4) NTFS Pres. (4)
NTFS Example (4) NTFS Example Pres. (4)
UNIX File Systems (5) UNIX Filesystems (5)
Journaling File Systems (5)
Registry (6)
Internet Explorer Files (6)
Apple Partition Table (7)
BSD Partitions (7)
NTFS MFT Example(6)
Hard Drive Analysis Chapter 11, Mandia, Prosise, Pepe. (3) Data Analysis Technique Pres. (3)
Chapter 12, Mandia, Prosise, Pepe. (3) Unix Cases (5)
Review: Forensic Process for Hard Drive Analysis (3)
Live System Investigation Chapter 5, Mandia, Prosise, Pepe (6) Windows Life Analysis Pres. (4)
Chapter 6, Mandia, Prosise, Pepe (6) Unix Life Analysis Pres. (6)
Windows Life System Investigation (6)  
Collecting Network-Based Evidence Chapter 8, Mandia, Prosise, Pepe (7) Collecting Network-Based Evidence
Network Protocols Network Protocols (7) Network Protocols Pre. (7)
Network Analysis with TCPDump (8) Network Analysis with TCPDump (8)
Chapter 14, Mandia, Prosise, Pepe (7)  
Snort User Manual (8) Analysis with SNORT (8)
Network Attacks Skoudis (7) Hacking Overview Pres. (7)
Buffer Overflow(7) Standard Vulnerabilities (8)
  See also Network Protocols Pre.
  Viruses, Worms, Malicious Mobile Code, Trojans, Rootkits
Network Intrusion Detection Wu, Wong: Remote Sniffer Detection AbdelallahEljadj & al. Sniffer Wall (8)

Remote Sniffer Detection (9)

  Intrusion Detection Systems (9)
Chapter 16, Mandia, Prosise, Pepe (10) Router Investigation (9)
Incident Response Incident Response (10)
Malware Analysis Chapter 15, Mandia, Prosise, Pepe (10) Malware Analysis (10)
Forensic Reporting Chapter 17, Mandia, Prosise, Pepe (10) Forensic Reporting (10)

Numbers in parentheses refer to the week of the lecture.


2007 Thomas Schwarz, S.J., COEN, SCU SCU COEN COEN252 T. Schwarz
These documents are not intended for dissemination beyond SCU.        CAVEAT LECTOR