COEN 252 Computer Forensics Syllabus
Procedures for identification, preservation, and extraction of electronic evidence. Auditing and investigation of network and host system intrusions, analysis and documentation of information gathered, and preparation of expert testimonial evidence. Forensic tools and resources for system administrators and information system security officers. Ethics, law, policy, and standards concerning digital evidence. (4 units)
The following are absolutely essential to take the course:
These are desirables:
You also might want to learn PERL. We will not use a lot of Perl in the class, but it is very useful. There are many books out there depending on how much you already know. For the experienced Perl programmer, I recommend Effective Perl Programming by Joseph N. Hall and Randal L. Schwartz (Addison-Wesley), but you might also try out the Perl Cookbook by Tom Christiansen, Nathan Torkington at O'Reilly. If you are starting out, Programming Perl, 3rd Edition by Larry Wall, Tom Christiansen, Jon Orwant at O'Reilly (the camel book) or Learning Perl, 3rd Edition: Making Easy Things Easy and Hard Things Possible by Randal L. Schwartz, Tom Phoenix,also O'Reilly(the Lama book) are good choices.
The Incident Response book covers material from weeks 2 - 10. The Coutner Hack text covers material in weeks 7 - 9. I recommend buying from an online bookstore after comparing prices. (S: List Price: $49.99, Barnes&Noble $39.99, Amazon $31.32, Best price (used) $22.57, TextbookX $30.72; MPP: List price: $49.99, Amazon: $31.49, Barnes&Noble $44.99, TextbookX: $34.30 (3/25/05))
|Datek||Week||Lecture Topic||Laboratory Activity|
|Week 1||Introduction. Nature of Forensics Evidence.
Ethical Issues. Email Tracing. Internet Fraud. URL Obscuring.
|Week 2||Evidence Collection. Legal Issues. Hard Drive Facts.||
Email Tracing. URL Obscuring.
|Week 3||FAT File Systems I. Hard Drive Imaging.||Ethics Case, Seizure Proceedings, Hard Drive Mirroring. Understanding MBR and BPB Evidence Search at Byte Level.Evidence Search with Forensics Tool.|
|Week 4||NTFS, UNIX UNIX File Systems II. Searching for Evidence on a Hard Drive I.||Creation of Forensics Boot Disks. Ethics case.|
|Week 5||FAT, NTFS, UNIX File Systems III. Searching for Evidence on a Hard Drive II.||IP Case|
|Week 6||Live Systems Investigations.||Emergency Assessment of a UNIX system.|
|Week 7||Network Protocols. Network Analysis.||Introduction to network scanning tools. Ethereal, TCPDump.|
|Week 8||Hacking I.||Network Scanning. Traffic Analysis. Snort.|
|Week 9||Hacking II. Organizational Security.||Denial of Service Attacks.|
|Week 10||Incidence Response Policies. Incidence Reporting. Forensics and Intrusion Detection Tools.||Network Vulnerability Tools.|
Students will be required to sign a promise to not put their knowledge acquired to illegal or inethical use. While this statement has little legal significance, it might come in handy in the penalty face of your criminal proceedings.
Student grades are based on
This class is subject to the School of Engineering's Honor code.
Disability Accommodation Policy: To request academic accommodations for a disability, students must contact Disability Resources located in the Drahmann Center in Benson, Room 214 (Tel.: 554-4111, TTY 554-5445). Students must provide documentation of a disability to Disability Resources prior to receiving accommodations.
You might also want to take the PERL courses offered by the Sun Academic Alliance. You can find instructions at ~tschwarz/ Homepage/ SunAcademicAllianceInstructions.htmlBibliography
|©2009 Thomas Schwarz, S.J., COEN, SCU||SCU||COEN||COEN152||T. Schwarz||These documents are not intended for dissemination beyond SCU. CAVEAT LECTOR|