COEN 252 Computer Forensics Syllabus

Course Description

Procedures for identification, preservation, and extraction of electronic evidence. Auditing and investigation of network and host system intrusions, analysis and documentation of information gathered, and preparation of expert testimonial evidence. Forensic tools and resources for system administrators and information system security officers. Ethics, law, policy, and standards concerning digital evidence. (4 units)


The following are absolutely essential to take the course:

These are desirables:

Course Text Books


WeekLecture TopicLaboratory Activity
Week 1 Introduction. Nature of Forensics Evidence. Ethical Issues Legal Issues I. Ethics Case, Seizure Proceedings
Week 2 Evidence Collection. Email Tracing. Internet Fraud. Email Trace. URL Obscuring. Password Cracking.
Week 3 Legal Issues II. Hard Drive Facts. FAT File Systems I. Hard Drive Imaging. Hard Drive Mirroring. Understanding MBR and BPB
Week 4 NTFS, UNIX UNIX File Systems II. Searching for Evidence on a Hard Drive I. Evidence Search at Byte Level.
Week 5 FAT, NTFS, UNIX File Systems III. Searching for Evidence on a Hard Drive II. Evidence Search with Forensics Tool.
Week 6 Live Systems Investigations. Creation of Forensics Boot Disks. Emergency Assessment of a UNIX system.
Week 7Network Protocols. Network Analysis. Introduction to network scanning tools. Ethereal, TCPDump.
Week 8 Hacking I. Network Scanning. Traffic Analysis. Snort.
Week 9 Hacking II. Organizational Security. Denial of Service Attacks.
Week 10 Incidence Response Policies. Incidence Reporting. Forensics and Intrusion Detection Tools. Network Vulnerability Tools.
*Tentative: Check for updates.

A typical class will consists of lectures, followed by a laboratory exercise. Students will be required to sign a promise to not put their knowledge acquired to illegal or inethical use. While this statement has little legal significance, it might come in handy in the penalty face of your criminal proceedings.


Student grades are based on

Disability Accomodation Policy: To request academic accommodations for a disability, students must contact Disability Resources located in the Drahmann Center in Benson, Room 214 (Tel.: 554-4111, TTY 554-5445). Students must provide documentation of a disability to Disability Resources prior to receiving accommodations.

2003 Thomas Schwarz, S.J., COEN, SCU SCU COEN COEN252 T. Schwarz
These documents are not intended for dissemination beyond SCU.        CAVEAT LECTOR