Embedded Files
Course Description:
According to the Internet Crimes Complaint Center Annual Report, in 2011, there were over 300,000 incidents reported to the organization, with a total of $485.3 million dollars directly lost. In a report released by Symantec, the total cost of cybercrime dollars (meaning direct theft, loss due to services disruption, and funds to prevent crime) in 2010 was $388 million, and 73% of adults in the US have experienced some sort of cybercrime in their lifetime. Perhaps more staggering is that because of the reluctance of many organizations to either not report or write off losses due to the impact on reputation, some experts place the cost of cybercrime at over one trillion dollars per year. These staggering figures would have this criminal category eclipse the international drug trade.
While measures in information protection can mitigate the risk to individuals and business, society is not yet at the point where understanding in the virtual domain has translated to preventative action; in essence, people don’t yet realize that cyber security equates to the same guards, guns, and walls used to protect other valued resources. Because of this, crime will continue (and probably increase), and therefore it will be necessary for information security professionals to have the knowledge and skills to properly investigate and assist in the prosecution of cybercrime.
Computer forensics involves the preservation, identification, extraction and documentation of computer evidence stored on a computer. This course takes a technical, legal and practical approach to the study and practice of computer forensics. Topics include: the legal and ethical implications of computer forensics; forensic duplication and data recovery; cryptography; types of attacks; steganography; network forensics and surveillance; and tools and techniques for investigating computer intrusions.
This course is intended for first year graduate students with the following qualification: typically coming out of computer science, mathematics, computer engineering, or informatics; it is helpful to have a working understanding of number theory and some programming facility.
This class will be primary individual study, with weekly assigned readings, seven homework assignments, one quiz, one project, a midterm and a final. The course will also have twelve laboratory assignments which will be separate from the lecture period and performed outside of the class time. Each lab assignment will take approximately four to eight hours to complete. Students may work in teams on the lab assignments and on the semester project.
Objectives:
The nature of digital forensics lends itself to a more applied understanding and concept demonstration than some purely theoretically-based course. Therefore, students are expected to not only understand the principles involved in forensic analysis and investigation, but upon leaving the course, be able to apply these in practice. A summary outline of objectives includes:
1. Demonstrate an understanding of legal and ethical implications of computer forensics analysis.
2. Demonstrate an understanding of chain of custody.
3. Demonstrate an understanding of a broad range of attacks on computer systems to include:
a. Malicious code
i. Worms
ii. Viruses
iii. Trojan horses
iv. Buffer overflow
b. Network attacks
i. Denial-of-service
ii. Vulnerability scanning
4. Demonstrate how to trace email
5. Demonstrate a network surveillance
a. Demonstrate a legal trap and trace
b. Demonstrate installing a packet sniffer for full blown network surveillance
c. Demonstrate recovering information
6. Demonstrate encryption and hashing and how it is used in the forensic process
7. Demonstrate an understanding of steganography, how to use steganographic tools to hide data as well as determine whether data is hidden in various forms of media.
8. Demonstrate an understanding of how malicious code works, how to detect it, and how to defend against it (during the forensics process).
9. Demonstrate the process of a forensic analysis of a Windows-based system.
a. Log analysis
b. Live vs. Dead systems
c. Running process analysis
10. Demonstrate the process of a forensic analysis of a UNIX/Linux-based system.
a. Log analysis
b. Live vs. Dead systems
c. Running process analysis
11. Demonstrate the ability to interpret various log files for various types of attacks.
Page updated
Report abuse