Syllabus - Introduction to Computer Forensics
| Instructor: | Kari Wood, Ph.D. CCE (Certified Computer Examiner) |
| Office: | Decker Hall 26 |
| Phone: | 218-556-4054 |
| E-Mail: | kwood@bemidjistate.edu |
Textbooks: To Be Announced
Web Site for Textbook and Log on:
http://onlinelearning.bemidjistate.edu (Once you’ve activated the site, you will need to put in your username and password to gain access to the course site.)
Hardware, Software, & Supplies: Windows-based machine capable of running the FTK, Ghost, & Wiper (Windows 98 Machines & Windows XP Machines A MUST!!!) See Dual System Requirements sheet
Training Description: In this 4 week online Training Session, individuals will learn the fundamental principles and concepts in computer forensics. The topics include: the differing data file structures, the procedure of discovering and preserving evidence, and methods of searching and retrieving evidence using software tools. Related legal procedures and reports are also discussed briefly. Participants will conduct a minimum of 1 hands-on practice Case during the training session. Once completed, this training session should allow a basic understanding of the process, policies, and software needs to conduct a computer forensics analysis.
Training Objectives:
This course will enable an individual to:
- understand basic hardware components and the process in which to collect untainted copies of computer file evidence,
- understand the technical components of searching and retrieving evidence using software tools such as DataLifter, Diskedit, FTK and PRTK,
- understand the report responsibilities and process required for effective legal procedures, and
- perform a practice hands-on computer forensics examination for overall understanding.
Tentative Itinerary
Week 1:
1. Introduction to computer forensic Basics
- file storage systems
- terminology
- legal process etc
- *Assignment 1
Week 2:
2. Software & Hardware Familiarization-
- Write-blockers
- DUAL boot system -Windows 98 vs. Windows XP
- Diskedit, Freesecs, DataLifter, FTK, PRTK
- Forensics Analysis Machine Example
- *Assignment 2
Week 3:
3. Hands-on examination of a Floppy Disk
- Hash and copy evidence Disk
- Use of Diskedit
- Recover deleted files etc.
- Write practice Report
- *Assignment 3
Week 4:
4. Hands-on examination of a hard drive image
- Hash and copy of drive image
- Use of FTK
- Use of PRTK to break passwords
- Write practice Report
- *Assignment 4