PACE UNIVERSITY
|
COURSE TITLE: |
|
Computer and Internet Forensics |
|
COURSE NUMBER: |
|
IT 664 |
|
CREDIT HOURS: |
|
3 |
|
PREREQUISTES: |
|
|
|
TEXTBOOK(S): |
|
D. Denning. Information Warfare and Security.
Addison-Wesley, 1999 D. Schweitzer. Incident Response: Computer Forensics
Toolkit. Wiley Publishing, 2003. |
|
REFERENCES: |
|
A. Marcella and R. Greenfield (Eds.). Cyber-Forensics: A Field Manual for Collecting, Examining, and preserving Evidence of Computer Crimes. Auerbach Publications (CRC Press), 2002. E. Casey. Digital Evidence and Computer Crime: Forensic Science, Computers and the Internet. Academic Press, 2000. M. Britz. Computer Forensics and Cyber Crime: An Introduction. Pearson Education (Prentice Hall), 2004. I. Winkler. Spies Amongst Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don’t Even Know You Encounter Every Day. Wiley Publishers, 2005. Internet |
|
SEMESTER: |
|
|
Course Description: This course provides a general overview of the theory and application of information warfare and forensic computing. The background information on information warfare highlights the inherent problems in today’s computing environment and indicated the necessity of forensics to complement computer security. The course focuses on information warfare arsenal and tactics, defensive strategies, and causalities; network surveillance tools for information warfare; fundamentals of computer forensics; computer forensics services and technologies; search and seizure; data recovery and identification and digital evidence collection, duplication, and preservation; computer image verification and authentication; reconstruction of past events; legal issues; and advanced topics in forensics.
Learning Objectives
By the
end of this course, each student will have attained the following course
objectives:
A.
Students will
develop deep understanding of the concept and practices information warfare,
its arsenal and tactics, and the defensive strategies used.
B.
Students will
understand the concept of surveillance as a maintenance strategy, and the use
of surveillance techniques to secure a computing environment including the
inherent computer systems and networks.
C.
Students will
develop a very good knowledge of the basic concepts computer forensics as well
as its services and technologies.
D.
Students will
understand the protocols involve in the search and seizure of a suspected
computer or computer network; data recovery; identification, collection,
duplication, and preservation of digital evidence; verification and
authentication of a computer image, and the reconstruction of past events.
E.
Students will
understand the legal issues involve in computer and Internet security and
forensics.
F.
Student will
develop the knowledge and techniques needed to become better users of computers
and the Internet as well as develop the skills needed to become an effective
employee.
Learning Outcomes
The
subsequent course learning outcomes have a one-to-one correspondence with the preceding
course objectives:
A.
Students will be
able to
·
Compare and
contrast the offensive and the defensive players in information warfare
·
Identify at least
five leisurely and five criminal activities, respectively, that are conducted
on the Internet
·
Discuss the type
and extent of casualties that may result from offensive uses of the Internet
·
Explain the
difference between steganography and cryptography and discuss their combined
use relative to intrusion detection mechanisms
B.
Students will
demonstrate
·
familiar
knowledge of the operation of surveillance tools such as packet sniffers,
workplace monitoring technologies, and intrusion detection systems
C.
Students will be
able to
·
Explain the
process involve in the acquisition, authentication, and analysis of computer
evidence
·
Demonstrate where
information may hidden on the typical computer
·
Discuss the
significance of data mining
·
Compare and
contrast the different type of tools available to extract information from a
networked computer
D.
Students will
·
Clearly understand
the procedures involve in pre-search intelligence and preparation, and search
briefing
·
Demonstrate basic
understanding of the principles of computer-based evidence.
·
Have intimate
knowledge of the type of items that are taken in a computer or network search
and seizure operation and the methods used to store and transport these items
·
Explain what is
entailed in the external and internal examination of a computing system
·
Compare and
contrast copying and imaging
E.
Students will
demonstrate
·
Clear understanding
of cyber-banking and the potential risks
·
Basic knowledge
of such laws as those that affect data communications and Internet,
intellectual property, consumer fraud, and contract formation
F.
Students will
demonstrate
·
Responsible
computer use on an unsecured network
·
An ability to be
an effective team member
·
An ability to
effectively communicate the results of a project in a technical report
|
Course
Number |
Midterm
Examination Date |
Final
Examination Date |
|
23029 |
|
|
Procedures, Guidelines, and Expectations:
1.
‘Knowing’ has shifted from being able to remember and
repeat information to being able to find and use it (Noble Laureate Herbert Simon).
2.
‘Usable knowledge’ is not the same as a mere list of
disconnected facts. Experts’ knowledge is connected and organized around
important concepts; it is ‘conditionalized to specify the contexts in which it
is applicable; it supports understanding and transfer (to other contexts)
rather than only the ability to remember
… Since understanding is viewed as
important, people must learn to recognize when they understand and when they
need more information (How people learn – Bransford et al).
3.
The central focus
of the course is active learning, understanding, and the manipulation of
information. To accomplish these tasks, your cooperation, collaboration, and
active participation are strongly encouraged.
4.
The teaching strategy will be a form of
Just-in-Time teaching and inquiry.
5.
The evaluation of
your performance in the course will be based on your active participation in
your team and in the class as evidenced by you and your team’s thoughtful
responses to discussion questions, team project, and individual midterm and
final examinations. The midterm and final examinations will be research-based
reports or short answers.
6.
The technical
report should conform to The Chicago Manual of Style, 15h edition (http://www.chicagomanualofstyle.org/tools.html).
7.
CSIS student
responsibilities guideline will be posted in Blackboard’s Course Information
section. You are encouraged to download and read and become familiarized with
the contents.
8.
Links to computer
and Internet forensics websites will be made available through Blackboard’s
External Links.
9.
The course will
have a team-based focus. Membership to a team is optional. The typical team
will consist of three to four students. Because team membership is optional, a
team of one person is possible. Each team will engage in two levels of thoughtful
discussions – one within team where team members exchange ideas with each other
on the discussion questions and on other teams’ responses to reach a consensus
on the team’s responses to each discussion question. The second level of
response involves the team responding to three other teams’ responses to the
discussion questions. The team number must be used to identify each team
response to a discussion question and a response should be time stamped.
10.
To avoid the
spread of malware, spyware, and viruses, etc., it is recommended that each
student use an adequately computer system for his or her work.
11.
You are strongly
encouraged to the Blackboard’s Digital Dropbox to submit assignments (such as
midterm exam, final exam, project/report, etc) and general questions about the
class. Assignments and general questions about the class will not be collected
or addressed via email unless you are specifically given instructions to do an
email submission. However, if you have personal questions that you consider private,
you may send a personal email.
12.
Computer and
Internet Forensics is a relatively new and evolving field that is currently
more application oriented. The theory is still being developed.
13.
You are
encouraged to get some or all of the suggested references depending on your
motivation to develop an in-depth understanding of the topic. The Internet is
an excellent source for information on computer and Internet forensics.
14.
Computer and
Internet forensics is sometimes forensic computing.
15.
Class attendance
will be monitored through the within team collaboration and exchange of ideas
among teammates.
16.
Each of you is
expected to log onto the Blackboard course site at least two or three times per
week to keep current with the class assignments and expectations. You should
expect to spend between six and eight hours per week on course work.
17.
From time to
time, you will be updated with assignments, reminders, recommendations, and
other course related information.
Professor:
|
|
Dr. A. Joseph
|
Office:
|
|
|
|
Telephone: |
|
212 346 1492 |
|
Email: |
|
|
|
Office Hours: |
|
Wednesdays: |
Final examination:
|
|
30%
|
|
Mid-term examination: |
|
25% |
|
Homework: |
|
|
|
Class and group preparation
and participation: |
|
25% |
|
Projects/Reports |
|
20% |
|
|
|
|
|
Extra credit assignment
(Optional): Note: Only for students who are otherwise
fulfilling all of the other course requirements. |
|
5% |
Above 92%
|
|
A
|
|
90% -- 92% |
|
A- |
|
85% -- 89% |
|
B+ |
|
80% -- 84% |
|
B |
|
75% -- 79% |
|
B- |
|
70% --74% |
|
C+ |
|
65% -- 69% |
|
C |
|
Below 65% |
|
F |
|
Note: Grade is computed to the
nearest whole number. |
||
|
WEEK |
TOPICS AND ASSIGNMENTS
|
|
|
|
|
1-2 |
Information warfare arsenal
and tactics: offensive and defensive players (military and civilian); play
and crime; individual rights; open sources and competitive intelligence;
national security; and casualties (civilian and non-civilian). Assignment: to be assigned. |
|
|
|
|
3-4 |
Defensive strategies:
cryptography; steganography; anonymity; sanitization; trash disposal;
shielding; authentication techniques including watermarking; access controls;
filters; intrusion and misuse detection; and security awareness and training Assignment: to be assigned. |
|
|
|
|
5 |
Environment and network surveillance tools: packet sniffers; keystroke monitoring; workplace monitoring technologies; virus and spyware scanners; and data analysis tools. Assignment: to be assigned. |
|
|
|
|
6 |
Fundamentals of computer
forensics: acquisition, authentication, and analysis of evidence; computer
illusionary characteristics; IT personnel; Internet; overlooked sources of
evidence; and data mining. Assignment: to be assigned. |
|
|
|
|
7 |
Midterm exam. |
|
|
|
|
8 |
Computer forensics services
and technologies: hard-drive tools; file viewers; net threat analyzer;
unerase tools; CD-R utilities; drive imaging programs; disk wiping; forensic
programs; and hardware. Assignment: to be assigned. |
|
|
|
|
9-10 |
Search and seizure:
recovery of loss or hidden data; principles of computer-based evidence;
pre-search intelligence; pre-search preparation; search briefing; search
scene; operating dilemma; switched off and switched on computing systems;
servers’ shutdown procedures; items taken in a seizure; and transport and
storage of IT systems. Assignment: to be assigned. |
|
|
|
|
10-11 |
Data recovery and
identification and digital evidence collection, duplication, and
preservation: initial computer examination; reception of computing device;
static electricity and electrical safety; external and internal examination;
imaging and copying. Assignment: to be assigned. |
|
|
|
|
11-12 |
Computer image verification
and authentication, and Reconstruction of past events. Assignment: to be assigned. |
|
|
|
|
12-13 |
Legal issues and advances
in forensics: Internet law; Intellectual property; communication law; tort
law, consumer fraud statutory violations; constitutional issues; contract
formation; cyber-banking; International law; procedural law. Assignment: to be assigned. |
|
|
|
|
|
|
|
13 |
Review for final examination |
|
|
|
|
|
|
|
14 |
Final exam. |
Creativity
and entrepreneurial innovation
Creativity is
the ability to develop new ideas and to discover new ways to of looking at
problems and opportunities
Entrepreneurial
innovation is the ability to apply creative solutions amidst risk and
uncertainty to those problems and opportunities that enhance or to enrich
people’s while achieving success, growth, and profit.
Teamwork
The class will be team-based. However, team membership
is voluntary. The teams of three or four students will be formed to prepare and
submit response to class discussion questions and to work on a
project/technical report. The project may be assigned or self-selected with the
professor’s approval.