Professional Documents
Culture Documents
1-Reference Material I Cse4004 Digital-Forensics Eth 1.1 47 Cse4004
1-Reference Material I Cse4004 Digital-Forensics Eth 1.1 47 Cse4004
1-Reference Material I Cse4004 Digital-Forensics Eth 1.1 47 Cse4004
v.1.1
Objectives To learn about examination, preventing and fighting digital crimes
To learn about data acquisition and storing digital evidence
To explore operating system file structure and file system
To understand mobile device forensics and acquisition procedures
Expected After successfully completing the course the student should be able to
Outcome 1. Describe the role of a Computer forensics profession for investigation
2. Describe the legal requirements for use of seized data
3. Process crime and Incident scenes
4. Recover data’s in windows environment
5. Perform Investigation on emails
6. Explore current computer forensics hardware and software tools.
7. Discuss the challenges associated with mobile device forensics
Module Topics LHrs SLO
1 Computer Forensics and Investigation -Understanding 6 2
computer forensics, Preparing for Computer Investigations,
Corporate High Tech Investigation
2 Data Acquisition and Recovery – Storage formats, Using 6 4
acquisition tools, Data Recovery: RAID Data acquisition
3 Processing Crime and Incident Scene – Identifying and 9 9
collecting evidence, Preparation for search, Seizing and Storing
Digital evidence
4 Computer Forensics tools (Encase) and Windows Operating 9 9
System – Understanding file structure and file system, NTFS
disks, Disk Encryption and Registry Manipulation. Computer
Forensics software and hardware tools
5 Computer Forensics Analysis and Validation: Data collection 7 2
and analysis, validation of forensics data, Addressing – data
hiding technique
6 Email Investigation and Mobile device Forensics- 6 9
Investigation e-mail crimes and Violations, Using specialized E-
mail forensics tools. Understanding mobile device forensics and
Acquisition procedures.
7 Role of Digital Forensics in Real time applications – 2 5
SANS SIFT Investigative tool, PRO Discover Basic, Voltality,
Sleuth Kit, CAINE investigative environment
8 Industry Trends
Text Books:
1. Bill Nelson, Amelia Philips, Christopher Steuart, “ Guide to Computer Forensics and
Investigations”, Fourth Edition, Cengage Learning,2016
References:
1. David Lilburn Watson, Andrew Jones, “Digital Forensics Processing and Procedures”,
Syngress,2013.
2. Cory Altheide, Harlan Carvey, “Digital Forensics with Open Source Tools”, British
Library Cataloguing-in-Publication Data,2011.
3. Greg Gogolin,“Digital Forensics Explained”,CRC Press,2013.
Forensic Tower
To activate Parallel Forensic Technology, the lab must have a centralized Forensic Tower which
provides data duplication, parallel analysis, operating systems emulation and integration with
some forensic analysis software. The forensic tower is a very rich asset in the forensic lab. For
example, it is write blocked by default which makes it an all-in-one solution.
Forensic Toolkit
It is a comprehensive mobile toolkit which contains everything needed to perform a complete
Forensic Acquisition such as Write Blockers, wipers, Hard Drive Duplicators, Power Adapters,
imaging hardware… etc.The computer forensic examiner needs a hardware write blocker to
avoid any altering in the main evidence. The write blocker has many connection types such as
USB, FireWire, SATA and IDE.
Data Recovery
In Forensic labs, it is preferred to have hardware for data recovery which can fix the bad sectors
that were partially corrupted and cannot be imaged through normal software. It can bypass the
operating system or the bios if it tries to prevent you from imaging the corrupted data thus you
will reduce the time and effort when using Data Recovery Hardware.
Wipers
If you need to use the same hard disk in another forensic case you must wipe the data using
wipers (Software or Hardware) to erase the all data from hard disk media.
Spare Parts
The forensic lab must have spare RAM, network cards, hard disks, CD/DVD writers, removable
memory and different types of cables.
Lab Environment :Fully patched operating system such as Windows7/8/10 with virtual
machines installed in it.
Lab Exercises (Indicative List)
Digital Forensics
Knowledge Areas that contain topics and learning outcomes covered in the course
[List the Knowledge Units covered in whole or in part in the course. If in part, please indicate
which topics and/or learning outcomes are covered. For those not covered, you might want to
indicate whether they are covered in another course or not covered in your curriculum at all.
This section will likely be the most time-consuming to complete, but is the most valuable for
educators planning to adopt the CS2013 guidelines.]
CS: IAS/ IAS/ Web Security Email Investigation and Mobile device 5
Forensics- Investigation e-mail crimes
CS:PBD PBD/Mobile Platform and Violations, Using specialized E-
mail forensics tools. Understanding
mobile device forensics and Acquisition
procedures.
Total hours 45
This course is a
Elective Course
Suitable from 5th semester onwards.
Knowledge of any one programming language is recommended
What is covered in the course?
Module 1: Computer Forensics and Investigation
Introduces you to the history of computer forensics and explains how the use of electronic
evidence developed. It also introduces legal issues and compares public and private sector cases.
Explains how to prepare to acquire data from a suspect’s drive and discusses available
command-line and GUI acquisition tools. It also discusses acquiring data from RAID systems
and gives you an overview of tools for remote acquisitions.
Explains search warrants and the nature of a typical computer forensics case. It discusses when
to use outside professionals, how to assemble a team, and how to evaluate a case and explains
proper procedures for searching and seizing evidence.
Discusses the most common operating systems. You learn what happens and what files are
altered during computer startup and how each system deals with deleted and slack space.
Explores current computer forensics software and hardware tools, including those that might not
be readily available, and evaluates their strengths and weaknesses.
Covers determining what data to collect and analyze and refining investigation plans. It also
explains validation with hex editors and forensics software, data-hiding techniques, and
techniques for remote acquisitions.
Covers e-mail and Internet fundamentals and examines e-mail crimes and violations. It also
reviews some specialized e-mail forensics tools. It also covers investigation techniques and
acquisition procedures for recovering data from mobile devices and provides guidance on
dealing with these constantly changing technologies
Additional weight age will be given based on their rank in crowd sourced projects/
Kaggle like competitions
Students can earn additional weightage based on certificate of completion of a related
MOOC course.
3 Computer Familiarity 1
Forensics software and
hardware tools
2 Computer Forensics Familiarity 1 Lab Component
Analysis and Validation:
Data collection and
analysis
3 Validation of forensics Usage 1
data
2 Addressing – data hiding Familiarity 1 Lab Component
technique
2 Email Investigation and Usage 1 Lab Component
Mobile device Forensics-
Investigation e-mail
crimes and Violations,
Using specialized E-mail
forensics tools..
2 Understanding mobile Usage 1
device forensics
2 Acquisition procedures Familiarity 1 Lab Component
2 Recent Trends Usage 1