Dec 22, 2024  
2014-2015 Official General Catalog 
    
2014-2015 Official General Catalog [Archived Catalog]

CST 242 - Computer Forensics II


The second course in computer forensics takes the student deep into Windows and Linux.  The student is introduced to many tools used to gather and analyze digital evidence.  Critical skills are developed, including such data analysis methods as string searches, machine-code disassembly, log file analysis, data and file recovery, and both static and dynamic code analysis.  Evidence from computers, networks, and routers are all captured and analyzed.  Real-world examples, as well as hands-on activities, reinforce the material and concepts.

Prerequisite- Corequisite
Prerequisite:  CST 212 Computer Forensics I

Credits: 3
Hours
2 Class Hours, 2 Laboratory Hours
Course Profile
Course Objectives:

1.  Examine the details of several common storage media and technologies, including floppy disks and hard disks, and the FAT and NTFS file systems.
2.  Engage in data analysis methods including log file analysis, string searches, protocol and code disassembly.
3.  Explore investigative techniques for locating evidence in different operating systems and routers.

 

Learning Outcomes of the Course:

Upon successful completion of this course the student will be able to:

1.  Describe the hardware fundamentals of computer storage, as in the operation of IDE and SCSI drives.
2.  Describe the software fundamentals of computer storage, as in the operation of the FAT and NTFS file systems.
3.  Describe the various methods available for analyzing data, including log file analysis, shell histories, recovering files, and file lists.
4.  Explain the different ways of gathering digital evidence on Windows, Linux, and oher operating systems.
5.  Understand how to perform static and dynamic analysis on a hacker tool (virus, worm, etc.).
6.  Know what tools to use to gather digital evidence from a suspicious program.
7.  Know what tools to use to gather digital evidence on a computer network.
8.  Know what information a string search, disassembly, and hexadecimal dump provide about a suspicious program.
9.  Write a forensic report.