|
Overview:
Covers theory of forensic procedures, review of identification, imaging, and authentication, review of FAT file system, NTFS (Windows), EXT3 (Linux), and HFS Plus (Mac) file systems, partitioning, Windows registry, introduction to mobile device forensics, introduction to SSD forensics, and ethics in digital investigations.
If this is the first time reading this page make sure you read the ENTIRE page first! Then you can jump into the downloads below.
Prerequisite:
CET4860 Introduction to Digital Forensics Download links:
Additional Resources
BSIT CurriculumHere's the new curriculum (2021) for our BS in IT degree. Attendance:There is no physical classroom for this course. To check attendance you are to complete the Syllabus quiz by the assigned due date. Please read the syllabus prior to taking the quiz. If you fail to complete the quiz prior to the indicated due date you will be counted as "not attending," which may affect any financial aid you may be receiving. This course is taught at Daytona State College as part of the Engineering Technology program. |
How My Classes Work
Lectures are provided via recorded video lectures that you play through your browser.
I STRONGLY SUGGEST that you run the video and follow what I’m doing on screen. That is, duplicate what I do, or duplicate what is done on the videos that come with the textbook The ONLY way to learn is by DOING. You can follow along with what I’m doing in order to help you understand the concepts, and to provide you with some confidence that this stuff isn’t magic. Pause the video, duplicate what I’ve done, and repeat.
How are you going to run Linux if you only have one computer running Windows? Good question Grasshopper. As a student you have access to a free copy of VMWare Workstation. Workstation is a virtualization technology that allows you to run multiple operating systems on a computer, just as if you had multiple physical systems. Cool!
You are expected to install Workstation and a Linux distribution within Workstation. It's not rocket science, but it does require some work!
Course LecturesClick here to view All Course Lectures
Course lectures are usually 10-30 minutes long, and are in MP4 format. More information is available or individual lectures in the link above.
I suggest you save each lecture to your hard drive so you may access it anytime. Pause when you need to. Replay when you need to. Have you ever tried doing that in a 'live' class? Maybe a couple of times, but now YOU are in control.
Also, an analogy: I bought Tiger Woods' book on golf. Read the whole thing cover to cover. Now I can play golf just like Tiger. Nope. Have to practice, again and again and again. Same thing goes for this class. Can't learn by just watching a lecture. You MUST practice, as much as possible. I highly suggest that while watching the video you have your Linux virtual machine running. Pause the video when I run a command. Run the command, see what it does. Start the video, and repeat.
You may ask: "Why are your videos so much shorter than a regular class?" Have you ever seen a recording of a regular class? Most of it is 'dead space,' nothing being said, idle chit chat, etc. My lectures are intentionally 'dense' with material. Take a 1.5 hour lecture, remove extraneous information, pauses, chit chat, dead space, and voila -- a condensed version that is 10-30 minutes. The 'Cliff Notes' of lectures (you young people may have to Google that).
It takes more time to edit my videos than record them. The condensed version allows you use YOUR time more wisely. There's no sense in doing it any other way. You're welcome. :)
Learning Outcomes:1. Students will be able to demonstrate how to use 'dd' to image a physical device, and verify the forensic image using several one-way cryptographic hashes (md5sum, sha1sum). 2. Students will be able to identify system structures as they relate to the NTFS file system, including the MFT and its components. 3. Students will be able to identify system structures as they relate to the EXT (Linux) file system, including its components and architecture. 4. Students will be able to identify system structures as they relate to the HFS Plus (Mac) file system, including its components and architecture. 5. Students will be able to identify various file system and media concepts, including allocated vs unallocated space, slack space, sectors vs. clusters, and partitioning schemes. 6. Students will be able to identify components of the Windows registry as well as the various hives comprising it. 7. Students will be able to identify various mobile device operating systems, their components, and be able to identify forensic issues with each. 8. Students will be able to identify storage mechanisms on solid state drives, and issues associated with the forensic investigations of these drives. |
Textbook
File System Forensic Analysis [Paperback], Brian Carrier Paperback: 600 pages Publisher: Addison-Wesley Professional; 1 edition (March 27, 2005) Language: English ISBN-10: 0321268172 This is a great book, very highly rated. Only one edition, but you might be able to get it used.
Major Topics Covered in This Course
Certificate in Cybersecurity and Cyberforensics
If you are in the BSIT program then this is a great opportunity for you to earn the new Cybersecurity and Cyberforensics certiciate. Here's the link that explains more.
http://cybercertificate.pbworks.com
|